Bridging the cyber security gap: Why Ukrainian local authorities need more support for cyber security from the EU

Since 2022, there has been an increasing number of cyber attacks in Ukraine, particularly on the websites of local authorities. In this blog post, HROMADA member Iryna Fyshchuk explores the cyber security gap at the local level in Ukraine, highlighting the critical need for EU support with a special focus on Ukrainian hromadas.


Ukraine has been affected by serious cyber attacks for many years. Before Russia’s full-scale invasion, Brussels supported Ukraine in countering cyber attacks by initiating a cyber dialogue between the EU and Ukraine in June 2021 and through the EU4Digital initiative. This effort enhanced the operational capacity of Ukraine’s telecommunications services and bolstered the fight against disinformation. In the wake of the full-scale invasion and in response to a request from the Ukrainian government, the EU activated the PESCO Cyber Rapid Response Teams for the first time in an operational context in February 2022. Moreover, in the same month, a U.S. Cyber Command team assisted the cyber rapid response teams in the search for active threats. Additionally, in March 2022, the European Parliament called for immediate and full implementation of all decisions that would increase the EU’s contribution to strengthening Ukraine’s defence capacities, including cyber security. And in December 2023, the Tallinn Mechanism – a novel tool for multilateral cyber-security cooperation – was launched to assist Ukraine in protecting its critical infrastructure.

These efforts show that the EU has recognised the danger of cyber attacks against Ukraine and has taken measures to address them. However, this blog post argues that the local level receives insufficient attention. Indeed, local governments are vital to service delivery and stability, and their vulnerability can have wide-ranging consequences. This blog post suggests that the EU and its member states increase their support to make Ukrainian local administrations more resilient.

Cyber attacks at the local level

While cyber attacks at the national level receive attention in Ukraine and abroad, attacks at the local level largely go unnoticed. However, interviews conducted in a project on the EU’s support for the local authorities revealed that some local representatives have faced cyber attacks from February 2022 until May 2022 and several times since then.

According to a report by the State Service for Special Communications and Information Protection of Ukraine, in 2022–2023, cyber attacks occurred in various areas, but state and local authorities were in second place. Moreover, as some examples illustrate, there is evidence of cyber attacks at the local level in Ukraine.

Emblem of the Security Service of Ukraine. Source: Wikimedia Commons

In early spring, a cyber attack was carried out on the Rivne City Council website. In March 2022, local government websites were hacked in five regions in Ukraine. In April 2023, there was a cyber attack on the official information resources of the Uman community in the Cherkasy region. One month later, a cyber attack was carried out on the Kakhovka City’s official Facebook page, as a government official noted.

These examples show Ukraine’s vulnerability at the local level, which at the same time is often the most important level regarding Ukrainians’ immediate needs.

EU support for cyber security at the local level

The U-Lead programme is the leading EU support channel to Ukrainian local authorities. It includes policy and legal advice to local administrations, training support and consultation.

All interviewed community representatives mentioned that they cooperate with the EU-funded U-Lead programme and have received support from it. For instance, a western Ukrainian community IT specialist stated: ‘Our community cooperated with the U-LEAD programme. They helped us with the opening of the Administrative Services Centre (TSNAP), and we also received computer equipment for the TSNAP from them’.

A decision-maker from a central Ukrainian community highlighted another example of cooperation with the U-Lead programme: ‘Among EU projects, we cooperated with U-Lead when we opened the Administrative Services Centre (TSNAP). Also, we take part in all training, including cyber security’.

The local representative from an eastern Ukrainian community noted: ‘The community participated in the U-Lead programme as part of the opening of TSNAP (Administrative Services Centre)’.

Non-governmental support for cyber security at the local level

Furthermore, the East Europe Foundation, a non-profit organisation, supports local authorities in Ukraine in building a strong, active civil society, effective, democratic government at all levels, and institutional development among community organisations and government agencies. Moreover, it provides cyber security training for local authorities with the platform zlozumilo, and some experts have indicated participation in this training. For example, an IT specialist of a southern Ukrainian community noted: ‘We cooperate a lot with the U-Lead programme, and we had support with opening our TSNAP. And we also participate in the cyber security training conducted by the Eastern European Foundation’.

These examples show that Ukrainian local administrations have received support from the EU and non-governmental initiatives in their fight against cyber attacks. However, as the following part shows, they continue to face considerable challenges.

Ukrainian hromadas. Source: MapChart

Challenges to cyber security at the local level

The interviewed local authorities’ representatives explained that they have faced several challenges regarding cyber security since the full-scale invasion began. One of those challenges is the lack of active and young people as they fled, especially from the southern regions.

A decision-maker from a southern Ukrainian community stressed: The community has huge problems with the lack of young and progressive people as they moved out and just elderly people stayed, as it is hard for them to flee’.

In fact, many Ukrainian communities are inhabited only by elderly people who simply need resources to survive during wartime. Obviously, this results in a lack of IT professionals who can protect the local administration against cyber incidents. Moreover, a central region representative stated that they, too, lack of IT personnel: ‘In our community, there is only one IT specialist who is responsible for all digital and cyber processes’.

Another challenge relates to the comparatively low priority of cyber security. A decision-maker from a northern Ukrainian region highlighted the physical damage in the community and their priority for rebuilding the houses of citizens, which were damaged during Russian attacks on Ukraine:

‘We have a lot of destroyed houses; citizens are actively using the Diia digital application [created by Ukraine’s Ministry of Digital Transformation to boost digitalisation of public administration], recording the damage to their buildings due to the war. And in this case, digitalisation is very helpful, in terms of processing and recording cases, which is a priority at the moment. However, the community doesn’t have enough sources for cyber protection against cyber incidents.’

A third challenge is local administrations’ limited capacity to seek funding. Despite the EU’s support for Ukrainian local authorities and the possibility of applying for different grants, the application procedure for EU projects is often complex. This complexity can be illustrated by the statement by local authorities’ representatives that highlighted the significant administrative burden involved in preparing applications, meeting eligibility criteria, and complying with reporting requirements: ‘We have to deal with recovering physical damage, providing everyday services for our citizens, and at the same time the application for EU-funded projects needs special attention and qualification. We are engaged, but it takes time’. For example, smaller communities lack the necessary expertise, personnel and financial resources to effectively navigate these procedures. So, while grants offer valuable opportunities, the complexity of the application process often hinders full participation and limits the potential benefits for Ukrainian municipalities. As for the complex procedures for applying for EU funding for cyber security projects, this includes complicated application procedures for writing such programmes, and for this, local authorities will need training and, accordingly, time, which is in short supply in crisis situations.

A fourth challenge is the lack of coordination. It may create insufficient processes of communication between Ukrainian local authorities, national government agencies and EU institutions, leading to fragmented approaches to cyber security governance and implementation. Moreover, the lack of a single strategy and coordination mechanism can undermine the effectiveness of EU support efforts and lead to duplication of efforts. As an IT decision-maker from western Ukraine explained: ‘When we faced the cyber-attack in our community, we didn’t have clear guidelines in this situation, and we have been asking for help from agencies at many levels’.

Another challenge is the lack of financial resources. The Decree of the Cabinet of Ministers of Ukraine No. 590 determines how financial resources can be allocated. Problematically, the resolution does not provide for allocating funds to cyber security in local authorities. As a politician from an eastern Ukrainian community states: ‘The main challenge in the cyber field is the limited budget in the community according to Resolution 590 because all funds are directed to military needs, and if the funds are allocated for something else, it is very frowned upon and negatively perceived in society. There is a full-scale war in the country, and IT servers are very expensive’.

The figure below summarises the five challenges identified at the local level:

Key Challenges at the local level in Ukraine regarding cyber security situation during 2022–2024

Recommendations for the EU institutions and Ukrainian authorities to deepen cyber security at the local level

In order to support Ukrainian local authorities in their fight against cyber attacks, the EU and Ukrainian authorities should:

  • Tighten cooperation between Ukrainian and European municipalities with a focus on cyber security at the local level, such as strengthening twinning programmes.
  • Motivate IT personnel at the local level (1,470 hromadas) with social and economic benefits.
  • Focus on providing training for local authorities’ personnel and coaching them to apply for EU projects.
  • Simplify grant processes and offer direct funding for local governments.
  • Emphasise the creation and study of business English language courses for staff at the local level to improve the application procedure for EU-created projects.
  • Establish coordination guidelines between Ukrainian local authorities, national government agencies and EU institutions.
  • Strengthen cyber-security network building for the personnel of Ukrainian local authorities.
  • Scale up training programmes and mentorship opportunities for local IT personnel.

The blog post is based on an article originally published in Applied Cybersecurity & Internet Governance 3(1), 204–226 (open access).

Scroll to Top