Within hours of the announcement of a ceasefire in Ukraine that limited conventional attacks on critical infrastructure and military operations in the Black Sea, something interesting happened: a dueling series of cyberattacks. Ukrainian railways were hit by a large-scale cyberattack designed to limit both military and economic transportation (though the attack did not actually disrupt any railway traffic). In Russia, cyberattacks hit a mix of banking apps, mobile payment systems, internet providers, and the oil giant Lukoil.
These tit-for-tat cyber operations highlight a new pattern: how states are increasingly using non-kinetic attacks against critical infrastructure as a coercive strategy to gain a competitive advantage and manage escalation, even during a war. Covert or anonymous strikes in cyberspace—and even in space—are becoming an important form of bargaining in modern statecraft. Precisely because these actions are non-kinetic and do not cause physical damage, they offer a broader range of options for states to signal to and engage in bargaining with adversaries. As a result, countries supporting Ukraine will need to address the risk of Moscow seeking to gain negotiation leverage through indirect methods in both the space and cyber domains. This will require steps to improve Ukraine’s resilience in both space and cyberspace as part of a broader deterrence strategy.
A New Form of Statecraft
For years, analysts have discussed cyber operations in the context of “hybrid warfare” or as a form of “gray-zone tactics.” However, this use of cyberspace is typically depicted as an alternative to outright warfare. Yet, the recent cyberattacks observed during the ceasefire in Ukraine reflect a new manifestation of the role of cyber operations in modern conflict. With massed tanks and artillery no longer dominating the headlines—given the recently declared ceasefire—the real drama may be taking place behind the scenes: targeted cyber disruptions to supply lines, financial systems, and communication networks. Russia’s playbook has always included integrated cyber campaigns, but Ukraine—supported by an international cadre of “hacktivists,” specialized cyber teams, and significant support from Western governments and tech companies—has demonstrated resilience and even the capacity to counterpunch effectively.
As a result, these reciprocal cyberattacks on banks, railways, and energy companies are not only (or perhaps not even primarily) about direct damage to infrastructure. Instead, they send a message. Cyber strikes during the ceasefire are being used to create uncertainty and send signals, forcing adversaries to divert resources, react to crises, and potentially reconsider broader strategic moves. Such attacks can remain both deniable—or at least less attributable—and less costly compared to conventional strikes, granting states more flexibility while claiming to uphold the ceasefire. And while cyber operations have proven to be weak instruments of coercion, their use in this context is demonstrating their potential to play a role in bargaining linked to peace agreements and ceasefire monitoring.
While most public attention remains fixed on hacking groups and malicious software, an equally critical frontier lies in orbit. Satellite constellations; space-based intelligence, surveillance, and reconnaissance (ISR); and global communications form the nervous system of modern militaries. Coercive and signaling actions in and through space share some similarities with cyberspace, especially the prevalence of non-kinetic effects targeting space assets, such as jamming, spoofing, and orbital maneuvers. Moreover, there is a deep operational interdependence between space and cyberspace, which has been clearly demonstrated in the Ukraine conflict. In 2022, Russia initiated military operations against Ukraine with a cyberattack on Viasat designed to disrupt secure satellite communications. Over the course of the conflict, Moscow has tried to disrupt Starlink through cyberattacks on multiple occasions, hoping to use the inability of Ukrainian units to communicate to gain a battlefield advantage. Russia has consistently attacked the position, navigation, and timing (PNT) systems like GPS that are linchpins for both civilian transport and guided munitions.
Space capabilities have also figured into the ceasefire. Surveillance satellites feed continuous data on troop movements and missile launches—capabilities indispensable for any ceasefire reliant on timely detection of hostile acts. Additionally, in a post-ceasefire environment, adversaries could seek to deny or degrade these space-based systems through anti-satellite demonstrations, cyberattacks on ground stations, or targeted jamming. Such interference threatens to undermine an opponent’s military readiness and weaken overall confidence. Space, in other words, has emerged as yet another domain where adversaries can apply coercive pressure—this time by targeting the critical orbital infrastructure that underpins modern warfare. Worst still, space effects—like cyber effects—can reach beyond their intended target. The Viasat attack resulted in thousands of downed wind turbines across Europe. NATO acknowledges the need to protect critical satellite infrastructure that could be disabled by kinetic (i.e., anti-satellite weapons, or “ASATs”) and non-kinetic (i.e., cyber and/or electronic attack) actions in space.
Taken together, effects in space and cyberspace have the potential to disrupt and undermine ongoing peace negotiations, even if they do not trigger an outright resumption of hostilities. More specifically, attacks in these domains that target critical infrastructure are increasingly indicative of a new form of counter-value targeting and graduated pressure strategy. As a result, any military force to secure the peace in Ukraine must include capabilities to deny this terrain.
Cyber Support to Securing the Peace in Ukraine
If Ukraine is to navigate this digital and orbital battlefield effectively, it will require concerted support from its international partners. First, robust cyber defenses must be established across Ukraine’s civilian infrastructure, from rail networks to power plants to financial platforms. An international network of cybersecurity providers—both governmental and private—should offer updated threat intelligence, real-time intrusion detection, and quick-response incident handling teams.
Multinational Cyber Protection Teams: Multiple states have cyber protection teams, and Ukraine offers a safe training area for these teams to hone their craft. By aligning these teams, even if remotely, against key defensive sectors covering Ukraine’s critical infrastructure, states seeking to secure the peace in Ukraine help set conditions for a more lasting peace while gaining valuable experience. Put differently, any peacekeeping and/or ceasefire monitoring force that does not have cyber teams attached to it is fighting a twentieth-century war on a twenty-first-century battlefield.
Combined Cyber Centers: Standing up combined civilian-military cyber command centers capable of coordinating threat intelligence would give Ukraine and its allies the ability to detect and neutralize malicious activity swiftly. The investment will also harness the benefits of public-private sector collaboration and provide valuable insights needed to profile emerging cyber threats.
Continuous Cross-Sector Drills: Regular simulation exercises that replicate both large-scale and more localized cyber intrusions can reveal vulnerabilities in supply chains and communication links before an adversary can exploit them. Applied to Ukraine and exercised through combined cyber centers, they support a larger strategy of denial and build interoperability consistently with modern campaigning and competition.
Interagency Teaming: Responding to cyberattacks tends to involve a mix of lawyers and diplomats as much as it does network defenders. It is almost certain that whatever cyber defense Ukraine and its partners stitch together, Russia will still launch probing attacks. If the adversary denies involvement, Ukraine must be prepared to present credible evidence—technical indicators, forensics, and analyses of the threat vectors—both to the international community and, where possible, to domestic and international courts. This helps deter further intrusions by raising reputational costs.
These concepts are all achievable with existing cyber protection teams fielded by multiple NATO member states and nonmilitary agencies. In effect, it represents aligning existing resources against a clear end: denying Russia the ability to attack Ukraine in cyberspace during negotiations and reconstruction. While the effort will not stop all cyberattacks, it will create a layered deterrent that manipulates the cost and expected benefit of each Russian cyber operation.
Space Support to Securing the Peace in Ukraine
Turning to space, the key to avoiding crippling space disruption is redundancy and resilience. Ukraine’s partners will need to find creative ways to deny Moscow the ability to pressure Ukraine, if not the whole of NATO, through space. This will require the following:
Commercial Satellites and Multi-Orbit Constellations: Ukraine relies on space-based internet and communications. Allies and commercial providers can expand coverage through constellations in low-earth orbit, ensuring that no single system becomes a single point of failure. This service needs to diversify beyond reliance on a single provider, Starlink. Redundancy increases resilience, which in turn supports deterrence by denial, by limiting the cost-effectiveness of using offensive space actions to advance Russian interests.
Ground Station Hardening: The Achilles heel of many space systems is often on the ground. Physical security, cybersecurity, and advanced encryption protocols for ground stations are essential to prevent jamming, sabotage, or infiltration. Any peacekeeping and/or ceasefire monitoring force will need to ensure they have plans in place for protecting key ground station infrastructure, much of which may be outside of Ukraine. This is especially important given Russia’s clear use of sabotage to attack targets across Europe.
Shared Situational Awareness: Monitoring potential ASAT preparations and orbital maneuvers is crucial. If Russia or other hostile actors place certain satellites into suspicious orbits or conduct destructive tests, Ukraine and allied partners should receive immediate warnings. The US has the constellation in place to support NATO and Ukrainian space situational awareness requirements but will need to adjust defense policy to allow for the timely sharing of information. This Space Situational Awareness requirement extends to monitoring space debris, which would increase if Russia used even a small-scale ASAT demonstration to target Ukraine’s critical communications infrastructure.
Sustaining Peace in the Digital and Orbital Battlefield
The dueling cyberattacks that greeted the announcement of a ceasefire are not an aberration; they are further evidence of how states see cyber operations as a political tool, useful for signaling and shaping perception even when they do not rise to a level of actual conflict. Russia’s actions—and Ukraine’s countermoves—demonstrate how even when conventional forces stand down, the battle for advantage continues in the form of network intrusions and space-based maneuvering. For Ukraine and its international allies, sustaining peace now means forging formidable defenses in these intangible realms, as well as cultivating carefully calibrated deterrents that create costs for any would-be aggressor.
To succeed, Ukraine’s armed forces and civilian agencies must integrate cyber and space planning into every level of operations. Cyber vulnerability assessments and space-based contingency drills should become routine, not afterthoughts. The global community, too, must be prepared to invest in the capacity and resilience required to protect Ukraine’s lifelines.
When combined with credible diplomatic pressure, unity among NATO and European partners, and transparent public attribution of malicious cyber or space behavior, Ukraine can shape a deterrent posture that makes it far more difficult for an adversary to leverage these domains as “gray-zone” pressure points. In this evolving era of digital and orbital statecraft, resilience is nonnegotiable, and the alliances that provide it will be the cornerstone of any lasting peace.
Benjamin Jensen is director of the Futures Lab at the Center for Strategic and International Studies in Washington, D.C. Erica Lonergan is an assistant professor in the School of International and Public Affairs at Columbia University.