EXPERT PERSPECTIVE — As the Russia-Ukraine war continues to rage, the resilience of the Ukrainian critical infrastructure in the face of Russian cyber assaults has been an unexpected bright spot.
After the damage Russia has inflicted on Kyiv with cyber tools in previous years, Ukraine has become “quite good at cyber defense,” National Cyber Director Chris Inglis observed earlier this month. The dramatic improvement in the capabilities of Ukrainian defenders is due in part, to U.S programs that bolster the ability of key allies and partners to keep their critical infrastructure secure from authoritarian influence and other malicious cyber activity. Without these programs, Russia’s cyberattacks might have caused cascading damage across Europe and the United States. Insufficient U.S. funding, however, has hindered the growth of cyber capacity building efforts in vulnerable allies and partners, weakening U.S. security in the process.
Cyber capacity building takes many forms: training programs for foreign law enforcement agencies to include enhanced investigative capabilities, network detection and response activities, and joint military cyber exercises, all with the intent of equipping allies and partners with the tools necessary to better plan for, mitigate, prevent, and respond to cyber threats.
According to the March 2020 report of the congressionally mandated Cyberspace Solarium Commission, these cyber capacity building programs provide long-term benefits to our allies by enhancing their cyber resilience and improving their ability to provide effective cybersecurity.
Ukraine has participated in several aspects of U.S. capacity building programs. The U.S. Agency for International Development (USAID) has provided Ukraine with over $40 million in development assistance since 2017, to strengthen Ukraine’s legal and regulatory environment, enhance public-private partnerships that secure Ukraine’s critical infrastructures, and develop Ukraine’s cyber workforce. The State Department has funded countries with similar, limited cyber capacity building efforts through the Economic Support Fund (ESF).
In addition, U.S. Cyber Command (CYBERCOM) has conducted “hunt forward” operations with Ukrainian operators. General Paul Nakasone states hunt forward missions were “directly in support of mission partners.” During these defensive operations, operators from both nations observe, identify, and remediate malicious cyber activity.
This year, CYBERCOM conducted its first hunt forward operation in Lithuania as part of the U.S. effort to strengthen our allies’ digital defenses against Russian threats. In the last four years, CYBERCOM has deployed to 16 different nations for 28 hunt forward operations, including 11 operations that were vital in defending the U.S. during the 2020 elections against foreign threats.
These hunt forward operations not only strengthen allied or partner networks’ resilience against cyber threats, but also provide insights that inform the U.S. homeland defense. All cyber capacity building programs have a ripple effect on U.S. national security interests in a number of ways.
First, improving the overall capacity of allies and partners to prevent, mitigate, and recover from cyberattacks can enhance U.S. economic stability and national security. For instance, to pressure Taiwan to cease resisting Beijing’s push toward unification, China could attack key supply chains, such as those for global semiconductors. Washington would then face a choice between abandoning a key partner or a global economic meltdown. But capacity building efforts such as CYBERCOM-led hunt forward operations could increase Taiwan’s cyber resilience, enabling Taipei to fend off a Chinese attack that would otherwise harm U.S. national security and the global economy.
Second, cyber capacity building programs help the critical infrastructure of allies and partners, including electrical power grids, water systems, rail lines, ports, and airfields, to remain operational in the face of adversarial attacks — enabling U.S. armed forces to rely on this infrastructure to conduct military operations if necessary.
Finally, a collective approach can reduce the burden on one nation by sharing information and intelligence on ongoing cyber threats. Collective action also carries more weight, particularly in enforcing cyber norms. For example, as the European Union and its member states condemned Russia’s malicious cyber activity against Ukraine, it also reaffirmed its political and financial support to Kyiv to strengthen Ukraine’s cyber resilience.
Opportunity for Action
Cyber capacity building requires persistence and can take years to take effect. Washington needs to establish or enhance funding to assist key allies and partners in responding and countering adversarial influence in cyberspace. The State Department should receive funding for cybersecurity-specific efforts in a number of programs including: ESF, Foreign Military Financing, Assistance to Europe, Eurasia and Central Asia, International Narcotics Control and Law Enforcement, and the Digital Connectivity and Cybersecurity Partnership.
Similarly, CYBERCOM should continue to expand funding for its hunt forward operations. The limited impact of Russia’s cyberattacks against Ukraine has demonstrated the value of a resourced cyber capacity building program, including efforts from the Department of State, USAID, and CYBERCOM to defend Ukraine’s critical networks.
Ultimately, the U.S. and its key allies and partners must enforce responsible state behavior in cyberspace and increase allied and partner nation-states’ capacity to mitigate, recover, and prevent future cyberattacks. Working with our partners and assisting them in creating a proactive defensive posture are pivotal to defending common interests and resources in cyberspace.
Rear Adm. (Ret.) Mark Montgomery is a senior director at the Center on Cyber and Technology Innovation (CCTI) at the Foundation for Defense of Democracies, where he is also a senior fellow. He directs CSC 2.0, which works to implement the recommendations of the congressionally mandated Cyberspace Solarium Commission, where he previously served as executive director. Follow him on Twitter @MarkCMontgomery
Find out more about the Cyber Initiatives Group and help lead the conversation on cyber
Read more expert-driven national security insights, perspective and analysis in The Cipher Brief