Situation
Alongside the land invasion in 2022, Russia unleashed an enormous cyberattack on Ukrtelecom infrastructure. Such was its scale that service had to be restricted to non-critical customers for up to 18 hours. The attack was repelled thanks to the expertise of Ukrtelecom’s team and careful preparations put in place earlier. However, the threat remains. Russian cyber forces continue to launch up to ten attacks a week on Ukrainian infrastructure.
This war has been one of the first truly hybrid conflicts, with physical and cyber threats intertwined. The cyberattacks now range from rudimentary to highly sophisticated, with a noticeable increase in their intensity. Before the war, Ukrtelecom had never faced certain types of attacks, DDoS ones being extremely rare. Currently, cyberattacks often happen in waves, peaking around significant dates related to both Ukrainian and international events and notably intensifying on national holidays.
Ukrtelecom’s Security Operations Centre has a team that uses cybersecurity mechanisms to identify anomalies and events within the existing infrastructure. The more refined the information security processes, the quicker the team can address the consequences of a breach and prevent the spread and escalation of a cyberattack.
Throughout these cyberattacks, Ukrtelecom has maintained ongoing support for its users, ensuring service continuity. This has involved specific changes to the service delivery model, as well as a fundamental shift in the technological approach to redundancy. It is a balancing act that the team has had to learn fast.
Ensuring support for subscribers has included completely restructuring the call centres and customer service operations, as well as the work schedule of operators, to ensure that services can be delivered instantaneously, regardless of external circumstances. Alongside some technological adjustments and upgrades to processes, changes in operational processes have enabled the company to support users under any circumstances.
With the support of external partners and vendors, Ukrtelecom has rebuilt and reconfigured the cyber perimeter and protection logic to ensuring service continuity. This has included thoroughly overhauling its incident response mechanisms, incident control and event tracking systems.
While detecting and stopping an attack is one challenge, being able to immediately recover is another. By having a comprehensive strategy, a company can return to its normal state, as it was before the cyberattack.
This is a level of technological resilience beyond anything that most telecommunications operators have to develop. As cyberattacks are not restricted by geography, Ukrtelecom has learnt lessons that are applicable across the world. After all, every business is potentially vulnerable.
Human Resilience
Alongside the technological nature of repelling cyberattacks comes the human side of maintaining a team and workforce throughout an international conflict that affects everyone. Relatively speaking, the technological aspect is straightforward: there is a physical or technological gap to bridge, or a specific cybersecurity event to respond to. However, the human element is equally important.
Restructuring the call centre operations involved relocating operations as the first step. Customer support was adapted to avoid the need for physical presence at our facilities. This meant personnel were able to adapt to circumstances affecting them, while maintaining an important part of the business and keeping Ukraine’s telecoms up and running.
The Ukrtelecom team has managed to overcome these challenges and even continue some projects started before the war, as well as launch new business streams. The remarkable resilience of the workforce even extends into the future. Service recovery in de-occupied areas is seen as a crucial direction for operations. The company plans to build state-of-the-art networks using the best technology available. This enables the renewal of services to serve as a launchpad for revitalising communities devastated by conflict.
Despite the war, Ukrtelecom remains focused on the future. It continues to expand its network by building thousands of kilometres of fibre-optic cable each year. In 2024 alone, nearly 7,000 kilometres were installed, enabling over 3 million households to access modern digital services.
