Formally a brigadier general, Oleksandr Potiy is today tasked with guarding Ukraine on the civilian side — far from the battlefield but right at the front line of Russia’s cyber war.
Potiy is in camo fatigues when he addresses the crowd of IT workers and foreign investors for the keynote address at the Kyiv International Cyber Resilience Forum that took place on March 11-12.
“Our priority is a departure from the traditional schema of a KSZI,” Potiy tells the Kyiv Independent in an interview on the conference’s sidelines, referring to a Soviet acronym for information defense that had a reputation of being corrupt. “We totally changed the approach.”
In December, Potiy took charge of Derzhspetszvyazku, or the State Service of Special Communications. The agency guards the Ukrainian government’s digital infrastructure.
It’s a job that’s grown massively in the four years since Potiy first joined the agency, which now has a headcount of 1,300. Russia has long been a breeding ground for some of the most aggressive hackers in the world. As an overture to the February 2022 full-scale invasion of Ukraine, those hackers launched a salvo of cyber attacks at Ukraine, one that continues to the present day.
Despite systems — including massive telecomms networks — going down periodically, Ukraine has remained remarkably steadfast in the face of this assault.
The agency monitors and tracks upwards of 3,000 attacks each year on the Ukrainian civil government alone — not including the military, whose digital security falls to the Defense Ministry and intelligence agencies. The most recent report for the first half of 2024 counts among major threats a DDoS gang going by “From Russia with Love” and another cyber gang based in Russian-occupied Luhansk who “factually are traitors,” per the report.
Those are in addition to hacking groups long associated with Russian intelligence and General Staff like Sandworm and Armageddon.
Attacks have included a spear-phishing campaign that used QR codes to short-circuit Signal — increasingly a go-to messenger for Ukrainians seeking security away from Russian-originated Telegram — and link hostile devices that government officials are unaware are reading their classified or private comms.
The aggregate figure of the most recent report notes a significant increase in the total number of attacks but a merciful decline in those defined as “critical” from 31 to 3.
Nonetheless, Ukraine needs a new training and certification scheme, Potiy said, ambitiously aiming at fostering a new generation of cyber security specialists, “tens of thousands if not more,” with solid jobs within Ukraine. It is one of his core ambitions for his first year in charge of the agency.
“We have educational institutions that turn out cybersecurity specialists who could provide services,” Potiy continued. “But there’s no job market.”
Aside from a simple mass of professional cybersecurers, Potiy aims to distribute the authorities — decentralization, in other words. Centralization is one of the cardinal sins of cybersecurity, one that was likely responsible for a collapse in government data that rattled Ukraine in December.
The agency is taking as a model for a new regional network of cyber offices the European Union’s National Coordination Centers.
An overarching goal of the Ukrainian government is the “harmonization” of its practices with EU law — preparation for eventually joining the union. At the conference, the agency signed a memorandum of understanding with a number of European counter-parties, entailing some fairly vague concepts of cooperation.
Part of what that translates to in practice is data-sharing from the agency to the West on the cyberattacks they face, Potiy explains.
“We have obtained unique experience, which today can prove useful to partners from around the world,” Potiy told the crowd at the conference’s opening.
The Ukrainian cyber dataset is potentially extremely valuable for Western cybersecurity agencies, as many of the attacks Russian hackers are launching against Ukraine today are easy enough to replicate on Western systems tomorrow.
Speaking on what turned into the last day of frozen U.S. weapons aid and intel sharing with Ukraine, Potiy noted that the agency had not stopped providing its network of data to analogous Western cyber agencies, including the American CISA.
“We have a very tight relationship with our American partners and friends,” Potiy said. “We, as competent technical professionals, are still working with them like we worked before.”
In addition to its cyber duties, by an odd set of circumstances at the war’s outset, the agency ended up holding the purse strings for Ukraine’s drone purchases. It retains, today, a budget of Hr 65 billion — just over $1.5 billion.
Potiy’s own ascension in December was part of a scandal in which anti-corruption activists raised alarms that the new office would stop publishing information on those drone purchases, including cost and quantity, on Ukraine’s public platform for government acquisitions, Prozorro.
“Everything’s done in accordance with the legislation of Ukraine, including acquisitions going through Prozorro,” said Potiy. When asked if that was going to change, Potiy answered, “It’s established procedure.”
Olena Goncharova
