Equipping U.S. Partners in Cyberspace is a Must
Co-author Jiwon Ma is a program analyst at CCTI, where she contributes to the CSC 2.0 project. Follow Ma and Montgomery on Twitter @jiwonma_92 and @MarkCMontgomery.
EXPERT PERSPECTIVE — As the Russia-Ukraine war continues to rage, the resilience of the Ukrainian critical infrastructure in the face of Russian cyber assaults has been an unexpected bright spot.
After the damage Russia has inflicted on Kyiv with cyber tools in previous years, Ukraine has become “quite good at cyber defense,” National Cyber Director Chris Inglis observed earlier this month. The dramatic improvement in the capabilities of Ukrainian defenders is due in part, to U.S programs that bolster the ability of key allies and partners to keep their critical infrastructure secure from authoritarian influence and other malicious cyber activity. Without these programs, Russia’s cyberattacks might have caused cascading damage across Europe and the United States. Insufficient U.S. funding, however, has hindered the growth of cyber capacity building efforts in vulnerable allies and partners, weakening U.S. security in the process.
Cyber capacity building takes many forms: training programs for foreign law enforcement agencies to include enhanced investigative capabilities, network detection and response activities, and joint military cyber exercises, all with the intent of equipping allies and partners with the tools necessary to better plan for, mitigate, prevent, and respond to cyber threats.
According to the March 2020 report of the congressionally mandated Cyberspace Solarium Commission, these cyber capacity building programs provide long-term benefits to our allies by enhancing their cyber resilience and improving their ability to provide effective cybersecurity.
Ukraine has participated in several aspects of U.S. capacity building programs. The U.S. Agency for International Development (USAID) has provided Ukraine with over $40 million in development assistance since 2017, to strengthen Ukraine’s legal and regulatory environment, enhance public-private partnerships that secure Ukraine’s critical infrastructures, and develop Ukraine’s cyber workforce. The State Department has funded countries with similar, limited cyber capacity building efforts through the Economic Support Fund (ESF).
In addition, U.S. Cyber Command (CYBERCOM) has conducted “hunt forward” operations with Ukrainian operators. General Paul Nakasone states hunt forward missions were “directly in support of mission partners.” During these defensive operations, operators from both nations observe, identify, and remediate malicious cyber activity.
This year, CYBERCOM conducted its first hunt forward operation in Lithuania as part of the U.S. effort to strengthen our allies’ digital defenses against Russian threats. In the last four years, CYBERCOM has deployed to 16 different nations for 28 hunt forward operations, including 11 operations that were vital in defending the U.S. during the 2020 elections against foreign threats.
These hunt forward operations not only strengthen allied or partner networks’ resilience against cyber threats, but also provide insights that inform the U.S. homeland defense. All cyber capacity building programs have a ripple effect on U.S. national security interests in a number of ways.
First, improving the overall capacity of allies and partners to prevent, mitigate, and recover from cyberattacks can enhance U.S. economic stability and national security. For instance, to pressure Taiwan to cease resisting Beijing’s push toward unification, China could attack key supply chains, such as those for global semiconductors. Washington would then face a choice between abandoning a key partner or a global economic meltdown. But capacity building effort