Nate Fick, the State Department’s Ambassador at Large for Cyberspace and Digital Policy, speaks at an Atlantic Council event on April 6. (Screengrab)
WASHINGTON — The State Department’s roving ambassador for cybersecurity, Iraq combat vet Nate Fick, recently said the department would “push” for a special, flexible fund to assist friendly foreign countries in cybersecurity crises, adding he was optimistic Congress would approve the necessary changes to statute.
“First, we’re making a push for a dedicated cyber assistance fund. We did it after 9/11 for counterterrorism, we should do it now,” he said of the fund last week in the final minutes of an Atlantic Council panel with other senior cyber officials from Justice, Homeland Security, and the White House. “We don’t have the mechanisms in place for rapid, dedicated response. That would help a lot, and I think there’s support for it on the Hill.”
The special fund was part one of three-part plan Fick outlined to “close the gap [in] global demand for capacity building.”
“Second, we need to get beyond flying people around the world to deliver hands-on capacity building,” he said. “That’s necessary, but it’s insufficient. [We can] to deliver scaled capacity building using online tools that we do to complement in-person delivery. So we need to modernize our delivery mechanisms for basic cyber capacity building globally.
“And then third — and this is a lesson I think we saw in Ukraine; we’ve seen it in Albania in the wake of the Iranian cyber attack — there’s a large role for the for the private sector here, where we can play a brokering and introduction kind of role, but they’re not government dollars being used, and we can bring a lot of private sector capacity to bear quickly.”
The State Department did not respond to Breaking Defense’s request for more information about the funding or Fick’s broader plan, but it’s probably no coincidence that all three pillars militate for greater speed. More flexible funding means not having to wait for the congressional appropriations cycle, where even emergency supplemental funds take months to pass and regular budgets take a year, not counting years of prep work within the executive branch. More online training means helping foreign partners get the skills they need without having to wait for an American expert to fly out. And more mobilization of the private sector means the US can facilitate a response from whatever company is quickest, without waiting for government processes at all.
Speed matters because cyber attacks often happen without warning and rapidly evolve even after discovery. Now, it may take weeks or months for hackers to gain access to a system, scout out its weak points, and tailor software to exploit them, but once the groundwork’s laid, a damaging attack or theft of data can take place in seconds. And it’s strategically important to help targets when they’re hurting most, not months after, noted another federal official speaking alongside Fick.
“When people experience cyber attacks, whether it’s companies, whether it’s individuals, whether it’s nation-states, they’re at their most vulnerable,” said Marshal Miller, a former prosecutor who’s now principal associate deputy Attorney General at the Department of Justice. “When we as a government can help those folks at that moment, that’s an incredible relationship-building opportunity.”
The FBI, for example, has “cyber action teams… ready to move to any part of the globe to help an ally or a partner, [such as] recently, Montenegro, Costa Rica, [and] other countries,” Miller continued. “We’ve been able to help them when they’re at their most vulnerable and that’s a great way to not only defend [friends] and disrupt [foes], but also build alliances and relationships.”
Sometimes the US even manages to get in ahead of the crisis, as with the military team US Cyber Command deployed to Ukraine three months before Russia’s February 2022 invasion. But for all the the US already doing, the appetite for such assistance, leader ship and ideas in cyberspace is tremendous, said Fick.
“I was in Brussels on March 2, the day that the [US National Cybersecurity] strategy was released, and I really got a visceral sense of the hunger on the part of our NATO allies and our colleagues across the [European Union]. I spent the entire day fielding very specific, detailed, insightful questions that come only from reading it closely and thinking deeply about it. So make no mistake, our national strategy is of great interest to allies and partners around the world.”
RELATED: National Cyber Strategy seeks to ‘rebalance’ cyber responsibility towards industry
More broadly, “the demand for capacity building and [cyber] literacy support around the world is absolutely overwhelming,” Fick said. “And it takes a bunch of a bunch of different forms… We tend to think of it in terms of technology capacity building; that’s only a piece.
“One of the greatest areas of assistance that we can give allies and partners is actually in the conceptual arena, the cultural arena, the strategic arena,” Fick continued. “Sure, approaches have to be tailored to unique national circumstances, but a lot of what we’ve done across the different parts of the US government can in fact be templated and customized [to fit our allies]. Let’s not reinvent the wheel.”
ROC-X – The solution to organic precision strike capabilities
At AUSA Global Force 2024, IAI will present integrated, AI-driven combat systems – both manned and unmanned – that are opening new opportunities on the battlefield.
Israeli F-35s were targeted in Iranian barrage but survived unscathed, IDF says
IDF Chief of Staff Herzi Halevi visited an Israeli base home to F-35s on Monday, emphasizing Iran’s missiles had caused only minor damage to the facility.
