The IT Army of Ukraine: Structure, Tasking, and Eco-System

Abstract

For several years prior to the Russian invasion on 24 February 2022, the principal idea of creating a cyber volunteer army has been bouncing around in Ukrainian government circles. In part those discussions were in-formed by the success of the Estonian Defence League's Cyber Unit and other efforts around the globe to organize, incorporate, and surge civilian IT volunteers into existing military structures in times of need. In contrast to these well-established and purely defensive cyber volunteering efforts, the IT Army of Ukraine was stood up in an ad-hoc manner without a clearly structured and proven plan. Similarly, the absence of a Ukrainian military cyber command likely also pushed Kiev to think creatively about how to combine its nascent military and intel cyber capabilities with a massive, willing, and global civilian IT community in the defense of the nation. Born out of necessity, the IT Army subsequently evolved into a hybrid construct that is neither civilian nor military, neither public nor private, neither local nor international, and neither lawful nor unlawful. As of this writing, the IT Army consists of two parts: (1) a continuous global call to action that mobilizes anyone willing to participate in coordinated DDoS attacks against designated – primarily civilian - Russian infrastructure targets; and (2) an in-house team likely consisting of Ukrainian defense and intelligence personnel that have been experimenting with and conducting ever more complex cyber operations against specific Russian tar-gets. Both parts of the IT Army are purely offensive in nature and serve to bring willing amateurs (civilians) and dedicated professionals (civilian, military, intel) into one – most likely – hierarchically organizational structure. In addition, the IT Army has also given rise to an eco-system that includes Ukrainian-owned IT companies and individuals located outside of Ukraine, as well as Ukrainians living in Ukraine working for Western companies. This eco-system has been continuously creating new tools, generating know how, identifying new targets, and fulfilling other intelligence support functions to underpin Ukraine’s offensive efforts in cyberspace.

Bereits vor der russischen Invasion der Ukraine war die Grundidee, eine Cyber-Freiwilligenarmee zu schaffen, mehrere Jahre lang ein unterschwelliges Thema in ukrainischen Regierungskreisen. Die Diskussionen sind zu Teilen durch den Erfolg der Cyber-Einheit der Estnischen Verteidigungsliga und anderer Bemühungen weltweit beeinflusst worden. Im Gegensatz zu diesen etablierten und rein defensiven Cyber-Volunteering-Bemühungen wurde die IT-Armee der Ukraine ad hoc und ohne einen klar strukturierten oder bewährten Plan aufgestellt. Dieser CSS Cyberdefense Report bietet eine allererste umfassende Analyse zur Struktur, zu den Aufgaben und zum Ökosystem der IT-Armee.