USAID CYBERSECURITY for CRITICAL INFRASTRUCTURE in UKRAINE ACTIVITY QUARTERLY REPORT January1- March 31, 2021

USAID CYBERSECURITY FOR CRITICAL INFRASTRUCTURE IN UKRAINE ACTIVITY QUARTERLY REPORT January1- March 31, 2021

This publication was produced by the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity under Contract No. 72012120C00002 at the request of the United States Agency for International Development. This document is made possible by the support of the American people through the United States Agency for International Development. Its contents are the sole responsibility of the author or authors and do not necessarily reflect the views of USAID or the U.S. Government.

Program Title: USAID Cybersecurity for Critical Infrastructure in Ukraine

Sponsoring USAID Office: USAID Ukraine

Contract Number: 72012120C00002

Contractor: DAI Global, LLC

Submission Date: April 30, 2021

Author: DAI Global, LLC

CONTENTS

ACRONYMS AND ABBREVIATIONS III EXECUTIVE SUMMARY 5 CONTEXT UPDATE 7 KEY ACHIEVEMENTS 8 PROGRESS AGAINST TARGETS 14 PERFORMANCE MONITORING, EVALUATION, AND LEARNING 14 LESSONS LEARNED 15 PROGRESS ON LINKS TO USG, USAID, AND OTHER DONOR ACTIVITIES 16 PROGRESS ON LINKS TO HOST GOVERNMENT 18 PROGRESS ON INCLUSIVE DEVELOPMENT AND GENDER 19 FINANCIAL INFORMATION 20 GRANTS UNDER CONTRACT 20 ACTIVITY ADMINISTRATION 20 ATTACHMENT 1 24

ii | QUARTERLY PERFORMANCE REPORT USAID.GOV

ACRONYMS AND ABBREVIATIONS AIP Annual Implementation Plan AMELP Activity Monitoring, Evaluation, and Learning Plan CCI Center for Cybersecurity Innovation CEM Cyber Excellence Mechanism CEP Competitive Economy Project CERT-UA Computer Emergency Response Team of Ukraine CI Critical Infrastructure SOEs State Owned Enterprises CICIPA Cybersecurity Incident Preparedness Assessment CMM Oxford Capacity Maturity Model for Nations COP Chief of Party COVID Coronavirus Disease CRDF CRDF Global DAI DAI Global LLC ESP Energy Security Project EU European Union FIU Florida International University FY Fiscal Year GOU Government of Ukraine GUC Grants Under Contract ICS Industrial Control Systems IFES International Foundation for Electoral Systems IP Implementing Partner ISSP Information Systems Security Partners IT Information Technology JWPS Joint Work Planning Session MDT Ministry of Digital Transformation MEL Monitoring, Evaluation, and Learning MOU Memorandum of Understanding NIST National Institute of Standards and Technology NSDC National Security and Defense Council

USAID.GOV QUARTERLY PERFORMANCE REPORT | iii

OEG Office of Economic Growth SACCI Support to Anti-Corruption Champion Institutions SEL Schweitzer Engineering Laboratories SMB Small and Medium Business SSSCIP State Service for Special Communications and Information Protection TAPAS Transparency and Accountability in Public Administration and Services U.S. United States USAID United States Agency for International Development USG United States Government VFI Veterans First Initiative

iv | QUARTERLY PERFORMANCE REPORT USAID.GOV

EXECUTIVE SUMMARY The USAID Cybersecurity for Critical Infrastructure in Ukraine Activity (USAID Cybersecurity Activity) Quarterly Report covers the period from January 1 to March 31, 2021, the second quarter of Fiscal Year 2021 (FY21 Q2), and reports on progress achieved against milestones established in the FY21 Annual Implementation Plan (AIP), contractual deliverables, and ad hoc assistance efforts. The report also covers cross-cutting and administrative tasks, identifies challenges encountered during implementation, and proposes remedial actions, as appropriate. Lastly, the report provides financial data regarding funds obligated and expended.

In general, the Activity was able to make progress in several areas, particularly in relation to implementation of a work plan with SSSCIP, and with planning and initial execution of major launch events. Alignment with the development of a National Cybersecurity Strategy was a priority, and the Activity produced a draft National Roadmap in support of the implementation thereof. Significant progress was made in standing up a Working Group on Threat Intelligence Sharing, supported by stakeholders across the Government of Ukraine (GOU). However, due to ongoing travel restrictions, planned travel by experts and implementing partners was delayed. Lastly, the formation of productive working relationships with key GOU stakeholders, specifically the National Security and Defense Council (NSDC) and the Ministry for Digital Transformation (MDT) advanced more slowly than expected. To address these issues the Activity has developed a stakeholder relationship matrix which focuses on key challenges, opportunities, and strategic steps for improvement. Those steps include working closely with NSDC to update and begin implementing a list of priority projects, and greater engagement with MDT, including at the highest level of the USAID Ukraine Mission. Outcomes from these efforts will be covered in subsequent quarterly reports.

During the reporting period, with endorsement from the Ministry of Education and Science and the State Special Service for Communications and Information Protection (SSSCIP), the Activity launched its Higher Education Program in partnership with 14 higher education institutions (HEIs) across Ukraine. The event was streamed on the Activity's recently launched Facebook page, attracting over 1,900 views and is one of a series of launch events planned as the Activity begins rolling out key programs under each component.

AD HOC SUPPORT AND TECHNICAL ASSISTANCE The Activity completed a comprehensive work plan with SSSCIP in order to establish clear priorities and agree on resource allocations for technical assistance. With NSDC, the Activity provided ad hoc support and worked to advance progress in key technical assistance areas, including increased threat intelligence sharing – a shared priority across the GOU. Specific support included hiring of dedicated and embedded managers and advisors to coordinate and advance SSSCIP reform efforts; completion of a functional audit of the Computer Emergency Response Team of Ukraine (CERT-UA) under the State Cyber Protection Center (SCPC); support of a workshop for CDTOs from across the GOU led by SSSCIP and focused on efforts to build and implement a registry (database) of Critical Information Infrastructure (CII) assets.

USAID.GOV QUARTERLY PERFORMANCE REPORT | 5

DELIVERABLES The Activity revised and resubmitted several foundational assessments based on USAID feedback and drafted corresponding plans, including the Center for Cybersecurity Innovation (CCI) Plan submitted on January 11 and the Exchange Platform Program Plan on March 31. A draft National Cybersecurity Roadmap, referenced above, was also developed in coordination with experts, integrating inputs collected through working groups, roundtables, and additional discussions with GOU stakeholders.

USAID approved two key Activity deliverables including the Critical Infrastructure Cybersecurity Incident Preparedness Assessment and Program Plan on March 16 and the Professional Training and Development Needs Assessment on March 31. The Activity also produced and distributed the third edition of the Cyber Sector Update and held two roundtables: the CDTO workshop on March 10 and 11 and the cybersecurity strategy visioning on February 4.

COORDINATION The Activity continued to work closely with other programs and donors, per the Coordination Plan. This included regular meetings with other USAID-funded activities, namely the Competitive Economy Program (CEP) and Energy Security Project (ESP) as well as United States Government (USG)-funded implementors CRDF Global (CRDF) and MITRE. The Activity also met to coordinate efforts related to cybersecurity assistance with the implementers of EU4Digital, the eGovernance Academy (eGA) of Estonia and the International and Ibero-American Foundation for Administration and Public Policies (FIIAPP).

Coordination with ESP focused on support to the Ministry of Energy of Ukraine (MEU) and consisted of weekly meetings with the MEU Deputy Minister and Chief Digital Transformation Officer (CDTO), Ievgen Vladimirov. Through this coordinated approach, ESP and the Activity were able to advance work planning with MEU and advise on the development of the Concept for Cybersecurity in the Energy Industry in Ukraine, which is now pending formal approval by the Cabinet of Ministers.

OPERATIONS The Activity filled two positions that had been vacated during the prior quarter and hired a Communications Manager and Workforce Development Lead. The Activity also welcomed the Cyber Excellence Mechanism (CEM) Manager to finalize the CEM plan based on the results of the CEM Assessment and prepare for making the mechanism fully functional by May 1.

In mid-January, the team moved into a permanent office space. With the COVID-19 situation in Ukraine deteriorating during the last two or three months and Kyiv entering a lockdown, the Activity’s work- from-home policy was extended until further notice, with access to the office and travel limited and only permitted with senior management authorization.

Lastly, during the reporting period, DAI received USAID consent to subcontract for Catalisto, SocialBoost, and ISSP. All three have fully executed agreements in place and have started rolling out programs under their respective scopes of work. FIU also signed the agreement issued to them during the previous quarter. This means that all implementing partners (IP) are now operating under long-term subcontracts.

6 | QUARTERLY PERFORMANCE REPORT USAID.GOV

CONTEXT UPDATE There were several encouraging steps taken related to cybersecurity in Ukraine during the reporting period, including:

• Draft National Cybersecurity Strategy published for public comment in early March. NSDC subsequently led the process of finalizing the Strategy and a supporting Implementation Plan. • Implementation of resolutions1 related to CI and CII initiated. SSSCIP is taking the lead on developing the technical and programmatic aspects of the CII registry with technical assistance from the Activity. • Ministries in process of identifying and categorizing CII and CI assets in their sectors (in relation to above). The MEU has created a list of 150 energy sector CI assets, for example.

On the legislative front, the Critical Infrastructure Protection Law draft was shared for public comment. It is likely that the law will be introduced in the Verkhovna Rada in FY21 Q3. In addition, the Law on Electronic Communication was passed, aligning Ukraine more to EU regulations for monitoring of electronic communications, but lacks clear implementation details. Implementation of Cabinet of Ministers Resolutions regarding establishment of a register for Critical Information Infrastructure (passed in 2020) began under the leadership of SSSCIP.

Unfortunately, hybrid war campaigns continued against Ukraine, with a marked increase in cyber aggression. In particular, spear phishing scams targeted GOU employees early in the year – emphasizing the need for improved cyber hygiene for civil servants. The Security Service of Ukraine (SSU) reported thwarting 350 potential cyber-attacks since the beginning of 2021.

Other donors are increasingly engaged in providing assistance to improve cybersecurity in Ukraine. During the reporting period, the EU4DigitalUA project was officially launched, a 25 million Euro program focused on supporting digital transformation including cybersecurity related to information infrastructure and interoperability; the Organization for Security and Co-operation in Europe, with funding from the United Kingdom and in partnership with the Ministry of Digital Transformation (MDT), launched a cyber hygiene program for civil servants; and CRDF, with funding from the US State Department initiated Cybersecurity Donor Coordination Cluster meetings, monthly cybersecurity topical sessions for representatives from across the GOU, donors and diplomatic missions, and program representatives. The Cluster meeting held in March focused on the National Cybersecurity Strategy.

Ukraine remained under strict COVID protocols during the entire reporting period, limiting opportunities for face-to-face meetings in large groups. However, work continued in virtual format, including weekly online meetings with key stakeholders, and implementing partners.

1 Resolution #1109, “Issues related to Critical Infrastructure Facilities” - provides a methodology for identifying CI facilities and categorizing them by level of criticality according to potential impact at the local or national level in cases of operational failure. https://zakon.rada.gov.ua/laws/show/1109-2020-%D0%BF

Resolution #943, “Issues related to Critical Information Infrastructure Facilities” - provides a methodology for identifying CII assets and instructs SSSCIP to develop and maintain a register of those assets. https://zakon.rada.gov.ua/laws/show/943-2020-%D0%BF

USAID.GOV QUARTERLY PERFORMANCE REPORT | 7

KEY ACHIEVEMENTS

AD HOC SUPPORT AND TECHNICAL ASSISTANCE During the reporting period, the Activity received and responded to several ad hoc requests, which involved supporting events, providing targeted technical assistance/expertise, developing stakeholder- specific workplans based on individual priorities, and coordinating with other USAID and USG implementing partners. Priority assistance provided included:

• Hiring of a dedicated and embedded Project Manager to coordinate technical assistance in support of SSSCIP reform efforts; • Hiring of a Reform and Legislative Agenda Development Consultant to assist with identifying and drafting laws necessary to support SSSCIP reforms, in line with recommendations provided by other USG funded programs (i.e. MITRE); and • Completing a functional audit of the CERT-UA under the SCPC to identify opportunities for improvements based on a comparative analysis to similar bodies in the U.S. and European Union and propose specific actions to address audit findings.

Additionally, the Activity secured consultants under short-term technical assistance (STTA) to advance the following efforts:

• John Phillips - engaging GOU stakeholders at a technical level to develop a model for threat intelligence sharing • Giorgi Iashvili - maintaining momentum on the threat intelligence sharing effort and supporting needs related to the implementation of the National Cybersecurity Strategy, including developing the National Cybersecurity Roadmap

Other initiatives undertaken or support provided during the quarter included:

8 | QUARTERLY PERFORMANCE REPORT USAID.GOV

• Organizing a workshop of the Expert Council on Cyber and Information Security2, during which participants from across Ukraine’s cyber sector discussed priorities for the upcoming year and brainstormed sustainability models. Council members agreed on taking an active approach to

WORKSHOP OF THE EXPERT COUNCIL, JANUARY 29, 2021.

influence cybersecurity policy in Ukraine and articulated a long-term goal of serving as an independent regulatory body for the cybersecurity sector. The Activity will continue to support the nascent Expert Council and encourage further inclusivity and transparency in cybersecurity policymaking and reform.

• On March 10 and 11, the Activity supported a workshop for CDTOs from across the GOU. The workshop represented the launch of an initiative by SSSCIP to build and implement a registry (database) of CII assets, as required under a Cabinet of Ministers resolution issued in

CDTO WORKSHOP, MARCH 10 – 11, 2021. FEATURED: DEPUTY HEAD OF SSSCIP, OLEKSANDR POTII

2 This Expert Council was developed with Activity support in December and serves as a multi stakeholder mechanism to increase trust and cooperation between public and private sector cybersecurity actors.

USAID.GOV QUARTERLY PERFORMANCE REPORT | 9

October 2020. The Activity will provide technical assistance to SSSCIP to develop and implement the registry and train CDTOs over the coming months. The Activity has developed the terms of reference necessary to provide this support.

CROSS-CUTTING TASKS The Activity carried out the following cross-cutting tasks during the reporting period: • Communications. With the support of the new communications manager, the Activity began implementing its Strategic Communications Plan, including launching its Facebook page to increase public visibility of interventions and developing promotional materials (i.e. Activity video, branded products, etc.). • Cyber Sector Update. The Activity issued the third edition of the Cyber Sector Update. The update covered the recent SolarWinds cyberattack in the U.S. and similarities with the 2017 NotPetya attack, the MDT DIIA Mobile App 2.0 bug bounty event, and preliminary results from the Activity’s assessments of cybersecurity training in higher education and the cybersecurity market in Ukraine. • Additional deliverables. The Activity developed and submitted the following key deliverables, two of which are pending further updates based on USAID feedback:

Deliverable: Date submitted: Status: CCI Plan January 11 Under DAI revision National Cybersecurity Under DAI revision March 14 Roadmap Exchange Platform Program Under USAID revision March 31 Plan

The Activity also held two roundtable events, including the CDTO workshop referenced above and a cybersecurity strategy visioning on February 4.

The following deliverables first submitted during the prior quarter are being finalized following several rounds of revisions:

Deliverable: Date submitted: Status: CEM Assessment November 16 Under USAID review Legal (Legislative) Assessment November 16 Under DAI revision Cybersecurity Workforce November 23 Under DAI revision Development (WFD) Plan Cybersecurity Products and December 1 Under DAI revision Services Rapid Market Assessment (RMA)

10 | QUARTERLY PERFORMANCE REPORT USAID.GOV

COMPONENT 1: ENABLING ENVIRONMENT TASK 1: LEGAL ASSESSMENT AND NATIONAL CYBERSECURITY ROADMAP The Activity drafted the National Cybersecurity Roadmap, which outlines a plan to increase cybersecurity resilience in both the public and private sectors through specific actionable measures across a range of key areas from legal reforms to capacity building and to support implementation of the National Cybersecurity Strategy. The document was developed in consultation with experts and integrates inputs collected from roundtables and working groups with GOU stakeholders.

The Activity is still in the process of revising the Legal Assessment with the support of a cybersecurity legal expert based on feedback received by USAID. The document has also been reviewed by MITRE to ensure alignment with assessments developed with funding from the US State Department.

TASK 2. CYBER EXCELLENCE MECHANISM (CEM) TO SUPPORT GOU CYBERSECURITY INITIATIVES Based on the CEM Assessment, the Activity continued to develop the scope, personnel, and processes to support implementation of the CEM. This included hiring a CEM Manager and close coordination with SocialBoost on aspects of the CEM related to their subcontract. NSDC also reviewed and used data from the CEM Assessment survey to support development of the draft National Cybersecurity Strategy, published on March 4.

TASK 3. NATIONAL PREPAREDNESS EFFORTS TO BUILD RESILIENCE AND INCREASE CAPACITY TO RESPOND TO CYBER ATTACKS ACROSS CRITICAL INFRASTRUCTURE SECTORS The Critical Infrastructure Cybersecurity Incident Preparedness Assessment and Program Plan was approved by USAID. Implementation of interventions under the Plan’s program areas continued, as follows:

In March, the Activity completed a cyber diagnostic for Ukrhydroenerho and is in the process of developing recommendations for addressing vulnerabilities identified. The diagnostic for Gas Transmission System Operator (GasTSO) is being finalized and will be completed early next quarter. These diagnostics will inform the development of a Cyber Maturity Model (CMM), which will be available in late FY21.

In February, the Activity organized the first Threat Intelligence Sharing Mechanism (TISM) working group attended by representatives from the GOU, private sector, and academia. Specifically, NSDC, MDT, SSSCIP, CDTOs from the National Bank of Ukraine (NBU), MEU, SBU, cybersecurity legal experts, members of the Expert Council, and implementing partners participated. An Activity-hired expert provided a comprehensive TISM model to the working group, allowing for further elaboration by members. The model has been incorporated into the organizational-technical model proposed by SSSCIP. While built on the open source Malware Information Sharing Platform (MISP) already in place in Ukraine, the model proposed by the Activity allows for any intelligence sharing platform or service to connect based on STIX/TAXII3 open standards and shared protocols.

3 Structured Threat Information eXpression/Trusted Automated Exchange of Intelligence Information

USAID.GOV QUARTERLY PERFORMANCE REPORT | 11

COMPONENT 2: WORKFORCE DEVELOPMENT

TASK 1: CAPACITY AND QUALITY OF CYBERSECURITY HIGHER EDUCATION At the beginning of the quarter, the Activity completed an analysis of expressions of interest submitted by 29 Ukrainian HEIs to participate in the Cybersecurity Higher Education Program. The three-year Program, led by FIU, aims to: 1) train more than 300 cybersecurity instructors in selected HEIs to teach courses using best cyber security practices; and, 2) expand practical training courses in those institutions through access to state-of-the-art technology to simulate real world scenarios for detection and prevention of malware and other cyber threats. As a result of the analysis, 14 institutions were selected to take part in the Program.

HIGHER EDUCATION PROGRAM LAUNCH, MARCH 30, 2021. FEATURED: REPRESENTATIVES FROM THE KHARKIV NATIONAL UNIVERSITY OF ECONOMICS AND KYIV POLYTECHNIC INSTITUTE

The Activity launched the Cybersecurity Higher Education Program on March 30, in an innovative hybrid format event, with participating HEIs joining online from across Ukraine to open their participation certificate and share their sentiments about being selected for the Program. The event was opened by Deputy Mission Director Susan Kutor and leaders from the Ministry of Education and Science and SSSCIP. Streamed on the Activity's Facebook page, the event attracted over 1,900 views.

TASK 2: UPSKILLING INDUSTRY PROFESSIONALS The Cybersecurity Professional Development and Training Needs Assessment was approved by USAID. The Activity also significantly revised and resubmitted the WFD Plan and is in the process of finalizing the document based on additional USAID feedback. With implementing partner subcontracts in place, the Activity launched additional training, namely the pilot Information Security Management Systems training offered to 11 individuals from seven Government of Ukraine stakeholders and Critical Infrastructure operators, namely GAS TSO, National bank, UkrEnergo, Darnytsia, SSSCIP, NSDC, and the Center of Radio Frequency. as well as planning for the CTO Mentorship Program. ISSP has developed a training schedule and is designing future training based on the results of this pilot session and the first one held during the prior quarter and in line with the WFD. Post-pilot trainings will begin at the end of May 2021.

Preparation for the ICS Pilot Program advanced. SEL carried out an assessment based on which a preliminary list of potential participating companies was developed. The selection process for the first two pilot participants will be finalized next quarter following interviews with those companies and in consultation with USAID. Two companies will be selected for the first set of pilots. These companies will receive training and technical assistance to install operational technology (OT) in their facilities to

12 | QUARTERLY PERFORMANCE REPORT USAID.GOV

significantly increase cybersecurity. The pilot efforts will be captured as case studies which will be distributed to stakeholders across sectors, including CI operators, GOU, regulators, and industry associations – significantly extending impact.

Catalisto identified mentees and mentors for the CTO Peer Mentorship Program. Aspects of Program planning requiring travel, including finalizing the syllabus and training materials in consultation with Ukrainian stakeholders, will be finalized in April and May, when Catalisto is now due to be in country.

COMPONENT 3: MARKET DEVELOPMENT

TASK 1: CENTER FOR CYBERSECURITY INNOVATION (CCI) The Activity submitted the CCI Plan to USAID on January 11, 2021. Based on comments and feedback received from USAID during two ideation sessions, the Plan is being updated to focus on the community building aspects and ensure that CCI is an overarching initiative for increasing awareness of and access to Activity programs including the SMB Accelerator and Mentorship programs as well as the Exchange Platform. The Activity also took initial steps to establish the CCI web portal, which is currently pending USAID approval.

TASK 2: CYBERSECURITY INVESTMENTS TO CATALYZE UKRAINIAN CYBERSECURITY INNOVATION AND ENTREPRENEURSHIP The Activity solicited input from a team of advisors and experts in investment banking, venture capital, private equity, and public-private partnerships to develop its Investment Strategy.

The Strategy is based on quantitative and qualitative research with international and local cybersecurity investors. The Activity organized meetings with 24 local and worldwide funds and other investors in cybersecurity to discuss, test, and collect feedback on proposed Strategy parameters and approaches.

The Activity also identified a wider group of over 200 global investment funds that made at least three cybersecurity investment deals over the last five years. These funds and investors were analyzed based on their previous investments, including geography, deal size, and investment criteria. The research also generated a contact list of selected investors to engage and inform regarding potential investments in Ukraine, including invitations to pitch and product demo days organized by the Activity or in partnership with other programs. The Strategy will be finalized and submitted on April 30, 2021.

DAI is also revising the RMA based on the latest round of comments from USAID and will resubmit next quarter.

TASK 3: SUPPORT TO UKRAINIAN SMB CYBERSECURITY SOLUTION PROVIDERS Plans for the SMB Acceleration Program and Peer Mentorship Program were finalized by SocialBoost and VFI, respectively, and preparations for their launch began. Both programs will kick-off next quarter with an event announcing the opening of the application process to target businesses.

TASK 4: EXCHANGE PLATFORM TO PROMOTE A TRANSPARENT MARKETPLACE The Activity submitted the Exchange Platform (Marketplace Elevating International Security Solutions Awareness - MELISSA) Program Plan to USAID on March 31, 2021. The Plan provides the parameters for developing and launching the Platform, including the development of basic functional and technical

USAID.GOV QUARTERLY PERFORMANCE REPORT | 13

requirements, and integration with other key programs (tasks) under the Activity. The Plan also reviews the dependencies for developing final technical requirements based on consultations with key stakeholders and addresses key risk mitigation steps. Led by Catalisto, implementation of the Plan and development of the Platform will begin next quarter once the task order to do so is in place.

PROGRESS AGAINST TARGETS During the quarter, the Activity completed the first diagnostic for Ukrhydroenerho, contributing to the annual target for indicator #4 - Number of cybersecurity assessments (audits) conducted and improvement plans developed:

TABLE 1. PROGRESS AGAINST PERFORMANCE INDICATORS

Indicator Actual FY 2021 Annual target FY 2021

Indicator #4 - Number of cybersecurity assessments 1 20 (audits) conducted and improvement plans developed

PERFORMANCE MONITORING, EVALUATION, AND LEARNING During the reporting period, the Activity worked with IPs to develop evaluations for tasks and interventions and established a transparent and efficient process for data collection by defining data sources and collection tools. Training materials on data collection have been developed and made available to all IPs on the Activity Collaboration SharePoint site.

The Activity created an interactive Activity Monitoring Dashboard in PowerBI for visualizing data captured through evaluations. In March, training on Dashboard functionality and data reporting was provided to relevant Activity staff.

During the last quarter, the DAI Collect tool was used to develop application forms for prospective SMB Acceleration Program participants and experts. The tool was also used to develop standardized surveys for collecting feedback from training, event, and mentorship program participants. The Activity already collected feedback from 18 participants from the two training courses provided by ISSP under the Upskilling Industry Professionals task. The training received an average score of 4.7 out of a maximum score of 5.

The majority of performance indicators in the Activity Monitoring, Evaluation, and Learning Plan are reported annually, however the Activity has started collecting data on performance indicator #4 - Number of cybersecurity assessments (audits) conducted and improvement plans developed, which is reported on quarterly, and submitted the data to the USAID GeoCenter tool.

During the reporting period, the Activity held the following learning capture exercises: • Strategic session for newly created Expert Council

14 | QUARTERLY PERFORMANCE REPORT USAID.GOV

• After-Action review (AAR) sessions following the Cybersecurity Strategic Visioning Roundtable and the CDTO workshop • Quarterly Pause and Reflect (P&R) session with IPs and USAID representatives • Learning capture on pilot training The insights collected through the learning sessions are reflected in the Activity Learning Log and have been used to structure discussions during subsequent quarterly P&R sessions.

LESSONS LEARNED On March 18, 2021 the Activity conducted the first mid-year P&R session with IPs and USAID to discuss and capture learnings on team collaboration and program implementation to date. The Activity engaged CollaborateUp to conduct this learning session to solicit constructive feedback and discuss challenges and opportunities.

Before the P&R session, all IPs shared their opinions on collaboration and areas for improvement. The average score for the first 7-month period of the Activity was 3.3 points out of a 5-point range. All aspects of collaboration were scored by IPs at essentially the same level – between 3.1 and 3.6, with Work Management and Problem Solving receiving the lowest scores.

IPs also had an opportunity to reflect on Activity Success Factors jointly defined during the Annual Work Planning session held in July 2020. The average score on progressing towards success factors was 3.1 out of 5-point range. Even though more than 1/3 of respondents stated that it was too early to evaluate Activity progress, there were two areas for improvement identified: Relations with GOU and Smart Risk Taking.

USAID.GOV QUARTERLY PERFORMANCE REPORT | 15

The IPs outlined the following areas for improvement during the P&R session and identified potential approaches in each area:

1. Building a clear process for recipient and stakeholder engagement. The Activity plans to implement a constituent relationship management process to track interactions with stakeholders across all tasks, including a procedure to review stakeholders (organizations and individuals) for potential sensitives prior to engagement. 2. Improving relationships with Activity’s beneficiaries. As mentioned previously, the Activity has developed a Stakeholder Relationship Matrix to manage and improve relations with the key GOU stakeholders. The matrix was developed with input from the IPs. 3. Improving effectiveness of regular IP coordination meetings. The Activity will work with IPs to adjust the format and content of weekly program management and other meetings to improve efficiency and decision making. During the next quarter, the Activity will review and implement solutions identified during the P&R session in close coordination with IPs.

PROGRESS ON LINKS TO USG, USAID, AND OTHER DONOR ACTIVITIES Coordination with other donors and programs related to cybersecurity is a priority for the Activity. This includes regular meetings with USAID-funded ESP, CEP, Transparency and Accountability in Public Administration and Services (TAPAS), and Support to Anti-Corruption Champion Institutions (SACCI) programs. In addition, the Activity remains in regular contact with IFES and CRDF regarding their cybersecurity activities in Ukraine. Of particular note, during Q2 the Activity began very close coordination with ESP regarding engagement with MEU, including weekly meetings between the two projects and the Ministry, as well as joint input on a draft cybersecurity strategy document for the energy sector prepared by the Ministry.

As noted previously, the Activity has actively engaged in the recently established Cybersecurity Donor Coordination Cluster meeting series, presenting the Activity to the group at the meeting on March 25. The Activity also presented the Subgroup on IT Sector and Cybersecurity under the Sectoral Working Group on Digital Transformation managed by MDT.

In terms of international donors and programs, the Activity maintains an ongoing close working relationship with the EU4Digital teams, for example on technical requirements for the CII registry. The COP also briefed with colleagues from the UK Embassy on cybersecurity programs, especially as related to cyber hygiene.

The Activity continued to work in close coordination with MITRE on several key issues, specifically the pending restructuring of SSSCIP and inputs on the draft National Cybersecurity Strategy. Although the written inputs to the draft Strategy were received after the deadline established by NSDC, but the Activity was able to organize a roundtable at the VRU during which MITRE will be able to share key recommendations. Details of that roundtable will be included in the report for Q3.

Per the Coordination Plan, the Activity is already or anticipates working closely with the below USAID- funded activities:

16 | QUARTERLY PERFORMANCE REPORT USAID.GOV

TABLE 2. USAID-FUNDED PROGRAMS

PROJECT/IMPLEMENTING PARTNER POTENTIAL AREAS OF COORDINATION/COLLABORATION

CEP/Chemonics IT sector growth and investment; DIIA City; and assistance to MDT

Transformation Communications Major reforms in CI cybersecurity, such as legislation and institutional Activity/Chemonics reform; broader awareness of cybersecurity in civil society and the general public

Elections/IFES Legal framework development; cyber hygiene awareness and training for public servants; and Central Elections Commission cybersecurity

Energy Sector Transparency/Dixi Group Energy sector data security

ESP/Tetra Tech Assistance to Ministry of Energy and energy ecosystem capacity building

Energy Technology and Governance Program Energy sector cybersecurity; capacity building; and regional initiatives (ETAG)/United States Energy Association (USEA)

Health Reform Support (HRS)/Deloitte Health sector cybersecurity (eHealth programs)

National Association of Regulatory Utility Energy sector regulatory issues related to cybersecurity Commissioners (NARUC) SACCI/MSI CEM communications coordination and events, including hackathons and bug bounty

TAPAS/Eurasia Foundation e-Governance/e-services; critical information infrastructure; and MDT assistance

Western Newly Independent States Investment Strategy development; cybersecurity sector growth/investment; Enterprise Fund (WNISEF) and SMB programs

With regard to USG funded activities, the Activity is or anticipates working with the following entities and programs:

TABLE 3. US GOVERNMENT AGENCIES AND PROGRAMS

USG/PROJECT POTENTIAL AREAS OF COORDINATION/COLLABORATION

Department of Energy Cybersecurity in energy sector and capacity building programs

Department of State Assistance to NSDC; analysis for cybersecurity strategy; institutional assessment and reforms; WFD; and development of private-public MITRE partnerships in cyber sphere

Department of State Cybersecurity capacity building and awareness trainings; cyber hygiene; higher education capacity building, including cyber range; bug CRDF bounty programs; WFD; and donor coordination

USAID.GOV QUARTERLY PERFORMANCE REPORT | 17

Department of Homeland Security (DHS) Cyber Incident Response and Industrial Control Systems Training; CERT-UA ($2.5 million in aid funding intended for next-generation network response kits, and training to bolster cyber threat response capabilities); in-person training with SSU and SSSCIP

Department of Treasury Financial sector cybersecurity

Office of Defense Cooperation (ODC) National preparedness exercises; training/certification program; major technical investments (e.g. cyber range); and defense/security events

U.S. European Command National preparedness exercises and defense/security events

U.S. Cyber Command Training and large-scale exercises

PROGRESS ON LINKS TO HOST GOVERNMENT As noted previously, the Activity solidified a productive working relationship with SSSCIP, finalizing a work plan and placing embedded advisors to assist with communications and advise on legal reforms. In addition, the Activity was able to support on short notice a request from SSSCIP to implement a training program for CDTOs to support implementation of the CII registry.

The relationship with the MEU has also progressed significantly, and the Activity was able to brief the SSU on the project goals, objectives, and components during an introductory meeting. SSU also began participating in the Working Group on Threat Intelligence Sharing. Lastly, the National Bank of Ukraine has also been very supportive of the Working Group, sharing their experience in implementing threat intelligence sharing technology and processes in the financial sector.

During Q2 the Activity also met with both the Chairman and Deputy Chair of the Verkhovna Rada Committee on Digital Transformation, and began planning a roundtable event for the end of April. And at the end of the reporting period, the Activity reached out to the Ministry for Strategic Industries and the Office of European and Euro-Atlantic Integration, requesting initial briefings with those entities during April.

Per the Coordination Plan, the Activity anticipates working with several GOU stakeholders as follows:

TABLE 4. GOU STAKEHOLDERS

ENTITY POTENTIAL AREAS FOR COORDINATION/COLLABORATION

European and Euro-Atlantic General coordination efforts; international cybersecurity standards; EU Network and Integration of Ukraine (part of the Information Systems (NIS) Directive approximation. Cabinet of Ministers)

MDT Beneficiary relationship. This includes a detailed assistance plan covering several areas: enabling environment reform, critical information infrastructure security, digital services, capacity building, private sector engagement, and support to national initiatives such as DIIA City.

18 | QUARTERLY PERFORMANCE REPORT USAID.GOV

Ministry of Energy Cybersecurity in energy sector; energy sector ecosystem assistance; capacity building/training. We will work in close coordination with the USAID ESP project as the primary contact for the Ministry.

Ministry of Strategic Industries Note, this is a new ministry. Opportunities for coordination and collaboration will be determined.

National Institute for Strategic Collaborative approach to cybersecurity strategy development; policymaking; and Studies (NISS) research initiatives.

NSDC/National Center for Beneficiary relationship. This includes a detailed assistance plan covering several Cybersecurity and areas: national cybersecurity strategy, legal/regulatory reforms, capacity building, Communications (NCCC) WFD, information sharing and analysis, and cross-GOU coordination

SSU Cybersecurity initiatives not related to cybercrime (details of relationship to be determined).

SSSCIP Recipient relationship. This includes organizational capacity building and Computer Emergency Readiness Team (CERT) capacity building.

Verkhovna Rada Committees Awareness building; collaborative development of legislation; and enabling environment reform.

Other GOU agencies Possible coordination with the Ministry of Health, Ministry of Infrastructure, Ministry of Economic Development, Trade, and Agriculture (MEDTA), and the NBU.

PROGRESS ON INCLUSIVE DEVELOPMENT AND GENDER During the reporting period, the Activity developed a gender plan to define appropriate tools and channels for engaging women in Activity interventions. The plan outlines the key findings from the Initial Gender Assessment of the cybersecurity sector in Ukraine and interventions aimed at addressing barriers women in the sector reported facing. The plan contains a list of interventions for each Activity fiscal year, developed in consultation with IPs.

The Activity started establishing connections with successful women in both cybersecurity and IT through women’s associations, social networks, and IP’s networks. The Activity is collaborating with some of these women, collecting their stories about their careers to produce short video segments that could be useful to other women in the industry.

USAID.GOV QUARTERLY PERFORMANCE REPORT | 19

FINANCIAL INFORMATION

TABLE 5. FINANCIAL INFORMATION Contract ceiling price

Total obligated toward ceiling

Total disbursed (invoiced) Invoiced as of March 31, 2021

Accruals (cumulative) Through end March 31, 2021

Remaining obligation Obligated funds minus expended funds and accruals

Contract ceiling remaining

GRANTS UNDER CONTRACT The Activity brought on a grants specialist from the DAI Home Office (HO) to assist the team with launching the grants program, including developing a grants pipeline, issuing an Annual Program Statement, if determined appropriate, and Requests for Award (RFA), setting up evaluation criteria, selecting grant recipients, preparing approval request packages for USAID and issuing the agreements. In consultation with the technical teams, the specialist drafted two RFAs, one for seed grants to SMBs and another for potential assistance to Ukrainian academic institutions or think tanks for developing local, in- house cybersecurity market research capabilities. The GUC Manual was revised and resubmitted to USAID on October 21, 2020 is still pending approval. Grant applications will be solicited upon receiving USAID approval of the Manual.

The Activity Grants Fund will be accessible across the Activity’s three components to support discrete tasks and promote cybersecurity resilience and market growth initiatives to achieve Activity objectives. Under Component 1, GUC funds might be used to support rapid response initiatives under the CEM. Under Component 2, this fund could be used to augment or extend training initiatives through local partners. Under Component 3, the fund could be used to support advanced research and innovation through the CCI and the growth of cybersecurity SMBs. The Activity will endeavor, wherever possible, to issue grants with matching components from the grantees. DAI will implement, monitor, and evaluate GUC funds in accordance with all pertinent USAID and USG Acquisition Regulations.

ACTIVITY ADMINISTRATION

OPERATIONS The Activity began leasing a permanent office space in January 2021. The space accommodates traveling STTA and meetings/coordination with key stakeholders in addition to supporting administrative and operational functions. The majority of Activity staff continue working remotely for the most part,

20 | QUARTERLY PERFORMANCE REPORT USAID.GOV

however, and will do so until conditions required to progress to the next stage of “re-opening” per DAI’s COVID-19 Best Practices Guidelines are met.

The Activity received shipment of its server and other IT equipment (projectors, monitors, printers, etc.). During the following quarter, DAI HO STTA will travel to Kyiv to install and connect all equipment to the server. Service agreements for the provision of office supplies, branding materials, event coordination, as well as legal counsel and translations were established in support of Activity operations and technical implementation.

With subcontracts in place, DAI met with IPs to go through the terms of the contract, review budgets and scopes of work, and walk each through the invoicing process. IPs also received training on procurement rules and regulations and were provided templates for developing terms of reference, procurement plans, and source selection memos.

CONSTRAINTS AND CRITICAL ISSUES • Quality of deliverables. Based on feedback received from USAID regarding the overall quality of written deliverables, DAI developed a plan and applied additional resources to ensure that subsequent deliverables and updates to previously submitted deliverables reflected a significantly higher level of quality. With the support of an HO Technical Project Manager, the Activity revised and resubmitted multiple deliverables during the quarter, two of which were approved by USAID (see attachment I below for detail). • Expenditures. Expenditures remained low during the first two months of the quarter. With subcontracts now in place and technical implementation ramping up, the Activity is projecting a significant increase in the burn rate, as seen in the March 2021 invoice. • Recruitment. Identifying a Senior Cyber Policy Advisor has proven challenging. Despite having identified a number of strong candidates, salary negotiations were unsuccessful due to candidate’s salary expectations exceeded the USAID maximum. Recruitment for that role has taken time and placed resource constraints on the Activity. Given these challenges, the Activity has shifted course and decided, in consultation with USAID, to instead bring on a technical Deputy Chief of Party (DCOP). One of the responsibilities of the DCOP will be securing and managing targeted STTA in support of Activity stakeholders. • COVID-19. With the number of daily cases in Ukraine continuing to increase during the quarter, the Activity has maintained a work-from-home policy. The recent lockdown has impacted planned travel and resulted in minor implementation delays. Travel will resume end of April and into May when the lockdown is lifted. In the meantime, efforts continue in virtual format.

USAID.GOV QUARTERLY PERFORMANCE REPORT | 21

ORGANIZATIONAL STRUCTURE AND PERSONNEL The following positions were filled during the quarter:

Position: Date of hire: Start date:

CEM Manager February 1, 2021 February 8, 2021

Communications Manager January 15, 2021 March 9, 2021

Workforce Development Lead February 2, 2021 February 16, 2021

Market and Industry March 23, 2021 April 8, 2021 Development Coordinator

ICT Coordinator April 13, 2021 June 1, 2021

Given the volume of communications related activities, the Activity will begin recruiting for a Communications Assistant next quarter. The organizational structure below reflects recent changes and new additions to the team.

22 | QUARTERLY PERFORMANCE REPORT USAID.GOV

USAID.GOV QUARTERLY PERFORMANCE REPORT | 23

ATTACHMENT 1

STATUS OF DELIVERABLES/MILESTONES The following deliverables were submitted, and events held during the reporting period:

TABLE 1. DELIVERABLES STATUS

Deliverable Submission Status date/when held CCI Plan January 11 Under DAI revision

National Cybersecurity Roadmap March 14 Under DAI revision Exchange Platform Program Plan March 31 Under USAID revision Cybersecurity Strategy Visioning February 4 Completed CDTO workshop March 10, 11 Completed

The team also issued the third edition of the cyber sector update and submitted bullets, weekly updates, and monthly calendars as required under the contract.

During FY21 Q3, the following will be delivered:

TABLE 2. DELIVERABLES STATUS Deliverable Submission/completion date Investment Strategy January 11

Cyber Excellence Mechanism March 14

And the following will be resubmitted:

TABLE 3. DELIVERABLES STATUS

Deliverable Original Current status Submission date CEM Assessment November 16 Under USAID review

Legal (Legislative) Assessment November 16 Under DAI revision Cybersecurity Workforce Development (WFD) November 23 Under DAI revision Plan Cybersecurity Products and Services Rapid December 1 Under DAI revision Market Assessment (RMA)

24 | QUARTERLY PERFORMANCE REPORT USAID.GOV