1. Activity Background:

The purpose of the US Agency for International Development (USAID) Cybersecurity for Critical Infrastructure in Ukraine Activity is to strengthen the resilience of Ukraine’s critical infrastructure from cyberattacks by establishing trusted collaboration between key cybersecurity stakeholders in the government, private sector, academia, and civil society. The activity aims to achieve this goal by implementing the following activity components:

Component 1: Strengthen the cybersecurity enabling environment

The legal, regulatory, and institutional framework for national cybersecurity in Ukraine needs to be strengthened and aligned with international standards and best practices. This component will strengthen the cybersecurity resilience of Ukraine’s critical infrastructure sectors by addressing legislative gaps, promoting good governance, enabling collaboration between stakeholders, and supporting cybersecurity institutions. This component will also build the technical capacity of key sectors through increased access to cybersecurity technology and equipment.

Component 2: Develop Ukraine’s cybersecurity workforce

Ukraine suffers from a severe shortage of cybersecurity professionals. This component of the USAID Cybersecurity for Critical Infrastructure in Ukraine Activity will address workforce gaps through activities that develop new cybersecurity talent and build the capacity of existing talent. These activities will address the entire workforce pipeline, the quality of education received by cybersecurity specialists, and industry training programs to rapidly upskill Ukraine’s workforce to respond to immediate cybersecurity vulnerabilities.

Component 3: Build a resilient cybersecurity industry

A growing cybersecurity industry in Ukraine will contribute directly to national security and prosperity. This component will seek to build trust and collaboration between the public and private sector to develop innovative solutions for future cybersecurity challenges; spur investment and growth in the broader cybersecurity market in Ukraine through greater access to financing; support smaller cybersecurity companies to rapidly increase the number of local cybersecurity service providers; and offer mechanisms for Ukrainian firms to connect with industry partners to enable better access to innovations and business opportunities.

2. Context:

The State Service for Special Communications and Information Protection (SSSCIP) is a specialized central executive body responsible for ensuring Ukraine’s cybersecurity, development and implementation of the government policy to protect the government information resources and critical information infrastructure.

In October 2019, SSSCIP embarked on a reform aimed at optimizing its structure and functions to be more effective, efficient, and capable of protecting critical infrastructure objects from cyber threats. As part of our support for broader cybersecurity reforms in Ukraine, the Activity is providing assistance and expertise needed to SSSCIP as part of their reform process.  There is a plans announced by the GOU stakeholders to split governmental communications, information protection and cybersecurity functions for improving cybersecurity governance, reducing management risks, increasing transparency and accountability. The new State Cybersecurity and Information Protection Service (SCIPS) will be established to perform functions currently under SSSCIP mission. 

The Activity seeks a consultant to perform review and analyze previous audits and available information, identify areas/opportunities for the improvement, design the models for the establishing new entity, develop legislative agenda based on the international standards and best practices, provide input to the public discussion of the proposed reforms.

3. Tasks/Responsibilities

Under oversight of the Enabling Environment Lead, the Consultant will:

• review and analyze previous audits and available information of the existing cybersecurity functions (protection, regulation, administrative) of SSSCIP and their relevance to the development of “cybersecurity service” model (governance as managed service framework) for SCIPS in order to identify the needed organizational changes (Concept Note);
• develop and present at least 3 Models for establishing SCIPS aimed at:
  1. clearly defining and assigning regulatory and administrative functions/responsibilities,
  2. improving cybersecurity governance, reducing management risks , increasing transparent and accountability;
• develop a Legislative Agenda in support of the endorsed by GOU stakeholders SCIPS Model, with detailed descriptions of required legislation for implementation of the reform vision, justification and proposals for incorporation in the legislative package (Legislative Agenda);
• contribute to round-tables discussions (i.e. provide inputs, materials, and conduct presentations), meetings of the Expert Council on Information and Cyber Security, Working Group of the VRU Committee on Digital Transformation, other ad-hoc meetings, first and second hearings, communicate/coordinate with key GOU stakeholders and expert community as required during the period of the agreement performance (STTA contract).

4. Scope of Work

5. Required Qualifications:

• MA in Technology, Law, Public Administration
• Minimum 5 (five) years professional experience in technological (information protection, cybersecurity, digital) policy development, and implementation, public governance reforms in Ukraine
• Experience with international projects, preferably with the GOUs stakeholders
• Excellent written and spoken Ukrainian language skills required 

Qualified candidates should send their CV and cover letter to [email protected]. Only short-listed candidates will receive notice requesting additional information.