Ukraine's Cybersecurity Overhaul: New Laws Follow Justice Ministry Hack

Ukraine's Cybersecurity Response to a Major Attack

According to Главком: A major cyberattack targeting the registries of Ukraine's Ministry of Justice on December 19, 2024, has prompted a nationwide strengthening of state information system defenses. This new security model was enabled by Law No. 4336-IX, signed by President Volodymyr Zelenskyy on April 17, 2025. The law mandates the creation of a national system for responding to cyber incidents, attacks, and threats, and introduces dedicated cybersecurity specialist positions within government bodies and critical infrastructure entities. This legislative push is part of Ukraine's ongoing effort to harden its digital infrastructure against persistent threats.

The 2024 attack was designed to create a zone of turbulence within the country. The Ministry of Justice registries were restored on January 20, 2025, using backup copies stored in the National Center for Reserve State Information Resources. Dmytro Pakholchenko, a government representative, stated that the situation with the Ministry of Justice and the State Enterprise 'NAIS' is now a concluded chapter, with all necessary conclusions drawn and corresponding measures implemented.

New Requirements and Strategic Plans

Under the new law, state bodies and critical infrastructure facilities must conduct regular cyber hygiene exercises, planning them at least once a year or following the onboarding of new personnel. In 2025, the CERT-UA team processed approximately 6,000 cyber incidents, which is 70% less than in 2022 when about 2,500 incidents were recorded. Andrii Golovenko, a cybersecurity expert, emphasized that 80% of all successful cyberattacks occur due to the human factor, highlighting the critical importance of adhering to cyber hygiene rules.

The State Service of Special Communications and Information Protection plans to establish regional cybersecurity centers in every major region. As of now, two regional centers are operating in Ukraine in pilot mode. These centers are designed to have three core components:

• A regional cyber incident response team,
• A software unit for real-time monitoring of cyber events,
• A training component for specialist education.

According to Dmytro Pakholchenko, the adversary is currently focusing its efforts on security and defense sector systems, as well as regional databases. This indicates growing threats at the local level, including local self-government bodies and veteran databases. Andrii Golovenko noted that the cryptographic information protection system has a clear list of basic protective measures, which helps to minimize threats.

The approximate deadline for the state verification of the new protection mechanisms is scheduled for May 2026. The Ukrainian government must continue its work on strengthening cybersecurity, taking into account modern challenges and threats. This situation underscores the vital importance of cybersecurity in the context of ongoing conflict and geopolitical tensions, marking a significant step toward ensuring national stability and security through a systematic approach to protecting state information systems.

As Ukraine bolsters its cybersecurity framework, it also emphasizes the importance of international collaboration. The recent sharing of defense strategies at the InCYBER Forum highlights the country's commitment to strengthening partnerships and enhancing its resilience against cyber threats. This approach not only addresses internal vulnerabilities but also positions Ukraine as a key player on the global cybersecurity stage.