"You don’t know what and how it’s going to happen, but you can practice, brainstorm, calculate and prepare so it becomes your muscle memory of how to behave in a crisis situation," Dmytro Kuleba said, describing what he called the essential habits of cybersecurity professionals.
Dmytro Kuleba’s central claim: preparation, resilience and self-reliance
Speaking at Infosecurity Europe, Dmytro Kuleba — who served as Ukraine’s Minister of Foreign Affairs from 2020 to 2024 — distilled wartime cyber lessons into three words: preparation, resilience and self-reliance. He framed those traits as practical, trainable behaviours: strategic planning and rehearsal to build instincts for crisis response, and an insistence that organisations and citizens reduce dependency on potentially hostile vendors.
KyivStar outage, December 2023: an incident-response drill in reality
Kuleba cited a specific operational example: the "massive outage at telco KyivStar, which was swiftly remediated by the company after Russian hackers struck in December 2023." He used the episode to underline the point that exercises and plans are not recipes to be followed exactly but rehearsals that create reflexes. In his recount, advance planning meant his ministry could act without delay when the actual invasion arrived: servers were evacuated abroad, and although "almost everything else we did differently [to the planned scenario] under the pressure, of circumstances," the prior planning ensured no time was wasted deciding what was possible.
CRM software and the weaponization of innocuous services
Kuleba described how Ukrainian officials and their families were profiled through hacks of CRM systems at everyday businesses — "nail bars, gyms and barbers" — and cautioned that such innocuous software can be weaponized. He said the CRM software in question is usually Russian, supplied over years through "lucrative offers" to Ukrainian businesses, and noted that "although it’s unclear whether this aided Russia-alligned hackers, there are lessons to be learned." His blunt takeaway: "Do not trust the products made by your potential enemy. In principle, self-reliance becomes the driving force."
How incident responders, small businesses, and policymakers should react
- Incident responders and security teams: Focus on regular, realistic wargaming and playbooks that build "muscle memory" for crisis response. Kuleba's account of rapid server evacuation and immediate action after the KyivStar outage illustrates the value of rehearsed decision-making even when plans must be improvised.
- Small businesses and procurement leaders: Treat basic customer-relationship software and check-in systems as part of the attack surface. Kuleba argued that "even the smallest business will have to invest in cybersecurity" because CRMs and similar tools can be leveraged to profile and target individuals.
- Policymakers and regulators: Expect pressure to reassess software provenance and supplier risk. Kuleba flagged a pattern of Russian-sourced CRM tools offered through "lucrative offers," and urged a move toward greater self-reliance to reduce potential exploitation.
Resilience as continuous repair, not a one-off recovery
Kuleba closed with a definition of resilience tied to endurance: "Resilience is not about being prepared to repair the disruption. Resilience is your ability to keep repairing the wrecks as destruction becomes the new normal." He framed this as both an operational posture and a moral stance: "Giving up — whether you’re fighting a cyber-attack or a thug on the street or a nation that tries to destroy you — does not bring relief. It does not bring the end to your suffering. It only multiplies it." For Kuleba, the recent survival of what he called Ukrainians' "worst winter in modern history" was proof that a forward-leaning, prepared population can move from defense to initiative.
The account presented at Infosecurity Europe offers a compact, experience-driven playbook: rehearse for the worst, know your environment well enough to improvise under pressure, and reduce dependence on suppliers that may be linked to adversarial actors. Those principles — grounded in concrete episodes like the December 2023 KyivStar outage and the targeting of CRM systems at everyday businesses — form the backbone of the former minister's prescription for enduring cyber conflict.
