Cybersecurity specialists face continual challenges in protecting organizations and societies from ever‐evolving cyberattacks. These challenges intensify dramatically in the context of war, yet our understanding of cyberattacks during wartime is limited. This is in part because it is difficult to gather information about cyberattacks and cybersecurity in highly tense wartime environments. Against this backdrop, we present evidence from a unique case study that examines cyberattacks and cybersecurity issues in the context of the Russian‐Ukraine war. Compared with peacetime, the nature of cyberattacks in wartime both intensifies and expands. During armed conflict, nation‐state funded cyberattacks are typically better financed, more prolonged, and have concrete aims, including to disrupt military operations, sabotage infrastructure, spark civil unrest, and spread disinformation. Countries at war experience extreme pressures due to resource scarcity, poverty, and societal conflicts, all of which make it difficult to effectively manage cyberattack threats and experiences. Based on interviews with public authority representatives in Ukraine, our study found four main challenges to managing cyberattacks during wartime. First, limited financial resources were a major hindrance. Decision‐makers said that they were forced to set tough economic priorities and to oscillate between allocating resources to physical assets (e.g., conventional military operations and rebuilding infrastructure devasted by bombing) and to cybersecurity. In such situations, cybersecurity came in second to more immediate wartime needs; this complicated sufficient investment in IT infrastructure, cyber‐awareness training, and implementing response plans. Second, the country faced serious recruitment difficulties. Attracting IT and cyber personnel has been hard—and sometimes impossible—as the war forced people to leave the country or parts of it, and many IT professionals left the field to become soldiers. Further, salary disparities between the public and private sectors, as well as regional differences, thwarted recruitment efforts in certain areas of the country. Inappropriate human behaviors, such as clicking insecure links, poor password practices, and using risky apps, always pose significant cyberattack risks. War magnifies these challenges due to lack of training, as well as to increased financial incentives for employees to compromise security. Unclear cybersecurity guidelines added an extra layer of complexity in managing cyberattacks. Public authority representatives at the local level said that they lacked the clear, actionable guidelines they needed for cyberattack management in a wartime situation plagued by resource scarcity. These four challenges are not unique to wartime situations; all are recognized in the cybersecurity literature covering routine IT contexts. However, our study illustrates how these four cyberattack challenges are magnified, entail critical dilemmas, and are more difficult to manage during wartime, not least because prioritizing cybersecurity is a challenge in itself. Hence, while Ukraine had upgraded its digital government capacities before the war, and government actors have attempted to continue managing ongoing cyberattack challenges—including adapting legislation and providing cyber‐awareness training for public servants to decrease inappropriate human behaviors—effectively managing cyberattack threats has remained extremely difficult. Our article contributes new insights into the challenges of managing cyberattacks in extreme situations. We showcase the challenges and dilemmas in wartime and offer practice‐based knowledge on cyberattacks and cybersecurity efforts in highly tense environments.

中文翻译：

---

战时管理网络攻击：乌克兰的案例


网络安全专家在保护组织和社会免受不断发展的网络攻击方面面临着持续的挑战。这些挑战在战争背景下急剧加剧，但我们对战时网络攻击的理解是有限的。部分原因是在高度紧张的战时环境中，很难收集有关网络攻击和网络安全的信息。在此背景下，我们提供了一个独特案例研究的证据，该案例研究研究了俄乌战争背景下的网络攻击和网络安全问题。与和平时期相比，战时网络攻击的性质既加强又扩大。在武装冲突期间，民族国家资助的网络攻击通常资金更充足、持续时间更长，并且具有具体的目标，包括破坏军事行动、破坏基础设施、引发内乱和传播虚假信息。由于资源稀缺、贫困和社会冲突，战争国家承受着极大的压力，所有这些都使有效管理网络攻击威胁和经历变得困难。根据对乌克兰公共机构代表的采访，我们的研究发现了战时管理网络攻击的四个主要挑战。首先，有限的财政资源是一个主要障碍。决策者表示，他们被迫设定艰难的经济优先事项，并在将资源分配给有形资产（例如常规军事行动和重建被轰炸摧毁的基础设施）和网络安全之间摇摆不定。在这种情况下，网络安全排在更紧迫的战时需求之后;这使得对 IT 基础设施、网络意识培训和实施响应计划的足够投资变得复杂。 其次，该国面临严重的招聘困难。吸引 IT 和网络人员一直很困难，有时甚至是不可能的，因为战争迫使人们离开该国或部分国家，许多 IT 专业人员离开战场成为士兵。此外，公共部门和私营部门之间的工资差距以及地区差异阻碍了该国某些地区的招聘工作。不适当的人类行为，例如点击不安全的链接、不良的密码做法和使用有风险的应用程序，总是会带来重大的网络攻击风险。由于缺乏培训，以及增加对员工损害安全的经济激励，战争放大了这些挑战。不明确的网络安全指南为管理网络攻击增加了额外的复杂性。地方一级的公共机构代表表示，在资源稀缺的战时局势中，他们缺乏网络攻击管理所需的明确、可操作的指导方针。这四个挑战并非战时情况所独有;所有这些都在涵盖常规 IT 环境的网络安全文献中得到认可。然而，我们的研究说明了这四个网络攻击挑战是如何被放大的，带来关键的困境，并且在战时更难管理，尤其是因为优先考虑网络安全本身就是一个挑战。因此，尽管乌克兰在战前已经升级了其数字政府能力，政府行为者也试图继续管理持续的网络攻击挑战，包括调整立法和为公务员提供网络意识培训以减少不当的人类行为，但有效管理网络攻击威胁仍然极其困难。 我们的文章为在极端情况下管理网络攻击的挑战提供了新的见解。我们展示了战时的挑战和困境，并提供有关在高度紧张环境中进行网络攻击和网络安全工作的基于实践的知识。