485028258_663926449916817_6630363853812185645_n

Bug Hunters Tested DOT-Chain at KICRF 2025

At the Kyiv International Cyber Resilience Forum 2025, a Bug Bash was conducted to test the security of the DOT-Chain IT system, developed by DOT – the State Rear Operator of Ukraine.

The testing was organized by Cyber Unit Technologies in cooperation with the Institute for Cyber Warfare Research (ICWR) and supported by the National Cybersecurity Coordination Center under the NSDC of Ukraine and the Ministry of Foreign Affairs of Ukraine.

DOT-Chain is designed for digital management of food supply logistics for the Armed Forces of Ukraine, and its new module, DOT-Chain Defence, is set to become a platform for military drone operations.

Engaging ethical hackers to test system security is considered one of the most effective methods for identifying potential threats before they are exploited by malicious actors.

Over two days, twenty vetted cybersecurity specialists searched for vulnerabilities in a controlled testing environment under the supervision of the DOT IT team. Their rewards were based on the number and severity of the issues they discovered. At the conclusion of the event, the top three participants were recognized on the forum’s main stage:

🥇Alona — ₴487,000
🥈Whit3_L1ght — ₴56,000
🥉Nigel — ₴56,000

The organizers expressed their hope that such competitions will become a regular practice for all critical infrastructure operators and public institutions managing state registers.

Bug bounty programs are not new to Ukraine—some banks and the state enterprise Prozorro have already implemented or continue to conduct similar security testing initiatives. However, the Bug Bash format stands out due to its hackathon-style approach, in which a large number of ethical hackers simultaneously examine a system for vulnerabilities over a short period. This format allows for rapid identification of potential risks and testing the resilience of digital infrastructure under high-stress conditions.

Conducting such tests helps timely detect cyber threats, strengthen the protection of strategically important systems, and ensure their continuous operation amid growing cyber risks.

484189501_658890023753793_6510123244920784293_n

INSTITUTE OF CYBER WARFARE RESEARCH at KICRF 2025

On March 11–12, Kyiv hosted the Kyiv International Cyber Resilience Forum 2025 (KICRF), which brought together over 1,000 participants from more than 15 countries, including government officials, representatives of international organizations, businesses, cyber diplomats, and cybersecurity experts.

The Kyiv International Cyber Resilience Forum (KICRF) is the leading cybersecurity event in Ukraine and Central and Eastern Europe (CEE), uniting global experts and professionals. It is the largest and most expert-driven cybersecurity forum held in Kyiv.

The Institute for Cyber Warfare Research, as a technology partner, co-organized two key competitions of the forum:

Capture the Flag (CTF) – a challenge for public and private sector professionals

The DOT-Chain Bug Bash – a hackathon aimed at identifying vulnerabilities in government web resources

Over two days of competition, the teams demonstrated a high level of professional expertise.

In addition, our experts moderated and spoke at several of the forum’s panel discussions and sessions:

«Protecting Ukrainian Business: Strategic Cybersecurity Approaches from Market Leaders» – Yegor Aushev
«Evidence Collection and Data Recovery After Destructive Cyberattacks» – Valentin Kucheruk
«Cyber Risk Assessment: Strategies for Resilience and Mitigation» – Oleksandr Korystin
«Education, Technology, and Standards: Emerging Trends» – Maksym Delembovskyi
«Regional Cybersecurity: The Protection Formula» – George Papariga

The forum reaffirmed Ukraine’s role as a key global center for cyber resilience and a platform for professional dialogue on the future of cybersecurity. The Institute for Cyber Warfare Research continues to contribute to the development of the field, strengthening public-private partnerships, and training the next generation of cybersecurity professionals.

We sincerely thank the organizers, participants, and partners of KICRF 2025!

Research

The team of the Institute of Cyber Warfare Research presents three studies created for the National Security and Defense Council of Ukraine (NSDC) and the National Coordination Center for Cybersecurity (NCCC) with support provided by the U.S. Agency for International Development within the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity. These studies cover such important topics as the ENISA assessment of Ukraine’s national cyber capabilities, analysis of cyber threats in 2023, and experience in countering cyber warfare.

The study «Assessing the Overall Cybersecurity State of Ukraine» was made possible through support provided by the U.S. Agency for International Development within the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity. The author’s views expressed in this publication do not necessarily reflect the views of the United States Agency for International Development or the United States Government.

These studies are aimed at providing up-to-date and practical information to decision-makers in the field of cyber defense of Ukraine, contributing to the improvement of the country’s cyber resilience.

[Read more]

327346887_3294244457483417_3120350043186388435_n

On the eve of the International Day of Personal Data Protection, a round table was held in the Office of the Ombudsman

The event was attended by representatives of the Commissioner, the Verkhovna Rada, the Office of the President of Ukraine, the Council of Europe, the EU4DigitalUA project, and public organizations.

The Ombudsman’s Secretariat presented the results of monitoring the state of ensuring the right to personal data protection in 2022.

George Paparyga, a representative of the Cyber ​​War Research Institute, presented a report on the relevance of personal data protection in cyber war conditions.

They discussed the prospects of updating the legislation, taking into account international standards, about artificial intelligence and personal data, and about today’s challenges that must be solved at the state level, including involving the cyber community.