Three Corporate

Ukraine to Establish Unified Military Cyber Force

by

Muhammet Ali Zurnacı
in , , , , ,

Ukraine’s parliament, the Verkhovna Rada, passed a bill in its first reading on October 9, 2025, to establish a dedicated Cyber Force as a new branch within the Armed Forces of Ukraine (AFU). This would mark the first time the country unites its fragmented offensive and defensive military cyber capabilities under a single, centralized command structure. What is your assessment? 

Cybro-100, Cyber Warfare Specialist:

Here is my assessment of the announcement by the Verkhovna Rada on 9 October 2025 to create a dedicated Cyber Force within the Armed Forces of Ukraine (AFU). Wikipedia+4The Kyiv Independent+4Scroll Media+4

✅ What this signals — strengths and strategic advantages

  1. Acknowledgement of cyberspace as a war‑fighting domain
    Ukraine’s decision marks a formal institutional recognition that cyber is not simply a support or defensive element, but a full domain of warfare (alongside land, air, sea). The bill positions the Cyber Force to conduct bothdefensive and offensive military cyber operations. Scroll Media+2redskyalliance.org+2
    This helps align Ukraine with modern military doctrine where cyber operations—exploitation, disruption, denial—are integral to major‑state conflict.
  2. Centralised command structure to reduce fragmentation
    Currently Ukraine’s cyber functions are spread across various units (military intelligence, SBU, Signals & Cybersecurity Troops, volunteer networks). This bill envisions uniting “fragmented offensive and defensive military cyber capabilities under a single, centralized command structure.” That consolidation can bring clarity of command, faster decision‑making, streamlined resource allocation, more coherent doctrine and training.
  3. Direct chain of command and politico‑military linkage
    Under the draft law the new Cyber Force reports directly to the AFU Commander‑in‑Chief and politically to the President as Supreme Commander. The Kyiv Independent+2cybersecurityintelligence.com+2
    That gives the branch prestige and authority. It also signals to allies and adversaries that Ukraine views cyber operations as strategic, not peripheral.
  4. Creation of a cyber reserve and integration of civilian specialists
    The law foresees a cyber reserve roster of civilians with specialist skills who may assist the Cyber Force without full‑military enlistment. Scroll Media+1
    This is smart: many cyber tasks require niche skills, and tapping civilian talent expands capacity and agility.
  5. Alignment with Western/NATO standards and signal to partners
    The bill underscores Ukraine’s ambition to modernise forces in line with NATO practices, reinforcing Western state‑support and interoperability. The Kyiv Independent+1
    From a geopolitical viewpoint, it shows Ukraine signalling to allies that it intends to institutionalise its cyber posture — helping build credibility for long‑term assistance.

⚠️ Risks, challenges and caveats

  1. First reading only – implementation is uncertain
    The bill passed only the first reading in the legislature. It still needs further readings and the President’s signature to become law. The Kyiv Independent+1
    Passing legislation is necessary but far from sufficient; all the structural, human‑capital, doctrinal groundwork remains.
  2. Budget and resourcing appear modest
    Early reporting indicates an allocation of about 14 million hryvnia (~US$336k) for 2025 to kick start the branch. cybersecurityintelligence.com
    That is a symbolic amount — insufficient for a full new military branch with offensive/defensive cyber mission sets, logistics, training, equipment, global collaboration. Without ramping up funding strongly, the ambition may outstrip capabilities.
  3. Human capital, doctrine and culture gaps
    Moving from ad‑hoc units and volunteer networks to a professional military cyber branch demands substantial investment in training, doctrine, career paths, retention incentives, rules of engagement, legal frameworks for offensive cyber. Ukraine will likely face shortages of experienced staff, especially for offensive operations at scale.
    Also, cultural integration of civilians/reservists into military‑style operations is non‑trivial.
  4. Overlap and turf battles
    Existing entities in Ukraine already conduct cyber operations: e.g., military intelligence, volunteers affiliated with the so‑called “IT Army of Ukraine”, the Signals & Cybersecurity Troops (which are more defensive). Wikipedia+1
    Creating a new branch risks duplication, inter‑agency friction, clarity of roles/authorities. Clear delineation between defensive cybersecurity, intelligence cyber, and offensive military cyber operations will be essential.
  5. Escalation and attribution risks
    A more formalised Ukrainian cyber‑force could increase Ukraine’s willingness/ability to conduct offensive cyber operations against Russian targets. That raises escalation risks: Russia has repeatedly emphasised cyber retaliation. Ukraine will need doctrine and escalation‑control mechanisms to manage risk.
    Also attribution remains messy: Ukraine must be clear on legal/ethical frameworks for offensive operations, especially if targeting Russian critical infrastructure that may have cascading civilian effects.
  6. Integration with allied frameworks and legal norms
    Offensive cyber operations, even in war, carry legal, political and strategic implications. Ukraine will need to build frameworks consistent with international law, allied notifications, intelligence sharing and have interoperable architecture with NATO states — which takes time.

🎯 Strategic implications

  1. Enhancing deterrence in the cyber domain
    By formalising its cyber efforts, Ukraine sends a message to Russia: “We are building the capacity to hit back.” Deterrent logic: if Russia knows Ukraine has a centralised and prepared cyber‑branch, it may moderate some attacks or risk the costlier retaliation. But deterrence in cyber is notoriously fragile because attribution is uncertain and thresholds differ.
  2. Better coordination of cyber‑kinetic fusion
    The war in Ukraine has shown how cyber, electronic warfare, drones, kinetic strikes all interplay. A dedicated Cyber Force allows Ukraine to integrate cyber‑effects with kinetic operations more coherently — e.g., disguising attacks, suppressing Russian air defences, or degrading command networks ahead of a strike.
  3. Boosting resilience of military and state systems
    One of the core tasks is protecting Ukraine’s military and state information systems from Russian cyberattacks. Given repeated Russian mass‑cyber operations targeting Ukraine (e.g., power grid attacks, network intrusions), the move strengthens Ukraine’s defensive posture.
  4. Allied cooperation, intelligence sharing and burden‑sharing
    With a formal structure, Ukraine becomes a more credible partner for allied cyber‑capacity cooperation (training, tools, interoperability). Western states may increase assistance, share malware signatures, and extend joint cyber exercises.
  5. Signal of longer‑term strategic seriousness
    By institutionalising cyber operations it signals that Ukraine perceives this war (and future wars) not as finite kinetic engagements but as multi‑domain, long‑term competition including in cyber, space, information. That mindset is critical for Ukraine if it expects a protracted contest with Russia.
  6. Escalation management will become more complex
    As Ukraine’s offensive cyber capability strengthens, Russia may perceive a rising threat and escalate more aggressively — in cyber (shutting down Ukrainian infrastructure), kinetic (reactive strikes), or hybrid (information operations). Ukraine and its allies must calibrate escalation thresholds and control unintended spill‑overs (e.g., attacks on civilians, third‑party states).

🔍 My verdict

Overall, I view this as a positive and strategically essential step for Ukraine — overdue but necessary. The nature of the current war and the role of cyber‑effects in it make this logical. However, it is a “necessary” step, not a guarantee of success. Implementation is the real test:

  • If Ukraine invests heavily in talent, training, doctrine, equipment and allied integration, the Cyber Force could become a meaningful strategic asset.
  • If it becomes a bureaucratic shell with limited funding, unclear mission, overlapping authorities, then the benefit will be marginal.

From Russia’s perspective, Ukraine’s move may be perceived as an escalation in the cyber domain — potentially provoking Russian counters in kind (massive cyber‑attacks, targeting of reserve networks, or even pre‑emptive destructive operations). Ukraine and its allies should ensure they have escalation control mechanisms, perhaps aligned with NATO cyber‑deterrence policy.

In short: right move, timely, but success hinges on rapid, substantial follow‑through.

Cybro-100, Cyber Warfare Specialist

Three Corporate