Is Denmark prepared for cyberwarfare?

A group of researchers from the IT University of Copenhagen is investigating what Denmark can learn from Ukraine in terms of preparing for cyberwarfare. Cyberwarfare does not just affect governments and companies, but also civilians, and the researchers ask what should be done if we come under attack.

Written 8 April, 2025 12:04 by Mette Strange Mortensen

How many times a day do you use your phone? For calls, text, paying in the grocery store or maybe reading an article about cyberwarfare? Most of us use our phone for so many different things, that not having access to phone calls or internet services seem hard to imagine, but maybe it is something we should prepare ourselves for. A group of researchers from the IT University of Copenhagen, led by Associate Professor Oksana Kulyk, are looking into how cyberwarfare on our telecommunication systems affects organisations, governments and civilians and finding ways to prepare states for large-scale cyber-attacks.

“In this project the first step, we are doing, is interviews with people in Denmark, who are responsible for either the telecommunication sector, people from the government and people who are responsible for cyber-defence. We are trying to understand the scope of Danish telecommunication infrastructure and how vulnerable it is and what protection and recovery measures are already in place. In the next phase we will go to Ukraine and talk to people there. The Ukranians have a lot of experience with cyber-attacks, which will make it possible for us to compare the situations. We want to see how the measures they have learned to use in Ukraine can be used in Denmark, in case of attacks such as Ukraine has experienced,” says Associate Professor Oksana Kulyk.

Ukraine have learned how to act during cyber-attacks

In the most recent threat assessment from the Danish Ministry of Resilience and Preparedness, the threat from cyberespionage on the telecommunication sector has been raised from medium to high. Therefore, there is a need for research on how to handle the large-scale cyber-attacks on telecommunication, as the sector could be a target. In a large-scale cyber-attack, the aggressor might try to attack critical infrastructure such as shutting down the services of a large telecommunication company, leaving millions without phone service. In contrast to Denmark, cyber-attacks have been a reality in Ukraine for many years.

“There have been cyber-attacks from Russia in Ukraine for the past 10 years. They now know both what to do in the event of an attack and they also know the technics and tactics that the Russians use. We know that while the target is for example telecommunication companies, civilians are also affected by the attacks. Therefore, it is important that companies and governments have plans in place in case of an attack,” says Oksana Kulyk, “In 2023, there was a cyberattack in Ukraine that left 20 million people without mobile connection for several days. We conducted interviews in Ukraine with people who experienced this cyberattack, and they said there was some panic, as they could not reach their loved ones, but there was also the issue, that if you used your mobile connection to access important information or for example to reach your doctor via an app, people were not able to schedule doctor’s appointment, which could have health repercussions or people could not pay in the grocery store, because their financial transactions was connected to their phone. This caused a sense of panic and anxiety.”

Oksana Kulyk and her collaborators have interviewed civilians in Ukraine, who are living with a constant risk of cyber-attacks and who are also experienced in how to handle them, when they happen. The interviews have showed that there is something that the companies, who are hit by a cyberattack can do:

“The company that was breached in this cyber-attack were good at providing regular updates, like “now we will restore the SMS function, and in the coming days we will restore this, this and that”, so they did a lot to reassure their costumers, by letting them know that they were aware of the problems, and they were working on resolving it. The people we talked to, said that this was something that affected them positively. So even though there was a sense of panic, they knew that someone was working on it,” says Oksana Kulyk. “Often a goal for these attacks is that people lose trust in the Ukrainian government or companies that are crucial for the infrastructure. It is not only that a government website is down, but also that it seems like the government lost some control over communication channels. That sparks the question of what else might they lose control over? So, the government has to go out and acknowledge it and say that they are experiencing problems, but also that they are in control, and they are working on regaining function and fixing the problems.”

The project is a pilot project funded by National Defence Technology Centre (NFC).

Learn more at The Danish Science Festival at ITU

There is still a lot to learn for Danish companies and government institutions. On 23 April, ITU and the newspaper Information will gather a panel of people to talk about how we in Denmark can prepare for cyberwarfare.

Is Denmark prepared for cyberwarfare?

Ukraine have learned how to act during cyber-attacks

Learn more at The Danish Science Festival at ITU

News