Skip to main content
CyberPeace Inst. 2022 Unified Threat Intelligence (TI) and Early Warning Systems
Geographical scope: Cross-border, National
What

Description

The CyberPeace Institute's 'Cyber Attacks in Times of Conflict' platform is a structured monitoring and analysis tool developed in response to the cyber dimensions of the conflict in Ukraine. It systematically documents cyberattacks targeting civilian infrastructure, humanitarian organisations, and essential services, providing granular data on the nature, frequency, attribution, and humanitarian impact of these incidents. The platform aggregates open-source intelligence, incident reports, and expert analysis to produce accessible visualisations and policy-relevant insights. It also documents the legal and normative dimensions of cyberattacks under international humanitarian law, contributing to accountability efforts. For civil-defence cybersecurity cooperation, the platform represents a replicable model for unified threat intelligence collection that bridges operational analysis with policy and legal documentation.

Where

Geographical Scope

Primarily Ukraine and Russia, with coverage extending to third countries affected by spillover cyberattacks. The platform's methodology and data model are globally applicable and have been referenced in policy discussions across Europe and beyond.

Problems Solved

Relevance to Civil-Defence Cooperation

This practice addresses the following cooperation needs identified in the COcyber needs assessment (D2.2). Filled squares indicate needs directly addressed by the practice.

  • Fragmentation of cybersecurity efforts
  • Lack of information-sharing
  • Lack of awareness capacity
  • Lack of dual-use technologies
  • Lack of coordinated policies
  • Lack of cross-pollination
  • Lack of cutting-edge innovation
  • Cultural differences
Impact

Benefits & Challenges

Anticipated Benefits

  • Provides a replicable, transparent model for monitoring and documenting civilian harm from cyberattacks, supporting accountability and policy response.
  • Bridges operational threat intelligence with legal and humanitarian analysis, enabling multi-stakeholder use of the same data.
  • Offers open-access visualisations that raise public and policymaker awareness of cyber threats during conflict.
  • Demonstrates how civil society organisations can contribute meaningfully to the civil-defence cyber intelligence ecosystem.

Anticipated Challenges

  • Data collection in active conflict zones is inherently incomplete, creating gaps in attribution and impact assessment.
  • Reliance on open-source intelligence may limit the depth and timeliness of analysis compared to classified government sources.
  • Scaling the methodology to other conflict contexts requires significant adaptation and resource investment.
  • Legal complexity around attribution and international humanitarian law application to cyberattacks remains contested and evolving.
How

Domains

Defence
Civilians
COcyber Project - D4.1 Guidelines on Cybersecurity Civil-Defence Cooperation - 2024-2026
Back to Repository of Practices