Europe urged to seize ‘opportunity’ by replacing US funding for Ukraine cyber defense

KYIV, Ukraine — Europe should take advantage of U.S. President Donald Trump’s decision to freeze foreign aid, which has left a number of cybersecurity projects in Ukraine without funding, and use the opportunity to support the continent’s own technology companies, according to a senior diplomat.

Roughly half of the cyber aid funding delivered to Ukraine through the Tallinn Mechanism has disappeared since Trump issued his executive order in January, according to Tanel Sepp, Estonia’s cyber ambassador at large.

This funding is often used to cover software licenses from large U.S. companies who then get to improve their products based on the experience of defending against Russian attacks. 

As the White House has imposed tariffs on the European Union, there are questions over whether the Tallinn Mechanism’s other participants would want to simply replace U.S. funding for those enterprises or instead redirect it towards their own businesses.

“This is an opportunity for Europe. We should take a bigger role,” Sepp told Recorded Future News, although he acknowledged on a panel at the Kyiv International Cyber Resilience Forum that Europe was lacking companies that could compete with those receiving most of this funding and deriving commercial benefits from it.

On Tuesday, Trump said the U.S. will resume military aid and intelligence sharing to Ukraine after Kyiv agreed to a monthlong ceasefire. The foreign aid funds towards Ukraine’s cyber defense remain frozen, however.  

Speaking alongside Sepp on Tuesday’s panel, Ihor Malchenyuk — the cyber defense director at Ukraine’s State Service of Special Communications and Information Protection (SSSCIP) — said his department recorded 4,315 cyber incidents against civilian entities in Ukraine last year, a 70% increase on the year before.

“And when I’m talking about incidents, I’m not talking about merely getting some phishing message. I’m talking about incidents when 100,000 citizens are left without heating and electricity, or when the Ministry of Justice registries were completely destroyed,” Malchenyuk said.

Suspected Russian state hackers targeted Ukraine’s state registers in December in what officials described as “one of the largest cyberattacks” they had faced, leaving citizens unable to access essential services linked to their digital records.

While the increase in incidents was “the bad side of the story,” Malchenyuk said, “the positive side is the number of critical and high-severity incidents decreased 70% year-on-year,” down to just 58. He noted the agency was continuing to build its capabilities to address these attacks.

The SSSCIP cyber defense director added that the agency “proudly” keeps strong relationships with industry leaders, mentioning the U.S.-based Cisco, Microsoft and Google, as well as Europe’s ESET.

“That huge number of incidents, 4,315 a year — 12 a day — that’s a huge number, and we need to sustain our efforts, to sustain that capability building, and to combat exhaustion,” said Malchenyuk.

Oleksandr Potii, SSSCIP's chairman, told the forum in Kyiv that the agency's key priority was to develop a network of Security Operations Centres that would help the agency detect and respond to cyber incidents. He stressed that Ukraine was continuing to "share its experience with international partners, because effective cybersecurity is possible only through joint efforts."