We interviewed the Eastern Partnership Digital Security Practitioners Network about its mission to grow local digital security capacity to protect civil society organizations, independent media, and human rights defenders facing sophisticated cyber threats, and how efforts like Common Good Cyber can avoid losing specialized capacity built over a decade.

Can you introduce the Eastern Partnership Digital Security Practitioners Network and its work improving cybersecurity in the public interest?

The Eastern Partnership Digital Security Practitioners Network brings together experienced digital security specialists from Armenia, Belarus, Georgia, Moldova, and Ukraine with exceptional track records in providing organizational security support to at-risk civil society organizations and independent media, investigating targeted phishing and malware attacks and delivering crucial security training to civil society. Network members are active participants of the international Rapid Response Network and its Computer Incident Response Center for Civil Society as well as work for well-known local organizations. Formally established in November 2024, we represent years of informal cooperation dating back at least to 2018.

Our mission is growing local digital security capacity to protect civil society organizations, independent media, and human rights defenders facing sophisticated cyber threats. We operate as the first line of defense for at-risk groups, with members working for the lead local and international cybersecurity organizations as well as independent specialists.

In the Eastern European region, civil society and independent media face increasingly complex digital threats. How does your network help protect these groups, particularly in politically sensitive or high-risk environments?

The threat landscape is severe. Since February 2022, Ukraine has faced unprecedented Russian state-sponsored cyber attacks. Belarus authorities have waged relentless campaigns against civil society for decades, reaching a new peak since 2020. We see growing attacks against civil society in Georgia, spyware infections in Armenia, and Kremlin-sponsored attacks in the information space of Moldova.

Our work includes direct security assistance, organizational audits, incident response, threat research, and training. We collaborate internationally while maintaining deep local expertise and trust relationships essential for protecting high-risk civil society.

Your model brings together practitioners across borders. What advantages does this regional network approach offer for digital security, and how do you foster trust and collaboration in such a diverse geopolitical landscape?

We face shared adversaries using similar attack methods across countries—our defenses should be equally coordinated. For example, the same phishing campaigns or malware families appear regionally, so our network can share indicators and defense strategies, improving response times and ensuring better preparedness against future attacks.

During political crises, elections, or military conflicts, demand for digital security support often spikes beyond local capacity. Network members can provide remote assistance, skill-sharing, or temporary support on the ground. Some members have established forensic threat labs and knowledge hubs, others offer specialized knowledge in such areas as web security or organizational risk-based audits, yet others can offer guidance with IT procurement or information system architecture, benefiting the entire community.

Trust within the Network is strengthened through our shared commitment to protecting civil society and shared principles of providing digital security services, but we have painstakingly  built it by maintaining regular community convenings and facilitating practitioners’ cooperation across different contexts over many years. 

Can you share an example where the network’s support tangibly improved the resilience of an at-risk organization or journalist? What does effective, context-sensitive digital security look like in your region?

Here is a brief example of our members offering security support while leveraging inter-Network connections:

An exiled Belarusian investigative journalist requested our local member’s help with a malicious email attachment. The latter shared collected indicators with Ukrainian Network members that confirmed the same attacks were taking place against activists in Ukraine. Hence, together they uncovered a simultaneous malicious campaign carried out by the same adversary against Belarusian and Ukrainian targets and consequently alerted high-risk civil society actors from Ukraine and Belarus about the threat.

We know that effective digital security requires rapid response capability, as attacks often coincide with political or security events when stakes are highest. Additionally, trust-building

takes time, especially with organizations facing life-threatening risks, requiring sustained local presence. Hence, the members of our Network spent years building up capacity of local practitioners that understand specific risks, political context, and operational constraints that international providers might miss.

At the same time, due to the fluctuating demand for digital security services, instability of funding, and increasing sophistication of technology, we see a real benefit in having a strong digital security community across the region that practitioners can lean on for mutual support. 

In short, Network’s experience demonstrates that effective digital security comes from a sustained local presence on the ground paired with an ability to quickly engage specialized knowledge of their peers from across the region or promptly alert the latter of an emergent threat.

What are the biggest sustainability challenges you face—whether political constraints, funding insecurity, or digital infrastructure gaps—and how are you navigating them?

The January 2025 U.S. funding suspension created an unprecedented crisis. Our April 2025 rapid assessment of the state of the digital security community in the EU Eastern Partnership region reveals the devastating scope: 50% of respondents lost more than 75% of their funding for digital security service provision, with another 30% losing 50-75%. Major programs supporting our work were terminated or suspended. Some respondents noted that as a result, the funds remaining for the specialized digital security NGOs they are affiliated with would allow them to continue operations for less than six months and frequently at a reduced capacity. These organizations have already implemented layoffs, salary cuts, and dramatically reduced services. Our member, co-founder of CyberHUB Armenia, Artur Papyan reported: “We have already let go of two employees, stopped providing IT audits to human rights NGOs altogether, and significantly reduced the number of incident response activities.” 

Human resource shortage has always been a challenge in the nonprofit digital security sector, due to fluctuating demand for services, a unique combination of both technical skills and interpersonal abilities, and trust-building required to do this work. The digital security community in our region has also put significant effort into trying to diversify the cadre of practitioners in recent years, so we can better support the diverse civil society actors needing our services. The funding cuts have made such a shortage more severe. Many members of our Network (and community at large) are now forced to seek commercial contracts or consider leaving the field entirely.

Political pressures force many to work from exile while psychological distress increases in a field already prone to burnout. As put by our Chair, Iryna Chulivska, who is from Ukraine, “The sudden US funding cuts had a very negative impact, undermining trust in donors as a whole, and completely depriving practitioners of at least some stability, which is already scarce in Ukraine.”

Compound effects: As civil society organizations struggle with basic costs, digital security becomes deprioritized, ironically increasing their vulnerability when sophisticated attacks continue. As our Board member Uladzimir explains, “Cybersecurity is not a priority for NGOs when there is no way to pay salaries or rent an office.”

What kind of international support or partnerships would most help you scale your impact and ensure long-term digital resilience for civil society in the region? How can initiatives like Common Good Cyber contribute meaningfully?

This is something we have discussed with members of the Network and within our community as a whole, in particular, as a part of the rapid assessment conducted in April of 2025. Below are some of our shared ideas:

Emergency bridge funding: The crisis requires immediate intervention. Our assessment reveals local digital security NGOs need over $1 million USD in direct funding to replace what was lost through 2025. Without prompt action, we risk losing specialized capacity built over a decade—capacity that would be exponentially more expensive to rebuild given current threat sophistication and established trust networks.

Sustainable, flexible resources: Provision of multi-year core operational support rather than project-based grants goes a long way, and not just for cybersecurity NGOs. While the community is currently exploring other funding models, practitioners note that offering commercial services to at-risk civil society is not always viable or ethical, highlighting why sustainable donor support remains essential. At the same time, the ever changing nature of cyber security requires practitioners to remain flexible in their choice of approaches, beneficiaries, or types of interventions—which should also translate into flexibility of donor requirements and expectations.

Systemic capacity building by/with the engagement of local specialists: Training models that may have worked ten or even five years ago (i.e., one-off ToTs) are no longer effective. The experience of our Network members demonstrates that to grow local capacity, we need to implement comprehensive, year-long programs, often paired with local peer-to-peer support or mentorship. Current funding instability only highlights this challenge. 

Coordinated donor response: The US government funding cuts revealed dangerous reliance on a narrow set of donors by civil society and crowding of other funders out of this space in our region. Common Good Cyber could facilitate coordination among donors to ensure comprehensive coverage and avoid future single-point failures.

Practitioner wellbeing support: The psychological toll faced by digital security service providers is severe—and is comparable to that experienced by human rights defenders. Flexible mental health support and adequate compensation are critical for retention.

Regional infrastructure strengthening: We are also seeking support for shared threat intelligence platforms, joint interventions, and collaborative forensic capabilities that leverage our cross-border cooperation model.

The most valuable partnerships would provide emergency stabilization now while building long-term sustainability, recognizing that rebuilding lost capacity would be far costlier than preserving existing networks and expertise.