“We’re just sort of bracing for what comes next and hoping that we can help,” Roncone said.

A renewed cyber offensive could also expand the war into regions of Ukraine that Russia has been unable to take with physical force, deepening the conflict even as Kyiv bolsters its armies with new weaponry from NATO allies. Major attacks could even spill over into NATO allies.

Ukraine has done better than expected so far. While the Russian government and cyber criminal groups repeatedly attacked Ukraine through everything from government agencies to television stations to energy substations in 2022, Ukraine thwarted many of those and was able to recover from others quickly.

“They were better prepared, more resilient, more prepared to get networks that were successfully attacked back up and running quickly,” said Tom Burt, Microsoft’s corporate vice president of customer security and trust.

And fears that Russia would take down Ukraine’s energy grid or shut down military communications didn’t come to pass.

But Russia has now had months to prepare, learn and reconsider its strategy.

In February of 2022, Russian cyber forces didn’t have a lot of time to carry out sophisticated attacks, said Mark Montgomery, senior fellow on Cyber and Technology Innovation at the Foundation for Defense of Democracies.

“Russian forces had the same level of warning about the invasion that those outside Putin’s inner circle had,” he said. “They had no time to plan — and they thought the war would be over soon anyway.”

In the ensuing months, Russian hackers resorted to attacks that were less sophisticated and easier to launch, such as crude data-destroying “wiper” attacks and distributed denial-of-service attacks, which overwhelm servers until they temporarily crash, said Ciaran Martin, former CEO of the U.K.’s National Cyber Security Centre and current Paladin Capital Group managing director. Martin described the attacks as “improvised, fast paced … quite harassing attacks on the Ukrainian infrastructure.”

Russia’s struggles throughout the year may have resulted from a failure to properly staff or train its cyber forces, said Jon Bateman, a senior fellow at the Center for Strategic and International Studies.

But as the war continues, Russia has time to adapt, Bateman said.

Russia could compensate for those shortcomings with “short bursts of intense [cyber] fires.” Timed right and properly coordinated with kinetic attacks — an admittedly tall order, qualified Bateman — “cyber operations could be really consequential.”

With added time Russia could also be planning more sophisticated attacks.

“I’d love to say we’re completely out of the woods, but I still have memories of the NotPetya attack years ago, and it’s not like they’ve stopped,” Senate Intelligence Committee Chair Mark Warner (D-Va.) said in an interview. He was referring to a 2017 Russian attack that used sophisticated malware to tunnel into Ukrainian networks across multiple industries and government agencies and caused an estimated $10 billion in damages worldwide.

And as Russia gets further backed into a corner, it may be less concerned in 2023 that a cyberattack would end up affecting countries outside Ukraine and prompt them to provide more military support to Kyiv.

Russia learned in 2017 that an attack targeted at Ukraine could spill into other countries, when the NotPetya hack spread to computer systems worldwide.That experience might have encouraged Russia to tightly control its digital offensive in the first year of the warr, said Christopher Ahlberg, CEO of Recorded Future.

“Why would he want to get NATO involved, if he’s invading a specific country?” Ahlberg said.

Now NATO is committing itself further in Ukraine. In recent weeks, alliance members have agreed to send main battle tanks to Kyiv — a threshold that seemed unthinkable at the war’s outset — and they are now weighing sending advanced fighter aircraft. And on Friday, the one year anniversary of the war, the U.S. announced an additional $2 billion tranche of long-term security assistance to Ukraine that will include ammunition and high-tech drones.

That said, Ukraine’s cyber defenses have held strong against an onslaught from Russia that is much bigger than many realized. Dutch intelligence disclosed this week that there have been many more Russian cyberattacks against NATO and Ukraine than have been made public — and that Ukraine has largely fended those off.

Still, officials in both the U.S. and Ukraine warn that success so far at blocking attacks shouldn’t be seen as evidence the threat is handled.

“We should not take our shields down,” Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, told reporters this month. “It is very unpredictable what is going on in that space.”

“We can say one thing for sure, for certain, that we won’t have fewer attacks this year,” Yurii Shchyhol, Ukraine’s top cybersecurity official, told POLITICO in January.

A year into the war, many officials have far more confidence in Kyiv’s ability to blunt Russian cyber attacks than they did before Russia invaded.

But knowing how much work went into securing Ukrainian networks, Microsoft’s Burt said cyberattacks — Russian or otherwise — could have a game-changing impact in future conflicts.

“Over history, when you’ve seen a new form of weapon deployed in a conflict, what you tend to see is that in the next major conflict that form of weaponry has been significantly evolved and advanced and has become more destructive,” he said.