LAS VEGAS — The United States’ partnership with Ukraine to fend off Russian hackers during the ongoing war has proven to be an excellent model for helping other countries deal with similar digital assaults, a top U.S. cyber official said Wednesday.

“What we’ve been doing over the past year now is probably the closest we’ve worked, operationally speaking, with any foreign partner,” Jen Easterly, the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said during a discussion at the Black Hat security conference in Las Vegas. She spoke alongside Victor Zhora, the deputy chairman of the State Special Communications Service of Ukraine, the country’s cyber defense agency.

Since Russia invaded Ukraine in February 2022, the Biden administration has marshaled the resources of the intelligence community, agencies like CISA and the cybersecurity industry to provide Ukraine with funding, personnel, intelligence and defensive technology, all of it aimed at containing the damage that Russian hackers are trying to cause in the digital realm as Moscow’s tanks and missiles sow chaos in the physical world.

That partnership, which has largely succeeded in preventing Russia from causing cyber chaos in Ukraine, has offered lessons for how the U.S. could help other allies living in the shadow of authoritarian regimes, like Taiwan, which faces constant threats from China.

Speaking to reporters alongside Zhora before their on-stage conversation, Easterly said, “Everything that we are building is really through this lens of, how are we helping to do capacity building with Ukraine, and maybe, is that applied at some point in time to another country that is under threat by a serious foreign adversary?”

Easterly and Zhora addressed the Black Hat audience on the one-year anniversary of the U.S. and Ukraine signing a pact to share intelligence and conduct joint operations like training, exercises and threat hunting. In the year since then, Easterly told Zhora, “We’ve been learning as much from you all as I hope you’ve been learning from us.”

Jen Easterly (right), the director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, spoke alongside Victor Zhora (center), the deputy chairman of the State Special Communications Service of Ukraine, and moderator Lily Hay Newman at the Black Hat conference in Las Vegas on August 9, 2023 Eric Geller/The Messenger

Easterly said Ukraine’s ability to maintain civil order amid Russian cyberattacks and disinformation has highlighted how far the U.S. has to go to achieve the same level of what she called societal resilience.

In its latest annual threat assessment, the U.S. intelligence community predicted that China would attack U.S. critical infrastructure —such as power plants and hospitals— in the early phases of any conflict with the U.S. over the status of Taiwan. That means the U.S. could soon see the kinds of sophisticated digital barrages that it has so far been spared, but which Ukraine faces every day.

“We [in the U.S.] are very likely going to see attacks that cause great disruption,” Easterly said, so Ukraine’s resilience is something that “we as Americans really need to internalize.”

Americans’ panicked responses to the Colonial Pipeline ransomware attack, which temporarily disrupted fuel supplies on the East Coast, and to the Chinese spy balloon saga, demonstrated how far the U.S. has to go, Easterly said. “I don’t see that level of resilience, in terms of how we respond to potential threats.”

CISA has spent years trying to spread the word that the businesses running America’s critical infrastructure need to fix basic cybersecurity shortcomings to prevent major attacks, but the issue is an esoteric one, and few Americans pay close attention to it.

“To be frank, it’s very hard,” Easterly admitted. “In a world where … there’s [always] elections and there’s always the news of the day, I think it is hard to break through [with] some of these messages that we’ve been trying to carry out.”