Biden Administration Cybersecurity Strategy Focuses on Diplomacy | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

SAN FRANCISCO—The United States has spent two years supporting Ukraine in one ground war and seven months backing Israel in another, and it continues to prepare for the possibility of a third in Taiwan. But arguably its most persistent focus has been on a far longer-running, more perennial, borderless battle over cyberspace and the future of technology.

The State Department unveiled its own piece of that ever-expanding policy priority this week with the release of its International Cyberspace and Digital Strategy, which lays out a doctrine of “digital solidarity” that emphasizes the role of technology in diplomacy and the need to build international coalitions to uphold an “open, inclusive, secure, and resilient” internet through “responsible state behavior” in cyberspace.

The strategy document, unveiled on Monday, sits at the intersection of three hallmarks of the Biden administration’s first term: an escalating conflict with adversaries such as Russia and China that frequently plays out in the cyber realm; an emphasis on “minilateralism” by building international coalitions and partnerships among smaller, targeted groupings; and a determination to maintain the United States’ global technological primacy.

“Today’s revolutions in technology are at the heart of our competition with geopolitical rivals,” U.S. Secretary of State Antony Blinken said while announcing the strategy at the RSA Conference in San Francisco, which is Silicon Valley’s biggest annual gathering of cybersecurity professionals.

“Our ability to design, to develop, to deploy technologies will determine our capacity to shape the tech future, and naturally, operating from a position of strength better positions us to set standards and advance norms around the world,” Blinken added. “But our advantage comes not just from our domestic strength. It comes from our solidarity with the majority of the world that shares our vision for a vibrant, open, and secure technological future, and from an unmatched network of allies and partners with whom we can work in common cause.”

Speaking to reporters just minutes after that speech, Nathaniel Fick, the U.S. ambassador at large for cyberspace and digital policy, outlined the importance of those global partnerships in setting broader norms and collectively calling out contraventions by the likes of Russia and China. “It’s easy to pick on one kid at the playground. It’s harder to pick on 30 kids,” he said. “So building durable coalitions in these attributions matters.”

The strategy puts into a neater framework much of what the Biden administration has already been doing in practice. In 2021, the administration established the Counter Ransomware Initiative, which has now grown to involve more than 60 countries. Just under one-third of that number have signed a U.S.-led pledge to curb the misuse of commercial spyware. And the United States has played a key role in corralling artificial intelligence safety efforts with the Group of Seven countries, the United Kingdom, and the United Nations.

The State Department has even occasionally put its money where its mouth is, giving $25 million each to Albania and Costa Rica following cyberattacks on those countries that were linked to Iran and Russia respectively. It is also disbursing $500 million to seven countries across Asia and Latin America to help shore up their semiconductor manufacturing capabilities. Blinken also called out a recent investment in the literal piping of the internet—a partnership with Australia, New Zealand, Japan, and Taiwan on an undersea cable that can bring online around 100,000 people in the Pacific Islands.

Fick pointed to his own appointment in 2022 as a prime example of the administration’s tech-centric foreign policy. “For two years, we’ve had a bureau at the State Department focused on these issues. We’ve had somebody with an ambassadorial title representing us on these issues, and broadly, it’s an attempt to integrate and elevate our diplomatic approach on these things,” he said.

Cybersecurity and cyberdefense remain the most urgent facets of U.S. tech policy. The United States has faced numerous and increasing cyberattacks from China, Russia, Iran, and North Korea in recent years that have compromised critical infrastructure such as gas pipelines, water suppliers, and even health care systems. The intelligence community has also repeatedly warned of potential Russian and Chinese efforts to influence the upcoming U.S. presidential election in November.

The State Department’s strategy places significant emphasis on the threat of adversarial cyberattacks, but it is far from the first Biden administration document to do so. The White House released its National Cybersecurity Strategy in March 2023—followed by an implementation plan in June—and the Defense Department released its own cyber strategy document in September.

Even Blinken’s announcement earlier this week wasn’t the administration’s most recent cyber document. On Tuesday, the White House Office of the National Cyber Director released an update to last year’s implementation plan, along with a first-ever report on the U.S. cybersecurity posture, which outlines the country’s readiness to fend off adversaries.

“We’ve made good progress, and we have to do more—we have a ways to go,” said Harry Coker Jr., the White House’s national cyber director, during another panel at the RSA Conference. “Cybersecurity is a space where there’s no downtime.”

For U.S. diplomats, however, the effort to build coalitions goes hand-in-hand with continuing attempts to engage adversaries—particularly on thorny issues such as cyberattacks and AI guardrails.

Fick, who accompanied Blinken on a trip to China in late April that included meetings with Blinken’s Chinese counterpart Wang Yi and Chinese President Xi Jinping, said that the two countries have agreed to meet in a “third country” in the coming weeks to hold a bilateral dialogue on AI safety and trust in order “to ensure that we maintain a communication channel on the most important and transformative of the various emerging technologies that are in front of us.”

Blinken also conveyed that “holding American critical infrastructure at risk, especially civilian critical infrastructure, is dangerous, it’s escalatory, it’s unacceptable,” Fick added.

But one prominent source of recent bilateral friction was notably not mentioned: “I will say, the Chinese did not raise TikTok,” Fick said.

The vision laid out in the State Department’s digital strategy means that Washington may need to have tough conversations with allies and partners whose use of technologies may not align with that vision. Israel’s use of AI systems to pick targets for bombing in Gaza has raised alarm bells, for instance, while another key strategic partner, India, frequently tops the global list of internet shutdowns by number and has cracked down on online dissent more broadly.

“When allies and partners step over the line in that regard, we don’t hesitate to call them out,” Fick said in response to a question from Foreign Policy. “Someone once told me: ‘Looking the other way as your friends do bad things is thuggery,’ so it’s important to hold allies and partners to the same standard as we are advocating elsewhere.”

In the meantime, Fick added, Washington will remain focused on leading by example.

“In a world where you’ve got maybe a few dozen countries that are more or less always aligned on these things and a handful that more or less always are not, that leaves a huge number in the middle that, for their own national interests, don’t want to be forced to make a choice and shouldn’t be forced to make a choice,” he said.

“I’ve joked before that I’ve got two teenage daughters,” Fick added. “Pounding the table and saying ‘my way or the highway’ doesn’t work with them, and it generally doesn’t work in diplomacy.”


Click Here For The Original Source.

National Cyber Security