State Department, Congress working on formal program for US cyber aid
The U.S. State Department is in active talks with Congress about creating official channels for helping foreign nations prevent and recover from cyberattacks and develop emerging technologies, America's top digital diplomat said Wednesday.
“We're in a two-way conversation on it right now,” Nathaniel Fick, the ambassador at large for the State Department’s Bureau of Cyberspace and Digital Policy, said during a Defense Writers Group Breakfast.
The effort would include a fund dedicated to technology support, as well as other forms of assistance, he said.
“And my sense is there's pretty broad bipartisan support for it on the Hill,” he added, without mentioning specific congressional offices. “I think there's a pretty broad awareness that we need to do it now.”
Last month the White House announced it would provide $25 million to Costa Rica to help that country recover from a crippling ransomware attack linked to Iran. The Biden administration provided a similar $25 million grant to Albania in the wake of a destructive attack on that country's government last year that has been attributed to Iranian hackers.
The goal is “to think a little bit more holistically about what assistance means,” Fick said.
“It's dollars. It's software. It's capacity building, training people. But it's also … conceptual assistance. It's organizational assistance. It's cultural assistance,” he told reporters. “A lot of time and effort and energy and expertise goes into building out a strategy or building out a set of best practices … These things exist within the U.S. government. We are now providing those kinds of templates to our partners so they don't have to reinvent the wheel. They have to tailor it for their unique circumstance.”
Fick said the existing U.S. assistance mechanism is “not architected” for such matters, especially cybersecurity.
“It doesn't have the kind of flexibility that you need to to address cyber issues,” he said. For example, “a lot of assistance dollars are actually not able to support military or law enforcement organizations. That's a challenge in the cybersecurity space when those are exactly the organizations that own those capabilities in partner countries where we may want to go help out.”
Fick’s office is marking its first anniversary Wednesday and has already had an impact on how Foggy Bottom conducts business in cyberspace. This week it successfully created a “skill code” so that foreign service officers who work a tour on cyber and tech issues get career credit for their time. And the bureau aims to have a cyber officer in every U.S. embassy around the world by the end of 2024, Fick said.
Services in demand
The cyber assistance effort would not necessarily have to be cut out of whole cloth, but rather increases in technology assistance “ideally” would “come mostly from a reapportionment of other resources, because it can't just all be net new.”
He also added there is a “full pipeline of conversations” simultaneously underway with nations around the globe for assistance activities. He did not mention any specific countries.
The cyber diplomat also said he didn’t have an exact dollar figure in mind for the program.
“I am under no illusion we cannot and should not look to deliver sort of Albania-like levels of assistance everywhere that’s needed,” according to Fick, who traveled to the country in the wake of the Iranian cyber strikes.
“There has to be some weird sense of prioritization and our cyber assistance needs to serve our foreign policy priorities. The number’s not 25 million bucks times 192. That's not the number,” he said, referring to the number of existing nations. “But we're in the process of figuring out what can both meet the need and be achievable.”
Martin Matishak is a senior cybersecurity reporter for The Record. He spent the last five years at Politico, where he covered Congress, the Pentagon and the U.S. intelligence community and was a driving force behind the publication's cybersecurity newsletter.