The Ukraine crisis and cyberwarfare: why the war has already begun


Cyberspace is the new battlefield, and General John Allen, former Nato commander in Afghanistan, says a digital offensive is already under way. Protecting data means guaranteeing the security of citizens, infrastructures and institutions. The role of Leonardo with a comment from Aldo Sebastiani, SVP Cyber Security & Digital Competence Center.

Ukraine has already been under attack for months in the cybernetic and information domain”. This is how General John Allen, former NATO commander in Afghanistan and President of the think tank Brookings Institution, describes the situation in Ukraine. It’s not a matter of predicting whether, or when, a conventional military attack will take place, but a matter of understanding the extent and the implications of a “hybrid” war that has been under way for some time, as the authorities in Kiev report. According to the Ukrainian government, there is proof that a cyberattack against ministerial web sites took place on the night between January 13 and 14, 2022. As early as December 2015, Ukraine suffered an attack that cut off the electric power to over 230,000 residents of the Ivano-Frankivsk region for at least six hours. In view of the current tension, it appears very likely that we will see further cyberattacks of significant entity in the near future, targeting not only the United States and Russia, but their allies as well, as stated in Leonardo’s most recent Cyber Threats Snapshot Report.



Hybrid warfare, between physical and cyber threats

But what do we mean by “hybrid warfare”? The concept goes beyond the purely military and kinetic domain, combining it with manipulation of information, economic and cyber warfare. In addition to land, air, sea and space, there is now a fifth dimension of security: cyber security. This is why in June of last year NATO stated that a cyber attack against a member state could trigger article 5 of the Atlantic Pact, the collective defence clause. Modern warfare has become asymmetrical and not easily identifiable, with a new set of threats for which it is difficult, if not impossible, to attribute precise responsibility. Those who stand to gain from these actions on the geopolitical arena are players, both governmental and non-governmental, who wish to overturn the international order, regardless of their size and military capacity.

“In addition to phishing and malware,” comments Aldo Sebastiani, SVP Cyber Security & Digital Competence Center of Leonardo – “we have DDoS (Distributed Denial of Service) attacks, which shut down IT infrastructures by flooding them with requests, actions which may be combined to create an APT, or Advanced Persistent Threat: a threat from adversaries with significant economical and technological resources”. The risk is that strategic and sensitive information may be obtained through the presence on the targeted infrastructure. Hostile actions may be perpetrated by a variety of different players: criminal organisations, intelligence agencies, governments, or hacktivists: communities of cyber activists. Their objective is to violate information systems for a great variety of purposes, from sabotage to economic gain, damage to structures of vital importance to a country, or even threats to nationals’ safety.



This is a global problem whose confines we do not even know yet, and which is aggravated by the fact that there is still no international regulatory framework governing this area. “What is particularly worrying,” continues Sebastiani, “are the potential effects of cyber-physical attacks on citizens’ security. These are attacks that target the control systems of civil and military infrastructure, such as SCADA, IoT, or OT, which in the past did not yet consider requirements against cyber threats”. Just think of how shutting down an information system could paralyse a hospital, or of what happened a year ago in Florida, when an attempted attack aimed to poison the water reservoirs of an essential civil infrastructure, the water supply system, endangering thousands of people.


Leonardo: technology and know-how for responding to the global challenge

In this scenario, Leonardo works to ensure the cyber security of public and private entities providing essential community services: public administration, defence, critical national infrastructures and strategic industries. Innovative solutions and technologies fighting increasingly pervasive, organised and multi-domain cyber threats of all kinds. The company adopts a systematic approach, providing cyber security expertise to effectively respond to the most sophisticated attacks, offering maximum support during all phases of analysing, understanding and intervening on the threat scenario.

In this context, a crucial role is played by Threat Intelligence - based on platforms making use of technologies such as Big Data, Artificial Intelligence and the Cloud - allowing the monitoring, identification and analysis of cyber threats and providing support for decision-making to minimise the impact of any attacks. Ongoing monitoring, adequate analysis and incident resolution are additional key factors, achieved through the services of the Security Operation Centre (Leonardo’s SOC in Chieti monitors about 90,000 security events per second and responds to over 1,500 alarms per day). A constant cyber training and testing of the cyber resilience of physical and virtual apparatuses is essential. For this reason Leonardo developed dedicated platforms – Cyber Range and Cyber Trainer - making use of virtualisation and simulation technologies to create digital twins of real systems and infrastructure.



security events handled per second by the Global Security Operation Centre (SOC)


compromise indicators monitored each year by the Global Security Operation Centre (SOC)


cyber security incidents per year handled by the Global Security Operation Centre (SOC)


personalised intelligence reports handled every day by the Global Security Operation Centre (SOC)

Investments in technologies, infrastructures and know-how enable Leonardo to oversee all the technologies necessary for the security of Italy and make the company the industrial partner of choice to guarantee the security of digital ecosystems and the resilience of strategic assets, contributing also to the achievement of European technological sovereignty. Leonardo is a world leader in the protection of critical infrastructure, with outstanding knowledge of hybrid and multiform threats, developed thanks to its experience in the protection of its own technological know-how and the management of the cyber security of over 5,000 networks and 70,000 users in 130 countries in the most strategic domains.

Leonardo worked with the “NCIA” (NATO Communication and Information Agency) on the biggest Cyber Security project ever awarded outside of the United States, protecting the information and communications security of about 75 sites, including NATO’s headquarters, in 29 countries all over the world. Leonardo is also designing and building the new Cyber-Security Operations Centre (C-SOC) of ESA, which will be protecting European space resources beginning in 2024.