The state is reforming cyber defense after a large-scale hack. The State Special Communications Service will receive new powers — and this service is being criticized again. Babel explains the essence of the reform

The state cyber defense reform hit the news in December 2024 — January 2025, after Russia conducted a large-scale and effective attack on the registers of the Ministry of Justice. The Ministry of Justice audited the state enterprise responsible for the registers and dismissed its head. The next step was the Verkhovna Rada adopting a draft law No. 11290 — this happened last Thursday, March 27. After the President signs it, Ukraine should have a unified system for responding to cyber attacks and cyber threats, and each department will have cybersecurity managers at critical infrastructure facilities. Their candidacies will be approved by the State Special Communications Service. The new law was criticized by former Deputy Minister of Defense Vitaliy Deyneha for giving the State Special Communications Service new powers and "may hinder the digitalization of the army". Babel read the new law and asked its author Oleksandr Fedienko to respond to criticism.

The reform of the state cyber defense system was not approved by the MPs the first time.

In 2024, the draft law was sent for a second reading, and in mid-March 2025, for a second reading. After all, the document was amended and finally approved on Thursday last week. 240 MPs voted in favor, the majority from the “Servant of the People” party.

The authors of the draft law say that the cyber defense reform is one of the conditions of the Ukraine Facility Plan. This is an EU program under which Ukraine receives €50 billion in financial assistance in exchange for reforms. The state cyber defense reform is indeed included in this program and, according to the plan, should be approved in the first quarter of 2025. The European Union requires Ukraine to join the common NIS2 directive. It provides that the EU has a single legal system for cybersecurity for key sectors, and each EU member state has national cybersecurity strategies and cooperates with others to jointly respond to cyber attacks.

Both the EU and the State Service for Special Communications and Information Protection of Ukraine say that cyber defense reform is needed because the Russians are increasing the number of cyber attacks on Ukrainian infrastructure. The State Service for Special Communications and Information Protection has a special team — CERT-UA — that investigates such attacks and must respond to them promptly. It reports that in 2024 the number of cyber incidents increased by 70 percent.

The main goal of the reform is to create a unified system of information exchange about cyberattacks and cyberthreats in Ukraine and a unified system of response to them.

It will include CERT-UA, sectoral and regional response teams, the National Police, and the Security Service of Ukraine (SBU), which will have their own powers. It is also planned to involve private response teams. They will be coordinated by a center within the National Security and Defense Council of Ukraine (NSDC).

Earlier, the document was criticized for the fact that the authorities allegedly plan to classify information about cyberattacks. In the first reading, the authors of the draft law did indeed stipulate that access to information about cyberattacks and cyberincidents would be restricted. But by the second reading, this provision was removed — now only information about the nature and technical characteristics of the cyberattack will be restricted. One of the authors of the law, the MP Oleksandr Fedienko, comments that the information is not being hidden, but rather, it is being obliged to be disclosed.

The State Service for Special Communications receives the most attention for its new powers.

The bill does indeed define this agency as one of the main ones in the new cyber defense system. The State Service for Special Communications will define cybersecurity standards and verify their compliance, search for vulnerabilities, and coordinate information exchange between agencies.

Cyber defense units should be created in state authorities and their heads should be appointed. Here again, the State Security Service appears — people will be appointed to these positions only after the SBU checks and the State Security Serviceʼs approval. Thus, the agency will have influence on the appointment of people in other state structures.

The strengthening of the influence of the State Special Communications Service is criticized by former Deputy Minister of Defense for Digitalization Vitaliy Deyneha — according to his assessment, the powers of this service will extend to the Ministry of Defense and the Armed Forces of Ukraine.

After his resignation, Vitaliy Deyneha regularly writes about the State Special Communications Service and accuses its leaders of corruption. The State Special Communications Service was indeed involved in a corruption scandal at the end of 2023, and its then-head Yuriy Shchyhol was suspected of embezzling 60 million hryvnias. Also in October 2024, the publication Hromadske published an investigation in which it accused the State Special Communications Service of losing 600 million hryvnias on the purchase of drones by this agency.

This time, Vitaliy Deyneha writes that the bill strengthens the "influence of corrupt grandfathers" from the State Special Communications Service on the Ministry of Defense and the military. For example, it will oblige everyone to use special (expensive and outdated) equipment to work with information with limited access. According to him, this will prevent the digitalization of the Armed Forces of Ukraine.

Babel asked to respond to criticism from one of the authors of the law, the MP Oleksandr Fedienko.

• Will the State Service for Special Communications approve cyber specialists for the Ministry of Defense and the Armed Forces under the new law?

Oleksandr Fedienko says no. The service will approve cyber specialists for all, except for the so-called main subjects. The new law contains a list of such subjects — the National Police, the Security Service of Ukraine and intelligence agencies, the Ministry of Defense and the General Staff of the Armed Forces of Ukraine, the National Bank and the Ministry of Foreign Affairs. That is, the State Service for Special Communications does not approve cyber specialists for them.

• Will the Ministry of Defense and the Armed Forces of Ukraine be required to use special equipment to work with restricted information?

Oleksandr Fedienko explains that there are nuances here. He says that under the new law, special equipment must indeed be used, but for state secrets, and this norm existed before. At the same time, state secrets are only one of the types of restricted information (state secrets are regulated by a separate law). In general, restricted information is divided into secret, confidential, and official. The type of information is determined by specialists from the Ministry of Defense.

According to Babelʼs sources in the military, currently only special protected equipment is used at the front by special units — the so-called secretaries. Such units receive, process and forward information that constitutes a state secret. Usually, these units work in separate rooms, which cannot be entered without special permission. At the same time, military personnel in headquarters often work with information with limited access on regular computers. The main threat for them is the hacking of personal pages on social networks.