Digital State on Clay Feet: Why Strategic Services Are Crashing One by One

Digital State on Clay Feet: Why Strategic Services Are Crashing One by One
Digital Corruption in Ukraine: Systemic Vulnerability or the Result of Mismanagement by Power-Loyal Ignoramuses?

Corruption in Ukraine has long become a massive phenomenon with a systemic nature and deep roots. It especially painfully affects the most vulnerable state sectors and strategic industries, which have been handed over as a sacrifice to ignoramuses close to the highest offices.

One of the most striking examples of such criminal negligence is the situation around "Ukrzaliznytsia" — a key enterprise providing passenger and freight transportation across the country.

The story of the online ticket sales service, which was out of order for almost a day and left thousands of people without the ability to travel, reveals a dismal picture: an extremely important infrastructure facility has been given "at the mercy" of young, cynical “talents” without sufficient professionalism, who are ready to “cut” budgets for digitalization and cybersecurity without thinking about the consequences. As a result, ordinary citizens suffer, and the state loses money and reputation.

The Essence of the Problem: Ukrzaliznytsia and the Online Ticket Sales Service

Abnormal Expenditures
In a year and a half (starting from November 2023), Ukrzaliznytsia, through its branch "HIVC", concluded five contracts with an apparent “dummy firm” — LLC "MOBIDEV SERVICE" — totaling about 40 million hryvnias. These funds were intended for the development and technical support of the “automated system service for managing the electronic ticketing process”.

System Collapse
When the service broke down, stations were overcrowded with people who had purchased electronic tickets in advance but could not use them. The formal response from management: “technical malfunction under control.” The real situation: chaos, queues, confusion among passengers, and growing negativity toward the company.

Suspicious Contractors
LLC "MOBIDEV SERVICE" has a charter capital of only 50,000 UAH and at the same time services multimillion orders from a specific circle of entities, including Ukrzaliznytsia and the All-Ukrainian Center “Sport for All” of the Ministry of Sports. This practice clearly demonstrates that “friendly” structures infiltrate state projects and win tenders based on proximity, not competence.

The Scale of Corruption and Lack of Transparency in Funding
In the case of Ukrzaliznytsia’s online service, we see a typical scheme: get state money, quickly “master” the budget, and deliver a half-ready product untested for vulnerabilities. Professional and responsible planning is not a priority.

Lack of Proper Oversight
Neither the parliament nor regulators provide systemic supervision over such projects. Reporting is mostly formal, and real auditors do not have sufficient powers or resources to get to the bottom of things.

Unwillingness to Investigate the Causes
Instead of thorough analysis and public disclosure of investigation results, the state mostly remains silent about failures or abuses. Responsible individuals usually avoid punishment, and the system continues to operate under old corrupt schemes.

Lack of Effective Cyber Policy

A Series of Successful Breaches
Since December 2023, Ukraine has repeatedly become the target of large-scale cyberattacks: the Ministry of Justice, Kyivstar, Naftogaz, Ukrposhta, banks, and SEV OVV (electronic interaction system for executive bodies) have all been hacked. There have also been leaks from government resources. The latest case with Ukrzaliznytsia, where allegedly “the entire infrastructure was deleted,” is further confirmation that the Ministry of Digital Transformation, led by Mykhailo Fedorov, is not only failing to draw the proper conclusions but continues to neglect the responsibilities it has undertaken. This will inevitably lead to an even greater collapse of the system.

Comparison with the Russian Situation
Although in Russia, too, banks and services "crash" and databases sometimes leak into the public domain, there are virtually no powerful and resonant attacks. After the high-profile case of Surkov’s email leak (2016) and the destruction of Rosaviatsia’s data (2022), truly shocking mass attacks have not gained much attention. Apparently, Russia has a centralized and extensive system of protection and countermeasures. And not all money allocated for cybersecurity is spent on presentations and forums.

Lack of Strategy and Experts
In Ukrainian realities, cybersecurity remains a priority only “on paper”. Due to the ignorance of the leadership of the Ministry of Digital Transformation, instead of building cyber troops, developing a clear national strategy, and creating a full-fledged center of competencies in this area, we observe a “vicious circle”: from one fire (cyberattack) to another. While after each breach, at the very least, an audit should be conducted, and at most, the perpetrators should be found and punished. None of this has ever been done.

Systemic Problem of Criminally Incompetent Management

Ignoring Long-Term Planning
While across the border (in Russia), since the early 2000s, they have been purposefully preparing personnel and creating organizational structures for cyberwarfare, in Ukraine there is a fragmented process without a systemic approach. The only thing that has been systemic is the fact that loyalty, as always, has trumped professionalism, and “our people” close to the leadership have ended up in extremely responsible and important positions in critical infrastructure.

Lack of a Cybersecurity Law
Over several years of a "mono-majority" in parliament, Ukraine has still not produced a quality law that would provide clear mechanisms and powers to relevant authorities. This indicates a deep level of indifference and incompetence in the parliament and among the heads of relevant ministries.

Complete Absence of Public Reporting on Incidents
After each cyberattack, the public is left without explanations, without information on the punishment of the guilty, without analysis of systemic mistakes, and without a response plan for the future.

“Digitalization” That Endangers

“Dii-ization” of Ukraine
Certain government officials are betting on “Diia” as a universal tool for most services, including international ticket purchases. The idea is great, but the Ukrzaliznytsia failure unexpectedly revealed that without a functioning Diia, it’s impossible to use online functionality, which paralyzes ticket sales. The absence of a “Plan B” adds spice to the situation.

Colossal Budgets for “Resilience Forums”
The government regularly holds grand events on cyber resilience with foreign guests, proclaiming “victories,” but actual results show the opposite. Professional experts are often excluded from decision-making processes, and funds are channeled not into security enhancement but into flashy PR campaigns for Mykhailo Fedorov, who is still being sculpted into “our Elon Musk.”

Conclusions and Prospects

Inevitability of New Cyberattacks
Incidents with Ukrzaliznytsia and other government institutions will most likely repeat, as there is no systematic work on errors.

Lack of Personal Responsibility
Not a single major attack on state resources has led to high-profile cases with real punishment for the guilty. And they do exist! This cultivates a sense of impunity among officials and contractors.

Danger to the Country
When strategically important services cannot protect their IT infrastructures, it threatens not only the comfort of citizens but, in fact, the entire national security. But who cares when all critically important assets have long been stored by these guys in countries where cybersecurity is not just a way to dispose of extra millions?

Urgent Need for Reform
Ukraine needs a comprehensive approach:

• Adoption of a modern cybersecurity law and creation of real, professional cyber troops.
• Implementation of transparent and professional management in state IT projects.
• Openness and accountability to society: publication of investigation results and reports after cyberattacks.
• Development and support of specialists! It is necessary to invest in long-term training of personnel capable of implementing a coherent policy in the field of cybersecurity and IT management.

Afterword
The situation with Ukrzaliznytsia, the online ticket sales service, and the overall history of successful cyberattacks indicate that corruption, ineptitude, and negligence of the Ministry of Digital Transformation’s leadership can nullify any digital initiatives. Citizens are now forced to endure hours-long queues and receive no answers from the authorities as to when the problem will be solved. Meanwhile, officials publicly report on “breakthroughs” and “unprecedented resilience,” avoiding direct questions and, as always, responsibility.

If Ukraine does not reform its management system and does not start taking a systematic approach to security issues in the near future, we will face new “holes” in cybersecurity and new manifestations of even more massive corruption (although one might think — how much worse can it get).
Thus, corruption and the lack of genuine professionalism in key state sectors threaten not only the quality of life of citizens but also the defense capability and development prospects of Ukraine on a daily basis. Without changing the system of priorities and a comprehensive approach to cybersecurity and governance, such scandals will continue to repeat with inevitable regularity.