In December 2023, millions of Ukrainians lost cell service for days after Russia carried out a cyberattack on Kyivstar, Ukraine’s largest telecom operator. But malign actors do not reserve cyberattacks for wartime; in September 2022, international hacker group BlackByte cyberattacked the electronic systems of North Macedonia’s Ministry of Agriculture, Forestry, and Water Management, taking systems offline across the ministry.

As governments across the world adopt e-services, this creates new entry points for malign actors to utilize cyberattacks for motives such as financial gain, political protest, or destabilization. This is especially true in Eastern Europe, where countries face cyberattacks both as part of Russia’s invasion of Ukraine and by various malign actors. On May 6–9, during the RSA Conference in San Francisco, two U.S. Agency for International Development (USAID) projects will host sessions drawing on country-level experiences to demonstrate the importance of cybersecurity as a development priority. See details below.

Repairing equipment for the Internet Association of Ukraine. Photo: USAID Ukraine.

Cyberattacks Target Critical Services for Everyone

Russia’s hybrid warfare strategy in Ukraine targets critical services such as financial institutions, energy enterprises, transport, and telecom providers via cyberattacks; in just the first six months following Russia’s full-scale invasion in February 2022, the Computer Emergency Response Team of Ukraine (CERT UA) detected more than 1,100 cyberattacks.

The USAID Cybersecurity for Critical Infrastructure Activity (USAID Cybersecurity Activity) works with more than 70 Ukrainian partners, including the State Service for Special Communication and Information Protection, Ministry of Digital Transformation, National Security and Defense Council, higher education institutions, and the private sector, to respond to cyberattacks and build the cyber resilience of Ukraine’s critical infrastructure. In 2023, for example, USAID helped restore more than 11,000 kilometers (6,835 miles) of internet cable and provided optical fiber repairs for 220 members of the Internet Association of Ukraine in 24 cities on the frontlines of the war.

Cybersecurity is a priority for other countries across the region as well. USAID’s Critical Infrastructure Digitalization and Resilience (CIDR) program in Albania, Georgia, Kosovo, Moldova, Montenegro, North Macedonia, and Serbia, is working in collaboration with national governments, critical infrastructure operators, the private sector, academia, oversight bodies, and regional experts to build out cybersecurity governance, accelerate cybersecurity workforce development, empower organizations to identify and address cybersecurity threats, and facilitate the sharing of cyber threat information.

North Macedonia Critical Infrastructure Cybersecurity Working Group. Photo: USAID CIDR.

Cybersecurity Development Requires Multistakeholder Engagement and Continued Investment

Advancing cybersecurity capacity, response, and preparedness requires coordination and information sharing between sectors and stakeholders. The responsibility to understand basic cybersecurity issues and how to prevent and respond to attacks is not only for IT professionals; cyberattacks target public offices, humanitarian agencies, schools, healthcare facilities, and other providers of essential services, requiring a whole-of-society approach to coordinate responses, exchange information, and update cybersecurity training and curriculum to bolster broad-based cyber resilience.

In five countries, CIDR facilitates national-level working groups chaired by top government appointees with participation from key cybersecurity stakeholders from across sectors. Working together, group members build understanding and consensus and inform national decision-making. For example, the Kosovo working group supported the passage of Kosovo’s first-ever comprehensive Law on Cybersecurity while helping draft complementary bylaws for specific critical infrastructure sectors and key institutions; in North Macedonia, the country’s working group recently engaged in a CIDR-led cybersecurity capability maturity model (C2M2) workshop tailored for energy sector members.

In 2023, USAID and Ukraine’s Ministry of Digital Transformation launched a national cyber awareness communication campaign to increase Ukrainians’ awareness of core principles of safe work in cyberspace. The campaign began with an eight-episode Personal Cyber Hygiene education series hosted on the Ministry’s dedicated Diia.Osvita site. The campaign published a simulator and test to raise awareness of basic cyber hygiene rules in both Ukrainian and English. By mid-December, the videos engaged more than 113,000 trainees with nearly 80,000 certified users.

Public-private partnerships can broaden cybersecurity awareness. International exchanges such as RSAC 2024 present opportunities to engage new partners for international cybersecurity development. These forums connect private companies and leaders in the information technology and security industry with donor governments, nonprofit organizations, and other stakeholders to break down silos and forge partnerships to advance common goals.

Cyber Pathways for Women organized a tabletop exercise for STEM students in Skopje, North Macedonia. Photo: USAID CIDR.

Nurturing Cybersecurity Workforce Growth

Europe has a deficit of more than 347,000 cybersecurity professionals, according to the ISC2 Cyber Workforce Study 2023. Despite this need, half of Europe’s population—women—are greatly underrepresented in cybersecurity employment. For example, the European Union (EU) reports that women hold only 11 percent of full-time information security jobs among the EU’s Operators of Essential Services and Digital Service Providers. Under CIDR, USAID’s Cyber Pathways for Women activity in North Macedonia and Serbia brings together teachers, professors, employers, and others to support more women and girls in pursuing cybersecurity careers.

Additionally, CIDR is training IT professors and vocational instructors while helping update cybersecurity curricula. For public officials and critical infrastructure operators in partner countries, CIDR facilitates cybersecurity learning sessions with U.S. and EU experts and organizes training sessions via activities such as the interactive learning lab game described below.

Through the USAID Cybersecurity Activity, USAID addresses Ukraine’s workforce gaps by enhancing educational programs, nurturing new talent, and promoting the National Cybersecurity Workforce Framework in line with National Institute of Standards & Technology (NIST) standards. This is essential to build a robust defense in Ukraine against sophisticated cyber threats. To build practical cybersecurity skills, the USAID Cybersecurity Activity provided the Kyiv Polytechnic Institute with 30 licenses to HackTheBox, a gamified cybersecurity upskilling, certification, and talent assessment tool. HackTheBox enables students to hone their skills in analyzing the security of network systems such as network vulnerability assessment and network penetration testing on virtual machines.

In addition, the USAID Cybersecurity Activity addressed the urgent equipment and software needs of 25 higher educational institutions displaced or damaged by Russia’s invasion of Ukraine to facilitate both in-person and remote learning. In January 2024, to enhance the practical knowledge of students and align academic curricula with industry needs, the USAID Cybersecurity Activity launched an internship program for undergraduate students in collaboration with state-owned enterprises, private companies, and partner higher educational institutions to develop a new generation of cybersecurity professionals.

Join USAID for two sessions at RSA Conference 2024:

1. On May 6, USAID will host a panel discussion sharing firsthand experience from Ukraine in building cybersecurity preparedness, response, recovery, and resilience. The panel will feature USAID Ukraine Digital Development Advisor Maksym Darkin and members of the Ukrainian government directly involved in cybersecurity incident response. This panel highlights important voices and inside stories from the battlefront as they share perspectives on what can be accomplished and how cybersecurity resilience can be made operational.

2. On May 8, the CIDR team will lead an interactive learning lab game where participants become critical infrastructure cyber-controls operators. Drawing from CIDR’s tabletop exercises, players will encounter cyberattack scenarios and—while working within a fixed budget—make management and operational decisions based on the threat environment that will save or sink their company while learning critical leadership skills on planning, budgeting, hiring, and training to increase their company’s cyber resilience.

Register here to attend the RSA Conference.

Rachel Chang is Digital Specialist with DAI’s Center for Digital Acceleration; Douglas White is Technical Director for the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity; Charles Coon is Senior Communications Manager for the Critical Infrastructure Digitalization and Resilience program.