Co-Creating Cyber Solutions in Ukraine: The Hunger Games

In one of the more challenging issues facing Ukraine—cybersecurity—the process of coming up with a collaborative strategy felt like a scene from the movie The Hunger Games.

That is how one participant vividly described the five-day co-creation workshop in Kyiv, Ukraine’s capital. John Harris of USAID’s Ukraine Mission explained the dynamics:

“At the end of Day 1, the participants would probably call the process ‘super-exciting.’ With Day 2, they would say it was exciting, but confusing. By Day 3, it was like ‘What’s going on here? This is a full-blown Hunger Games! Why does USAID want us to hate one another?’”

The light began to shine by Day 4, Harris said: “Participants would say ‘Ah, I get it. This is cool. There’s an opportunity here.’ On Day 5, everyone saw a real path toward getting something done.”

Ukraine has long been considered a testing battleground for cyberattacks. Foreign adversaries have created havoc within the country, both in the crucial energy sector and on key government platforms.

“Ukraine has a hostile neighbor testing world-class technology on the country. It is in our interest to support the development of strong cybersecurity defense,” said Dr. Robert Peacock, a cybersecurity expert at Florida International University and a participant in the co-creation.

Another co-creator, Bobby Jefferson, chief technology officer at DAI Global Health, said, “Ukraine’s cybersecurity profile is different compared to many other countries. The aggressors are trying many methods to disrupt the daily life of Ukrainians.”

One attack, in 2015, plunged a quarter of a million Ukrainians into darkness. Since then, the United States has tried to ramp up cybersecurity initiatives in Ukraine, for example by providing critical assistance shoring up Ukraine’s election systems during national elections last year.

USAID’s current round of assistance kicked off April 2019 with a Broad Agency Announcement (BAA) which reached out to potential implementing partners, co-investors, and cybersecurity experts in order to collectively develop innovative and sustainable solutions. They gathered in Kyiv a few months later for the co-creation workshop.

Only eight sector experts were in the room.

“We recognized USAID’s limited cybersecurity expertise and chose the BAA process in order to leverage innovative ideas from experts in the private sector and other non-traditional partners,” said the Mission’s Maria Televantos. “The process also allowed us to co-develop integrated solutions with the government of Ukraine and with U.S. Government interagency counterparts.”

Still, the USAID team acknowledged, it was a challenging process.

“We had development people talking to private-sector people, talking to universities, talking to potential investors,” Harris said. “A wide range of voices were in the room, all tasked with coming up with a coherent and meaningful concept. It required a lot of face-to-face contact, and a willingness to get out of your comfort zone and analyze the issue from a different angle.

“Cybersecurity as a development track is relatively untested. We need new approaches. It’s not like many traditional development partners have a cyber toolkit related to development challenges.”

Ultimately, the team developed a set of integrated solutions that has formed the basis of a recently launched new USAID project in Ukraine. The project addresses legislative and regulatory gaps in Ukraine’s cybersecurity policy, improves sector coordination, and expands collaboration between stakeholders. In addition, it supports and empowers cybersecurity institutions, builds technical capacity in critical infrastructure sectors, and generates business opportunities for the private sector.

While the program’s main goal is to strengthen the national security of Ukraine, it will also boost economic growth in the cybersecurity sector.

Oleh Derevianko, an entrepreneur with a decade of experience in cybersecurity, called the process a stimulating, constructive experience. The cybersecurity company that he founded, ISSP (Information Systems Security Partners), was one of two Ukrainian businesses that were involved.

“When we decided to participate, we basically saw it as a business opportunity and felt we would benefit from the networking possibilities,” he said. “We came to see it as a good opportunity to contribute to the national security of our country.”