OPINION — When U.S. partners aren’t secure, America isn’t secure.
Trump administration officials have pledged to go on the offense against China’s malign cyber activity. Cuts at the U.S. Agency for International Development (USAID), however, are throwing out some of Washington’s strongest defensive plays. Among the $60 billion of cuts in USAID grants and contracts are more than $175 million in critical cybersecurity programs for U.S. partners. These capacity-building programs are not mere altruistic endeavors; they advance critical U.S. interests.
Partner capacity-building is money well spent
More than a dozen terminated programs focused on helping partners and allies improve cybersecurity and build secure internet infrastructure. In its own words, USAID provides funding to “block the spread of insecure communication network technology and help adopt secure alternatives.” In short, these tax dollars help foreign countries purchase American — rather than Chinese — telecommunications equipment. Keeping Huawei out of global internet infrastructure was a key priority during the first Trump administration. Terminating USAID’s programs undercuts this important effort.
The programs also help U.S. partners stand on their own two feet in cyberspace. One contract alone to IBM, worth $95 million, helped Albania, Moldova, Azerbaijan, Kosovo, and other countries in Europe train cybersecurity personnel and enhance critical infrastructure defense. When Albania fell victim to Iranian ransomware attacks nearly three years ago, the country reportedly considered invoking NATO’s Article 5, which regards an attack on one NATO member as an attack on all. Albania’s prime minister likened the cyberattack to “bombing a country.” The United States subsequently pledged $50 million to help Albania recover and shore up its defenses.
Not only is the price of the IBM contract a fraction of the cost of a potential war between NATO and Iran, it also reaffirms the adage that an ounce of prevention is worth a pound of cure. A single cyberattack in the United States costs on average $27 million. Last year, the cost of global cybercrime exceeded $350 billion. USAID’s spending on cyber contracts amounts to pennies on the dollar.
Experts are gathering at The Cipher Brief’s NatSecEDGE conference June 5-6 in Austin, TX to talk about the future of war. Be a part of the conversation.
Ukraine – hung out to dry
The Trump administration has also terminated essential cybersecurity support for Ukraine. While the State Department preserved one USAID cyber assistance program for Ukraine’s government and critical infrastructure, it cut off funding for civilian cyber support, which the United States, NATO, the European Union, and Canada established in 2023. While the U.S. federal government guaranteed half of the total funds, the program brought in significant donor and foreign assistance funding. Its future is now uncertain.
USAID also terminated another longstanding project to shore up the resilience of Ukraine’s electric grid. Department of Energy efforts to help Ukraine recover from sophisticated Russian cyberattacks on the grid in 2015 and 2016 have relayed lessons learned to U.S. companies and helped protect America’s electric grid. The cessation of the program means the U.S. government and private sector may no longer benefit from observing Russian cyber threats before they arrive on U.S. shores.
A path forward – via the State Department
One program not on the chopping block is U.S. cyber assistance to Costa Rica. When the Trump administration paused foreign assistance in its first weeks in office, Secretary of State Marco Rubio issued a waiver to ensure cyber support would continue to flow to San José. Two years ago, State committed $25 million to Costa Rica following a particularly devastating Russian ransomware attack. As a result of the partnership, the United States helped a Costa Rican oil refinery repel another ransomware attack at the end of 2024. Through U.S. Southern Command, State has meted out additional cyber equipment, training, and logistical aid.
In addition to direct intervention by Costa Rica’s leadership and Secretary Rubio, these funds have continued to flow at least in part because money to support Costa Rica comes from a newly established cyber assistance fund run through State’s Bureau of Cyberspace and Digital Policy (CDP). Leveraging this bureau, the Trump administration can ensure it does not throw out the cyber assistance baby with the bathwater of wasteful government spending. Washington should use the CDP to restore the cyber funding it has cut.
Congress tasked CDP with promoting reliable and secure internet infrastructure, building the cyber capacity of U.S. partners, and advancing technology and cybersecurity policies globally that advance U.S. economic and national security interests. With its focus on securing U.S. cyber leadership abroad, the bureau has the expertise to prioritize funding based on Washington’s global cyber priorities.
In the past, decisions on how to allocate funds for cyber capacity building were driven by regional considerations that may not have accounted for global, cyber-specific priorities. USAID and State Department bureaus made programmatic decisions independently without coordinating with other departments, U.S. allies, or the private sector, all of whom have their own cyber capacity building efforts to varying degrees. The Trump administration should restart cyber capacity-building programs but consolidate this cyber assistance under CDP so that Washington can spend its cyber assistance dollars wisely.
The Cipher Brief is committed to publishing a range of perspectives on national security issues submitted by deeply experienced national security professionals.
Opinions expressed are those of the author and do not represent the views or opinions of The Cipher Brief.
Have a perspective to share based on your experience in the national security field? Send it to [email protected] for publication consideration.
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
