Effective Cyber Drills Must Mirror the Realities of The Battlefield

Over the past 15 years, cyberattacks have escalated dramatically.

What began as isolated data breaches has evolved into sophisticated operations targeting critical infrastructure and serving intelligence-gathering objectives.

The turning point came in April 2007, when Estonia faced a coordinated series of DDoS attacks, which disrupted government websites, online banking services, and communication networks altogether.

Since then, cyberattacks have been recognized as strategic threats capable of undermining national stability. Yet, their scale and impact continue to grow at a rate that outpaces expectations.

In the third quarter of 2024, cyberattacks worldwide surged by 75% compared to the same period in 2023. This amounts to ~1876 cyberattacks per organization, with the most targeted entities being educational, research, government, and military institutions. Expectedly, these attacks often result in the shutdown of essential services and pose risks to public safety and well-being.

In commerce, the primary goal of cyberattacks is financial gain. Nearly half of affected organizations report financial losses exceeding $500,000 per incident. However, when critical infrastructure and military operations are targeted, the stakes shift dramatically.

The cost is ultimately human lives.

Back in 2007, in a controlled experiment, the Idaho National Laboratory performed a cyber intrusion that caused a 2.25 MW diesel generator to torque abnormally and stop operations. Just three years later, the U.S. and Israel – reportedly – deployed the Stuxnet virus into Iran’s nuclear plant systems. The malware caused multiple centrifuges in the facility to operate in a way that reduced their lifespan. It doesn’t take a genius to see the consequences if the goal had been more cold-blooded.

Today, cyber warfare is directed at satellite communications, rocket guidance systems, and interconnected multi-domain operations. Its reach extends to all kinds of hardware, where its destruction can trigger widespread panic or catastrophic disruption within a nation under attack.

In Ukraine, Russian forces consistently use cyberattacks to pave the way for missile and UAV strikes, a situation the Ministry of Energy recognizes as the new normal. They target power plants, communication networks, and other critical systems.

In one such incident in December 2024, a successful strike on Ukraine’s state registries disrupted their operation for several weeks. The immediate missile attack afterward resulted in one fatality and nine injuries, not to mention power outages.

Just a couple of years ago, such scenarios were hypothetical exercises discussed at cybersecurity conferences. Today, they are an everyday reality for all Ukrainians.

When cyberattacks are tightly coordinated with kinetic warfare, they require precision timing to achieve strategic objectives. Defense systems must respond instantly: each cybersecurity team member is expected to understand their role and act decisively to counter or mitigate the effects of an attack as quickly as possible.

Today, cybersecurity teams in Ukraine enhance their effectiveness in withstanding strikes effectively through rigorous training. Their prime objectives include:

• reducing incident response time
• minimizing service restoration time
• shortening investigation and attack attribution periods
• accelerating deterrence efforts
• and limiting the damage inflicted.

To learn how to act specifically in high-stakes situations, cybersecurity teams take part in drills that emulate real-world attacks.

The focus in such emulations is response speed. When time is critical, people rely on instincts rather than deliberate reasoning, much like when a driver reacts instantly to avoid a crash. This means effective deterrence of cyberattacks requires automation and instant execution of necessary decisions and actions that can only be achieved during emulations.

In Ukraine, specific approaches have been designed to engage military personnel in deep-dive, realistic attack scenarios. Emulations replicate tactics used by Russian state-sponsored threat actors that have been engaged in cyber espionage and cyber sabotage since at least 2013.

Regular participation in threat emulations has already proven to enhance teams’ ability to cope with stress and improve incident response capabilities.

The number and frequency of cyber incidents reveal that no country is immune to state-sponsored cyber aggression.

In November 2024, the UK’s Defence Minister warned NATO that adversaries, including Russia, are already leveraging AI to enhance their cyberattack capabilities and disrupt the UK’s power grid. On New Year’s Eve, the pro-Russian NoNaMe collective struck the websites of several French cities in retaliation for Ukraine’s support. Around the same time, China-backed hackers breached US Treasury workstations.

Such attacks are designed to destabilize societies by targeting critical infrastructure, spreading panic, and leaving nations more vulnerable to subsequent strikes.

Rather than waiting to learn from their own costly mistakes, countries and businesses prefer to benefit from the hard-earned lessons of others. Through cross-border partnerships and jointly developed cyber drills, such as the US-Ukraine TRYZUB, cybersecurity teams can gain war-tested experience without being thrown into the eye of the storm.

The ultimate goal in cyber warfare is to reach a point where deflecting cyberattacks becomes second nature and where teams act with the same speed and precision as soldiers on a battlefield who rely on instinct and muscle memory to counter threats under pressure.

By building alliances and training relentlessly, we can create a united front capable of withstanding even the most sophisticated attacks and ensure our critical infrastructure, public safety, and way of life are protected from anyone who seeks to undermine them.

About the Author

Dr. Oleksii Baranovskyi is a distinguished figure in the field of Ukrainian Cybersecurity.

Oleksii is an accredited instructor for prestigious organizations like (ISC)², ISACA, and EC-Council. His contributions to cybersecurity education have been honoured with international awards, underpinning his role as a global educator by EC-Council Instructor (CEI) Circle of Excellence Award in 2022 and the ISACA Educational Excellence Award in 2024.

Oleksii is known for his dedication to public service in cybersecurity with trainings and educational programs, for which he has been commended with national honours acknowledged with the National Security Council order “Defender of Ukraine” in 2020 and medal of honour by State Service of Special Communication and Information Protection of Ukraine (SSSCIP) for his impact of creating and development of cyberpolice and national cybersecurity capabilities. as well as recognitions by OSCE, USAID, the National Bank of Ukraine and the National Police.

Oleksii serves as forensic investigator, penetration tester and application security expert in professional companies.

Dr. Oleksii Baranovskyi can be reached online at [email protected] or LinkedIn.