Ukraine—Cybersecurity for Critical Infrastructure Activity

Client: U.S. Agency for International Development

Duration: 2020-2025

Region: Eastern Europe and Central Asia

Country: Ukraine

Solutions: Economic Growth Digital Acceleration

Ukraine’s resilience to Russia’s full-scale invasion is happening not just on the battlefield—it takes place in cyberspace, as Russia wages increasingly serious cyberattacks against Ukraine’s critical infrastructure and government systems. Ukraine’s energy sectors—oil and gas, nuclear, electricity, and hydroelectric systems—are a particularly high-value target.

The U.S. Agency for International Development (USAID)-funded Cybersecurity for Critical Infrastructure Activity strengthens the resilience of Ukraine’s critical infrastructure against cyberattacks by fostering collaboration between government, private sector, academia, and civil society. The Activity unites global and local expertise in diverse cybersecurity domains to improve Ukraine’s cyber preparedness and build critical infrastructure resilience. The Activity collaborates with more than 75 government institutions, think tanks, universities, nongovernmental groups, and industry associations while engaging prominent U.S. and international companies to deliver cutting-edge cybersecurity solutions to Ukraine’s critical infrastructure. Increasing organizational and technical capacity in key institutions and ensuring that the next generation of cybersecurity professionals is prepared to take on these challenges are the Activity’s priorities, as well as building the foundation for improved preparedness based on an effective legal regulatory framework, effective communication between stakeholders, and engagement with the private sector.

The team has continued planned activities throughout the period since Russia’s full-scale invasion, while maintaining active dialogue with a wide range of Ukrainian stakeholders to identify and prioritize evolving requirements in cybersecurity capacity building, based on the war’s impact on the beneficiary operating environment. Despite the challenges of wartime conditions, Ukraine continues to make progress in building cybersecurity resilience, including expanding the breadth and depth of its international network and partnerships. USAID’s contribution to these efforts has been instrumental to their success, and the Activity plays a key role in responding to the dynamic cybersecurity requirements of Ukraine’s critical infrastructure community.

Sample Activities

  • Align Ukraine’s legal and regulatory frameworks with international standards, including those established by the U.S. National Institute of Standards and Technology (NIST) and the European Union Agency for Cybersecurity.
  • Fortify national preparedness, enhance coordination among cybersecurity stakeholders, and leverage cutting-edge technology solutions.
  • Address workforce gaps by enhancing educational programs, nurturing new talent, and promoting the National Cybersecurity Workforce Framework in line with NIST standards.
  • Foster trust and collaboration between public and private sectors to stimulate investment and growth in the cybersecurity industry.
  • Broaden access to innovative solutions and create opportunities for Ukrainian cybersecurity service providers.
  • Educate Ukrainians with cybersecurity knowledge and best practices.

Select Results

  • Supported 17 laws, policies, regulations, or standards to enhance critical infrastructure cybersecurity governance.
  • Conducted cyber diagnostics in 41 entities, state bodies, and organizations across various sectors using a methodology inspired by the NIST Cybersecurity Framework.
  • Facilitated 27 expert exchange meetings between the U.S. Cybersecurity and Infrastructure Security Agency and State Service for Special Communications and Information Protection (SSSCIP), supported training on threat hunting kits, tabletop exercise scenario development, and critical infrastructure protection.
  • With Ukrenergo, Ukraine’s state-owned electricity transmission system operator, established the modern industrial-grade security operations center, which is a first-of-its-kind industrial cyber security center in the energy infrastructure.
  • Developed and launched the CyberTracker, a web-based monitoring tool for the National Security and Defense Council, to facilitate progress monitoring of the Cybersecurity Strategy Implementation Plan.
  • Launched a higher educational institutions (HEIs) program to help eight universities develop and update 11 cybersecurity educational programs aligned with the country’s new cybersecurity professional standards.
  • Addressed the urgent equipment and software needs of 25 HEIs displaced or damaged by the full-scale Russia’s invasion of Ukraine and procured IT components, professional licenses, and IT security instructional tools for universities.
  • Supported the development of the 20 cybersecurity professional standards established by the 2022 Ukrainian National Cybersecurity Workforce Framework.
  • Launched Cyber Diagnostics Program for Businesses in collaboration with the Ministry of Digital Transformation and Diia.Business. The program provides 500 Ukrainian small and medium-sized enterprises with the opportunity to conduct a cyber diagnostic of their business free of charge.
  • Conducted a broad national cyber awareness communication campaign to educate Ukrainians on core principles of safe work in cyberspace engaging more than 10 million Ukrainians.
x

RELATED CONTENT:

Kosovo—Critical Infrastructure Resilience (CIR) Activity

The Critical Infrastructure Resilience (CIR) Activity protects Kosovo’s critical infrastructure by improving cyber governance and building capacity in the Government of Kosovo and among critical infrastructure operators to plan for, respond to, and recover from cyberattacks.

Read More