Western cyber aid to Ukraine faces strain as Russia's war drags on

International cyber assistance has played a vital role in supporting Ukraine's defense against Russian cyberattacks. However, as the war continues, Western support is waning, raising growing concerns about the long-term effectiveness of these efforts, according to a recent report.

Since the start of the war, the U.S. government, European allies and private-sector companies have provided critical cyber assistance to Ukraine that allowed Kyiv to counter distributed denial-of-service (DDoS) attacks, secure cloud infrastructure and remove Russian intrusions from its networks, researchers at the nonprofit Aspen Institute said in a report on Tuesday.

Over the past two years, the U.S. government has delivered more than $82 million in cyber assistance to Ukraine. The Tallinn Mechanism, a multinational initiative, has raised over €200 million ($216 million) to bolster Ukraine’s non-military cyberdefense capacity, while IT Coalition, a group of ten European nations, promised last February to help Ukraine support its critical IT infrastructure for the next six years.

However, growing political divides in Washington and shifting global priorities have raised concerns about sustained support for Ukraine. Private-sector contributions, while ongoing, have also declined as the war continues longer than expected.

Major organizations involved in providing cyber aid to Ukraine, including the Cyber Defense Assistance Collaborative (CDAC), a volunteer group drawn from Western cybersecurity companies and organizations, also face significant challenges in trying to help Ukraine.

For example, Ukrainian organizations often submit overlapping or conflicting aid requests to different donors, complicating coordination. Frequent leadership changes within Ukrainian institutions have further slowed assistance efforts and made donors hesitant to commit long-term resources, researchers said.

Additionally, licenses and training programs initially designed as short-term measures now require renewals and ongoing support. Discussions on structured, long-term sustainment remain sluggish, despite the continued threat from Russian cyber operations.

Another key issue is the difficulty in assessing the effectiveness of cyber aid. Many private-sector companies, including those in CDAC, are reluctant to disclose specifics due to security concerns, contractual obligations and fears of public exposure. Meanwhile, Ukrainian recipients often lack the resources to provide feedback on the impact of received assistance, further complicating efforts to measure its success.

Private Sector Contributions

Private cyber and tech companies, such as Microsoft, Cloudflare and Mandiant, have been actively supporting Ukraine’s cyberdefense efforts by providing intelligence support, software licensing and training programs.

However, the level of new private initiatives has declined recently. According to researchers, several factors contribute to this decline, including Ukraine’s successful digital resilience, perceptions of Russian cyber ineffectiveness in the cyber domain, fatigue among certain assistance providers and a lack of dedicated funding to support large-scale, systemic initiatives.

According to the Aspen Institute, there are differing opinions on whether digital and cyber support for Ukraine should focus on fixing immediate cyberdefense problems or building long-term digital strength. It remains a challenge to agree on the right priorities and work together effectively, researchers said.

Before the Russia-Ukraine war, there were no formal systems in the U.S. to manage cyberdefense assistance involving the private sector. These systems were only set up in late 2023, nearly two years into the war. The lack of funding and the perception that the worst of the crisis is over have led to less voluntary help from the private sector. Additionally, cyber aid to Ukraine is now being affected by domestic politics and is seen as less of a priority compared to potential new conflicts.

Despite these challenges, strong trust has developed between Ukraine and its cyber assistance providers. “Such trust was built largely by meeting Ukrainian requests and learning to work with them to deliver information and technology in an ongoing and maturing fashion,” researchers said.

Lessons learned from Ukraine’s cyber war should shape future international cybersecurity cooperation. “As geopolitical tensions around Russia and in East Asia continue to demonstrate a growing cyber component, these lessons are crucial to help the U.S. manage crises and, if needed, successfully defend its allies and friends,” researchers said.