Rasmus Knappe
Chief Technology Officer
Microsoft Ukraine’s GM on cybersecurity, interdependence, and Europe’s new reality
When a missile hits a dam, it’s called an act of war. But what if the same dam is disabled by a cyberattack with the same catastrophic consequences?
Leonid Polupan, General Manager for Microsoft Ukraine, doesn’t ask the question to provoke. He asks because it’s already happening.
A striking example occurred in Norway in April 2025, when hackers remotely triggered a floodgate at the Lake Risevatnet Dam, releasing massive volumes of water before the breach was stopped. Norwegian authorities later attributed the attack to pro-Russian actors. No lives were lost, but the incident underscored how digital attacks can have very real, physical consequences. “We’re living in a hybrid world”, Leonid begins.
“In the weeks leading up to the full-scale invasion of Ukraine, we saw a dramatic spike in cyberattacks. At one point, Ukraine was the second most attacked country in the world. Cyber was the first wave. Softening the infrastructure, creating confusion, and weakening systems before anything happened on the ground.”
As Europe continues to face increasing geopolitical and digital uncertainty, Leonid Polupan offers a rare perspective shaped by war, technology, and a deep belief in resilience. His main message to Europe: Stop looking at the world through a traditional lens. The assumptions of the past no longer apply.
Leonid Polupan is clear in his position:
“No country or organization can operate in isolation anymore. We’re all connected and dependent on each other.”
– Leonid Polupan
The implication is profound. Sovereignty can’t be achieved in digital isolation, because no profession, no sector, and no country is immune to hybrid threats. Denmark, he says, is a prime example of this paradox.
“Denmark is perfectly calibrated and integrated into the global economy. That comes with risks. But the answer can’t be isolation. The better answer is smart interdependence,” Leonid Polupan argues.
He warns against the illusion of complete self-sufficiency in cybersecurity. The digital infrastructure that underpins societies and economies is deeply interconnected. That means if one organization, system, or supplier is compromised, the effects can ripple across interconnected infrastructure. But Leonid Polupan argues that this is precisely where the strength of cloud technology lies. By operating in the public cloud, organizations can tap into a global, constantly evolving security model, one that benefits from the scale, responsiveness, and collaborative intelligence of a worldwide network. Rather than vulnerability, shared infrastructure becomes a force multiplier for resilience.
Much of Leonid Polupan’s concern centers around how slowly European institutions are adapting to the reality of modern digital conflict.
“We still think in the logic of the 1990s. We look for rational explanations behind irrational acts. But there is no logic behind the bombings. They are about power, not purpose,” he says.
He contrasts Europe’s cautious, rules-based approach with hostile actors who weaponize new tools instantly. While European legislation is debated and refined over years, other actors act without delay. In Leonid’s words, “On the other side of the world, they take the tools and use them. Immediately.”
He also points to legislation that hasn’t caught up with technological realities. “Cloud doesn’t work like traditional procurement. It’s a toolbox. But if the rules make you pick specific tech in advance, you’re already behind.”
This is especially visible when it comes to cloud security. Ukraine’s government made the decisive move to evacuate data to public cloud platforms early in the war. The result: enhanced resilience, flexibility, and access to global support when it was needed the most.
In one case, a Ukrainian state-owned energy grid operator was driving around the country with satellite dishes on their cars, balancing the national grid after their datacenter was bombed. They had luckily already migrated to Microsoft Azure.
“Everything starts from cyber. If your cyber is down, everything is down. That’s where the attack starts, and that’s where the defense must start too,” he insists.
The definition of ‘Critical Infrastructure’ has changed
One of the starkest lessons from Ukraine is that critical infrastructure isn’t just about energy or defense anymore.
“In Ukraine, the first target wasn’t military, it was logistics. Parcel companies, our local Amazons, even seed distributors. Suddenly, private delivery firms became essential infrastructure”
– Leonid Polupan
Agriculture, retail, and even cloud engineers became part of the frontline of national resilience. The danger, Leonid Polupan warns, is in assuming that ‘non-critical’ means ‘non-targeted.’ “Hackers often don’t care who you are. They care about what you connect to,” he explains. “If you think you’re not critical, you may not invest in protection. But that makes you the perfect entry point. You’re not necessarily attacked because you’re important, but because you’re a door to someone or something that is.” This mindset has left countless organizations exposed in the past, and it’s one of the key blind spots Europe must urgently address.
“Cybersecurity is sometimes called overrated. But it’s not. It’s just under-practiced. The biggest problem? The gap between what we say and what we actually do,” Leonid Polupan says bluntly.
Throughout the conversation, Leonid projects a calm rooted in stoic philosophy. “You must accept the reality. Not necessarily agree with it, but accept it,” he says. “You can’t control everything. But you can control your mindset, your education, and how prepared you are to help others.”
He is optimistic, not because the threats are small, but because collaboration and learning are possible. But his key message to Europe is clear: cybersecurity is not a department. It is a mindset. One that must be embraced now, not later. “The world has changed dramatically. If we keep behaving like it hasn’t, we’re building vulnerability into the system by design,” he concludes.
I Næstved Kommune er cybersikkerhed rykket helt i centrum. Kommunens digitale transformation er båret af en klar målsætning: at hæve Secure Scoren, og dermed opnå både bedre beskyttelse, højere bevidsthed og øget brugervenlighed. Med Microsoft 365 E5 har kommunen fået en sammenhængende sikkerhedsplatform, som gør det muligt at arbejde systematisk, proaktivt og med synlige resultater. […]
Maria Galvez
CMO Lead - Microsoft Denmark & Iceland
Enhver teknologi skal have tid til at blive opdaget, før den kan implementeres. I dag er der fuld gang i implementeringen af AI. Virksomheder bruger teknologien til at give medarbejderne stærke redskaber, knytte tættere bånd til kunderne og transformere deres forretning. “Alle de store teknologivirksomheder bruger penge på AI-kapaciteter. De har eksplicitte visioner om at […]
Lasse Svane Ryby
Divisionschef for Cloud+Enterprise
Med mere end 100 år på det danske marked har televirksomheden Nuuday taget et teknologisk kvantespring om anvendelse af data. Det skal sikre en endnu stærkere position på et særdeles konkurrenceudsat marked, hvor forbrugerne stiller store krav til produkter, service og oplevelse. Springet til cloud er sket på rekordtid og med en systematisk inklusion af […]
Maria Galvez
CMO Lead - Microsoft Denmark & Iceland
