DEEP DIVE — President Donald Trump’s foreign aid freeze will kneecap U.S. efforts to build alliances around cybersecurity issues and help Russia and China seize the upper hand in global battles over internet governance and communications infrastructure, according to several experts interviewed by The Cipher Brief.
The White House’s aid restrictions have already shut down much of the State Department’s new $50 million Cyberspace, Digital Connectivity and Related Technologies Fund, preventing the department’s nascent Bureau of Cyberspace and Digital Policy from launching initiatives to help other countries access technology’s benefits and counter its risks. Experts say those programs represent some of America’s best opportunities to build international credibility and recruit partners in the global fight against authoritarian nations.
From cyber exercises to new internet cables to training on spyware and AI, these projects could transform the U.S.’s reputation in key world capitals — or, if they continue to languish under Trump’s aid freeze, they could symbolize American withdrawal from one of the era’s defining geopolitical competitions.
“When you're not in the room, when you're not - at least figuratively - on the ground, helping to combat cyber and tech threats that also harm the United States,” said Justin Sherman, the CEO of advisory firm Global Cyber Strategies, “our adversaries start to run the show.”
“We’re not doing this as charity”
Experts also warn that by pausing cyber aid, the Trump administration has interrupted one of the U.S.’s most potent tools for shaping the future of digital conflict. Just as non-cyber assistance like food and vaccine distribution helps win international goodwill and prevent crises that could someday reach U.S. shores, foreign cyber assistance helps the U.S. cultivate important partnerships and prevent hackers from wantonly crippling important infrastructure.
“It pays dividends on a number of different fronts,” Chris Painter, who served as the top U.S. cyber diplomat from 2011 to 2017, told The Cipher Brief.
In the short term, Painter said, the aid projects strengthen other countries’ ability to work with the U.S. on cybersecurity. Because hackers “like to go after the weakest link and launch attacks on us through proxies,” he said, the U.S. benefits from being able to partner with those intermediary victims to fix flaws and arrest hackers — and from boosting those countries’ defenses so they don’t become victims in the first place. “It operationally helps us,” Painter said.
In the longer term, demonstrating the success and benefits of the U.S. vision for global cyber cooperation helps bring more countries around to the U.S. way of thinking, experts said, which in turn weakens the coalitions that Russia and China are trying to build on issues involving the future governance of the internet.
The benefits of this strategy materialize on multiple fronts, from United Nations working groups to regional forums to direct bilateral relationships. These benefits accrue in the form of votes for U.S.-backed resolutions and a greater eagerness to recruit American business investments.
“Ultimately, we're not doing this as charity,” Painter said. “We're doing it to help us.”
Offering cyber aid to other countries “is very consistent with our traditional foreign policy,” Painter said, but it’s also consistent with the Trump doctrine. “If we're talking about ‘America First,’ this does help the U.S. It's not just dollars down the drain that don't see the benefits [of] ever.”
Experts are gathering at The Cipher Brief’s NatSecEDGE conference June 5-6 in Austin, TX to talk about the future of war. Be a part of the conversation.
Jeopardizing intelligence, straining relationships
The Trump administration’s suspension of a wide range of aid to Ukraine, one of its most dramatic foreign policy moves, has also spilled over into the cyber domain with potentially serious consequences. The U.S. has rescinded the funding it had pledged to the Tallinn Mechanism, an initiative to fortify the cyber defenses of Ukraine’s beleaguered critical infrastructure. The U.S. pledge accounted for roughly half of the €200 million that the fund had collected, and the Trump administration’s about-face has forced the project’s leaders to scramble.
“While Ukrainian cyber defenders are extremely capable, there's reason to believe that suspension of support will result in more disruptive attacks,” said Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.
Because Russian hackers keep improving their tactics, Segal said, “over the long term, [Trump’s action] will degrade Ukraine's ability to defend itself.”
As with the Trump administration’s other Ukraine actions, Segal said, “the message to other countries is, ‘You are responsible for your defense against the Russians.’”
And as with those other reversals, Painter said, withdrawing the defensive funding will end up hurting the U.S. too. “It kind of gives the Russians a free pass,” he said, “and allows them to develop tools and capabilities and see how things work that could be used against us and others.”
Greg Rattray, executive director of the Cyber Defense Assistance Collaborative, a coalition of cyber companies offering defensive aid to Ukraine, said he hoped the Trump administration would take the time to turn the Tallinn Mechanism “into a more strategic funnel” of support, arguing that the initial system was “difficult in its current early stage for Ukrainians to tap into.”
Some of the frozen aid wasn’t as concrete as the Tallinn Mechanism, but according to experts, it was no less valuable.
The State Department’s cyber bureau was until recently in the process of launching multiple projects focused on “capacity building,” or helping other countries develop the legal frameworks, training programs, and technological capability to address pressing problems. Cyber capacity-building projects were intended to help counter the abuse of commercial spyware, regulate emerging technologies, develop safe and secure artificial intelligence, and enact data-privacy protections. Other capacity-building efforts would have included cyberattack simulation exercises, helping countries migrate important national data to the cloud (something that proved vital for Ukraine), and familiarizing their workforces with opportunities for cyber careers.
“These capacity-building programs are not mere altruistic endeavors; they advance critical U.S. interests,” Annie Fixler, director of the Foundation for Defense of Democracies’ Center on Cyber and Technology Innovation, and Johanna Yang, a research and editorial associate at the center, wrote in a recent op-ed for The Cipher Brief, referencing USAID cyber funding that was cut alongside the funds managed by State’s cyber bureau.
Experts also say that preparing other countries to engage with cyber issues makes them more effective partners when the U.S. needs help on those issues. Cybersecurity exercises, for example, train government cyber defenders to take action quickly during a crisis, including by sharing information with their American counterparts.
At the time of the aid cuts, the U.S. was also preparing to spend money helping foreign governments evaluate potential undersea cable deployments and select the safest vendors. The project would have helped the U.S. limit China’s ability to build these critical internet cables and spy on the data that flowed through them. American officials are especially concerned about China gaining silent digital footholds in the networks of newly connected Pacific island nations.
“The Chinese government is pumping tons of money into capacity-building programs all over the world, particularly on technology,” Sherman said. Developing countries’ “cybersecurity needs aren't going away,” he added, and with the U.S. pulling back, “many of those countries will look to Beijing to fill the gaps.”
When the U.S. isn’t helping other countries invest in secure infrastructure like undersea cables and cloud services, Segal said, “U.S. firms lose, Chinese ones win.”
A State Department spokesperson told The Cipher Brief that the agency is reviewing cyber aid projects, including the Tallinn Mechanism funding, “with an eye toward those that can best advance President Trump’s goals.”
“Throughout this process, we have continued to communicate clearly with global partners, including other members of the Tallinn Mechanism, on the aims of our foreign assistance review,” said the spokesperson, who insisted on anonymity in accordance with the department’s policy.
Everyone needs a good nightcap. Ours happens to come in the form of a M-F newsletter that provides the best way to unwind while staying up to speed on national security. Sign up today.
A bright spot
The one bright spot for cyber diplomacy advocates: One of the U.S.’s most potential cyber aid tools remains active, The Cipher Brief can exclusively report.
Foreign Assistance Leveraged for Cybersecurity Operational Needs, or FALCON, allows the State Department to tap leading cybersecurity companies to rapidly help a partner country recover from a cyberattack. FALCON was modeled on successful U.S. engagements with Albania and Costa Rica, which faced devastating ransomware cyberattacks by Iran and Russia, respectively, in 2022. According to the State Department spokesperson, FALCON “is currently ongoing as it is a crucial tool for advancing our economic and national security.”
Experts agreed with this assessment. “FALCON is an extremely concrete signal that the U.S. is ready and able to come to the assistance of its allies and partners,” Segal said. “Most development and capability programs are long term. This swings into action and mobilizes private sector assistance within days.”
Facilitating incident response in other countries carries multiple benefits for American interests. Not only does it strengthen ties between the defensive teams in both countries — relationships that will be vital in the event of a global cyber crisis — but it also provides the U.S. with important insights into the tools, tactics, and infrastructure of hackers who are also targeting American networks.
“Analysts have long described countries such as Georgia and Ukraine as a test bed or sandbox for Kremlin activities,” said Sherman. “Being on the front lines and seeing what Russia throws at Ukraine … only better prepares the United States to defend [its] systems against the same and similar Russian operations down the line.”
In addition, the U.S. is trying to court developing countries on a wide range of issues, and for those countries, their top requests of the U.S. often involve help countering cyberattacks. “Helping them meet this need makes cooperation on other issues easier,” Segal said.
Boosting Beijing
Experts say that by putting most cyber aid in limbo, the Trump administration has given China an unprecedented opportunity to expand its own digital diplomacy efforts and build coalitions that will cause problems for the U.S. in the future.
“Not providing assistance means reduced U.S. influence on a range of digital and cyber issues and increased PRC influence,” Segal said.
The U.S. can’t compete financially with China’s mammoth foreign investment program, but it has historically had the advantage in the soft-power arena, including through capacity building. Now, all of that is at risk. Without continuing cyber aid, Painter said, relationships with countries in the Indo-Pacific and Latin America may weaken.
Trump has created “a greater ability for the Chinese government to spread its preferred vision of cyberspace (including what constitutes 'cybercrime' and who the 'bad actors' are), bolster its soft power in the future of technology, and push its preferred tech vendors, like Huawei and ZTE, that create security risks for the United States and others abroad,” Sherman said.
After the U.S. helped Costa Rica recover from its ransomware crisis, the Latin American nation became the U.S.’s most vocal ally in the region on China-related security issues, promoting Western 5G vendors and exploring new semiconductor supply chains. Given Beijing’s malign influence, Sherman said, “it's critical to not cede any ground.”
The Trump administration has already unfrozen cyber aid to Costa Rica and may decide to unfreeze more of it. “Changes in the U.S. cyber assistance posture are happening week on week at the moment,” Rattray said. But even if aid resumes in the coming weeks, some damage has already been done.
That damage is partly technological. “Even pausing things for a short time allows attackers … to really burrow into these systems,” Painter said, “and make it much more difficult for us in the long term.”
Then there is the reputational harm. Freezing aid signals that “we're not a necessarily dependable partner,” Painter said, “which risks other actors who we don't trust getting in there and ‘helping’ these countries.”
It is entirely possible that key cyber aid programs will be permanently scrapped. Trump officials, egged on by Elon Musk and his U.S. DOGE Service, have already cut important cyber projects at other agencies, including the FBI’s Foreign Influence Task Force, a USAID cyber assistance grant, and the Cybersecurity and Infrastructure Security Agency’s support for information sharing groups for state and local governments and the elections community.
“I still hope this is one of the ones that they look at and say, ‘Okay, this is nuts,’” Painter said, “but there's no assurance of that.”
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief
