The United States has Limited Aid to Ukraine in the Field of Cybersecurity, and Some Equipment Has Not Been Delivered, Bloomberg Reports
The agency writes that contracts with dozens of specialists who provided technical assistance on cybersecurity at hundreds of sites across Ukraine were cancelled or suspended, and planned deliveries of computer hardware and software were never delivered.
According to the agency’s sources, it was thanks to US assistance that Ukraine previously managed to repel Russian cyberattacks on power plants and the resources of the Cabinet of Ministers.
Over the past five years, the United States Agency for International Development alone has allocated more than $200 million in cybersecurity assistance to Ukraine.
Ukraine Is an `Easy Target’ for Russian Hackers After US Aid Pullback
American cybersecurity assistance has been crucial to helping war-torn country fend off hacks, experts say.
US efforts to help Ukraine protect itself against Russian cyberattacks have been curtailed amid wide-ranging disruption by the Trump administration, raising concerns about the erosion of vital defenses against Kremlin-backed hackers.
Cuts and funding pauses to US government agencies and programs, which started shortly after the inauguration of President Donald Trump in January, have been felt globally. But their impact has been particularly pronounced in Ukraine, where the Trump administration has upended critical US support — including military shipments and, at times, intelligence sharing — and is pressuring Ukraine President Volodymyr Zelenskiy to accept a peace deal that critics have called titled toward Russia.
In the last five years or so, the US Agency for International Development alone has committed more than $200 million for cybersecurity aid to Ukraine. The National Security Agency and US Cyber Command have also provided assistance.
That aid has been viewed as critical to helping the country prevent and recover from cyberattacks on government officials, telecommunications companies and energy providers amid the conflict. However, USAID has been gutted in the first months of Trump’s presidency by Elon Musk’s Department of Government Efficiency, and Trump has become increasingly impatient with Zelenskiy. This week, Vice President JD Vance warned the US could walk away from the peace process if Russia and Ukraine don’t accept the proposal, potentially complicating any future cybersecurity assistance.
Dozens of people located in Ukraine and the US — who had provided technical assistance on cybersecurity at hundreds of facilities across the war-torn country — have had their contracts cancelled or paused, according to interviews with eight people with direct knowledge of the situation, providing previously undisclosed details about the impact of the US actions on the country’s cyber defenses. The US has helped Ukraine fend off Russian attempts to sabotage power plants and infiltrate the Cabinet of Ministers, the top branch of state executive power in the country, according to the people.
Ground personnel unload weapons and other military hardware delivered on a plane by the US military near Kyiv in 2022.
Meanwhile, planned shipments of computer hardware and software intended to keep Ukraine’s infrastructure secure haven’t been delivered, they added. The people spoke on condition of anonymity due to concerns about reprisals from the Trump administration.
Slashing cybersecurity support for Ukraine will weaken the country’s digital front lines, making the country an “easy target” for Russia, said Yegor Aushev, a Kyiv-based cybersecurity expert who organized a volunteer “cyber army” to counter Russian hackers. The “sudden and unannounced shutdown” of cyber operations, he said, “has created a significant challenge.”
Secretary of State Marco Rubio is trying to ensure that every USAID dollar is spent to make the US “safer, strong and more prosperous,” according to a State Department spokesperson. As such, the agency is reviewing cybersecurity projects to determine which ones best advance Trump’s goals, the spokesperson said.
When the White House was asked for comment, an administration official responded by saying that all foreign assistance programs are under review for alignment with Trump’s priorities.
A representative for the NSA didn’t answer questions about the agency’s assistance to Ukraine and the overall cost of it, and US Cyber Command didn’t respond to a request for comment. In March, the Pentagon denied media reports — from cybersecurity publication the Record, the Washington Post and the New York Times — that Defense Secretary Pete Hegseth had ordered a halt in offensive cyber operations against Russia.
Ukraine’s State Service of Special Communications and Information Protection, which oversees cybersecurity work in the country, referred questions on the funding cuts to Ukraine’s Ministry of Foreign Affairs. The Ministry didn’t respond to multiple requests seeking comment.
American cybersecurity assistance has included specialist support, training, equipment and software to organizations across Ukraine, including to dozens of government offices and departments and to key gas and electricity providers, the national bank and nuclear facilities, according to people familiar with the matter and documentation reviewed by Bloomberg News.
The US funding had amounted to Ukraine’s largest source of support on cybersecurity, the people said. USAID grants had funded several cybersecurity initiatives in Ukraine, some approved during the first Trump administration, including an effort to secure the country’s election infrastructure and its diplomatic communication networks, according to contracts reviewed by Bloomberg News.
Following Russia’s February 2022 invasion of Ukraine, USAID’s funding for cybersecurity projects increased as Russian hackers ramped up their attempts to sabotage Ukrainian computer networks.
The US Agency for International Development (USAID) headquarters in Washington, DC.
DOGE began dismantling USAID in February, with Musk claiming on his social media platform X that the agency was interfering with governments throughout the world and “pushing radical left politics.” He didn’t provide any evidence for those claims.
Andrii Mankish, a Ukrainian cybersecurity expert who previously worked on US-funded projects to identify Russian hacking attempts, said the administration’s cyber pullback was likely to “impact our efforts and slow down progress in key areas.” Long-planned cybersecurity projects had suddenly ended, he said.
“Many projects were stopped halfway, contractors were let go before finishing their work, and a lot of plans didn’t get the chance to reach their full potential,” Mankish said.
At the start of the Russian invasion, Kremlin-aligned hackers allegedly infiltrated the Carlsbad, California-based satellite manufacturer Viasat Inc., an attack that limited the ability of Ukraine’s military and intelligence services to coordinate troop movements. At the same time, Ukrainian government and financial websites were bombarded with distributed denial-of-service attacks, while government, financial and energy organizations were hit with malicious “wiper” software designed to render computers inoperable.
Since then, cyberattacks have continued but have played a smaller role in the conflict than many anticipated. One reason is that Ukraine had prepared, having worked for years to build up its defenses after years of hacks. In 2015 and 2016, for instance, sophisticated cyberattacks linked to Russia’s military intelligence agency targeted Ukrainian energy infrastructure and caused power blackouts across the country.
Pedestrians in a tunnel under the railway station during a power outage in Donetsk in 2015.
Ukraine was also able to defend itself and recover from each attack because of significant support from the US, Aushev said. Thousands of Ukrainians had been trained in cyberdefense with US assistance, he said.
The largest USAID contract related to Ukraine’s cybersecurity was a $128 million project to protect the country’s critical infrastructure from attack, according to documents reviewed by Bloomberg News. It was awarded in 2020 to the Bethesda, Maryland-based consultancy firm DAI Global LLC, which worked with dozens of subcontractors to provide the cybersecurity support to Ukraine. The contract had been due to expire in September, but DAI had expected to extend it until September 2026, according to three people familiar with the matter.
The DAI-led initiative had involved providing cybersecurity equipment — such as data recovery hardware, backup systems and threat detection tools — for scores of entities. That includes the state-owned electricity company Ukrenergo, Ukraine’s tax agency, several government ministries, in addition to cybersecurity support for airports, radioactive waste management facilities and the Chernobyl nuclear power plant, according to the people and documents reviewed by Bloomberg News. It also helped coordinate information sharing on cyber threats between Ukraine and the US’s Cybersecurity and Infrastructure Security Agency, or CISA, providing the US with a crucial source of intelligence on the latest tactics deployed by Russian state-backed hackers.
A representative for DAI declined to comment. A spokesperson for CISA said the agency was continuing to share threat information with Ukraine.
Following the funding freeze in January, many of the people who were working on the DAI project were furloughed and its future is now unclear. Some of the company’s employees are continuing to work in Ukraine, but their capability has been significantly restricted. Equipment and services that were to be provided to Ukraine for ongoing initiatives, such as a project to strengthen the country’s central election commission, are now not going ahead as planned, according to the people.
Other US contractors, such as Arlington, Virginia-based CRDF Global, were working in Ukraine on digital defense projects, providing training courses and working with the country’s National Security and Defense Council to create cybersecurity operations centers. That work, too, has now been paused and it is not known whether it will resume pending ongoing reviews at the State Department, according to two people familiar with the work.
A representative for CRDF Global declined to comment.
Separately, an international initiative that had sought to bolster support for Ukrainian cybersecurity has also been impacted. The Tallinn Mechanism – supported by a host of countries, including Canada, the UK, Germany, France and Estonia – last year announced some $200 million funding to support Ukrainian cybersecurity to counter Russian attacks. The US had agreed to contribute $100 million, most of it to be delivered via USAID, according to two people familiar with the funding.
But following Trump’s election, the US funding has been frozen and it’s not clear whether it will ever be delivered, the two people said. The State Department spokesperson said the agency’s review of cyber projects includes those coordinated through the Tallinn Mechanism.
UK Prime Minister Keir Starmer and Ukraine President Volodymyr Zelenskiy in Paris on March 27.
Some foreign governments are stepping up to fill the void left by the US, according to four people with direct knowledge of that effort. Such was the scale of US support that it’s unlikely other governments will be able to replicate it entirely. But any increase in support could provide valued assistance, the people said. Canada, the UK and Japan have moved to quickly increase funding of ongoing work for cybersecurity and other critical initiatives, they said.
Ukraine has also received support from the private sector, which looks likely to continue. More than a dozen companies – including Mandiant, Palo Alto Networks Inc. and Broadcom Inc.’s Symantec – have provided cybersecurity assistance through a US-based organization called the Cyber Defense Assistance Collaborative, or CDAC. Their support, so far worth about $40 million, has continued through the war, providing Ukraine with intelligence on hacking threats and tools to detect intrusions, according to Greg Rattray, CDAC’s executive director.
The loss of funding from USAID and other sources, said Rattray, “makes the private sector activity even more important as it’s not driven by the US government.”
—————————-
Resources:
https://t.me/intelslava/74627
https://www.bloomberg.com/news/articles/2025-04-25/us-aid-pullback-is-making-ukraine-more-vulnerable-to-russian-hacks
