International Cybersecurity Cooperation Looks Great on Paper, but Needs Work on Implementation

Cyber policymakers in the United States can take several steps to improve international cyber training coordination.


Source: DGAP.

It seems like cyber-attacks occur every single day. On May 24th, Microsoft announced that a Chinese state-sponsored hacking group called “Volt Typhoon” has compromised critical U.S. cyber infrastructure across numerous industries. Russian hackers recently attacked Europe’s air traffic agency, the latest in a stream of seemingly daily assaults on countries’ critical infrastructure. In 2023, cybercrimes are expected to drain USD $8 trillion from the U.S. economy. In response, the White House recently released its National Cybersecurity Strategy to address these threats. Within its five-pillar strategy, the United States advocates for working with allies and partners around the world, recognizing the increasingly interconnected and digital landscape where cyber criminals and state actors such as China, Russia, Iran, and North Korea target vulnerable countries and populations to achieve political and economic goals. The fifth pillar, aptly titled “forging international partnerships to pursue shared goals,” is arguably as important as the other four combined.

In recent months, Latin American and Caribbean countries grappled with unprecedented cyber threats from state and non-state actors. Costa Rica’s Revenue Service suffered a ransomware attack in May 2022, forcing citizens to pay taxes by hand. In October 2022, a group called Guacamaya hacked Mexico’s Defense Ministry and six terabytes of data and four million emails exposed the ministry’s problematic surveillance tactics. In December 2022, cyberattacks hobbled Barbados’ Queen Elizabeth Hospital, such that residents could not receive certain medical procedures and services for months. Similarly, Ukraine has withstood repeated cyberattacks from Russia, and Taiwan is strengthening its cyber capabilities against China, but Latin American and Caribbean countries are also looking to fortify cyberspace.

Some Latin American and Caribbean countries have proactively strengthened international partnerships to boost their cybersecurity capabilities. In 2022, the Dominican Republic and the European Union launched the LAC4 cybersecurity training center and trained 60 Dominican students at the Salesiano Technical Institute (ITESA). For years Brazil has had cyber dialogues with the EU and signed a memorandum of understanding with the UK on cyber cooperation. Jamaica is a leader on cybersecurity issues in the Caribbean. The country established a National Cybersecurity Authority this year, has an extensive National Cyber Security Strategy, and received $2 million from the U.S. to create a Cyber Center of Excellence.

However, the region still faces very real cyber vulnerabilities. At a recent regional conference hosted by Florida International University, cyber experts Boris Saavedra of the Perry Center and Louise Marie Hurel of the Royal United Services Institute noted that the region still needs a legal framework for cybersecurity, the political will to make cybersecurity a major priority, and the financial resources to train a local cyber workforce and update outdated digital infrastructure that is vulnerable to ransomware attacks and espionage.

As the United States seeks to counter cyberattacks on its own critical infrastructure, the fifth pillar of the National Cybersecurity Strategy suggests that the U.S. will also invest more in international capacity building with partners and allies. The problem, however, lies in determining who should coordinate and monitor ongoing training activities. The Defense Department, the State Department, and the U.S. Agency for International Development (USAID), among others, are all carrying out international cyber training programs. However, there is little indication of who is the primary coordinating body preventing redundancies in communication and training. Even within the same institution, communication seems to be the primary hindrance to increased efficiency and collaboration.

Cyber policymakers in the United States can take several steps to improve international cyber training coordination. The White House Office of the National Cyber Director (ONCD) has been tasked with coordinating this interagency effort. However, the ONCD must expedite the hiring process of its staff and nominate a new National Cyber Director following Chris Inglis’ retirement. Members of Congress from across the political spectrum recently criticized the administration for taking over two months to identify a replacement for such a crucial position.

In the State Department, Nathaniel Fick’s confirmation and swearing-in as the inaugural Ambassador at Large for Cyberspace and Digital Policy suggests that the U.S. now has a primary point of contact for partner nations. The State Department’s Bureau of International Cyberspace Security Policy Unit, in particular, will be crucial in ensuring that agencies jointly develop and implement cyber training curricula. For instance, USAID can provide country assessments and digital development training, while the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency’s (CISA) international engagement team supports emergency communications and industrial control systems training.

The Department of Defense can also better coordinate the entities providing cyber training and assessments. For example, U.S. Cyber Command, U.S. Southern Command and its Component Commands, and various National Guard units all offer some form of cyber training to Latin American and Caribbean partners, but they should coordinate through U.S. embassies and the countries’ ministries in charge of cyber to ensure such training is additive and not redundant.

Beyond the U.S. government, the Organization of American States (OAS), through its Inter-American Committee against Terrorism (CICTE), serve as a coordinating body for training activities across the Americas. Similar multilateral organizations perform this function in other regions of the world. The Global Forum on Cyber Expertise (GFCE)—a multi-stakeholder community of over 180 members—supports coordination through regional working groups, involving both governmental and non-governmental entities, and conducts capacity-building efforts. Private sector entities like Microsoft, through its Digital Diplomacy team and initiatives such as the Cybersecurity Tech Accord, contribute to shared best practices in capacity building. Finally, academic institutions can serve as neutral conveners for partner nations hesitant to work directly with U.S. government partners.

As the U.S. aims to expand cybersecurity partnerships with Latin American and Caribbean countries, as well as with other global allies, it is imperative that interagency cooperation focuses on capacity-building efforts. In an era marked by the heightened visibility of cyber-attacks and widespread tech proliferation across the region, many governments are pleading for assistance from Washington. Yet, they are often met with inconsistent communication from a multitude of U.S. government entities. Consequently, countries are growing impatient with unfulfilled U.S. promises of support. Instead, they are turning to predatory states such as China for cyber training, safe city surveillance systems, and digital infrastructure investments. The U.S. must work as an equal with our Latin American and Caribbean partners, integrating current interagency and international efforts to boost cybersecurity training and policy. This approach will likely determine whether our allies and partners are adequately prepared to defend against cybersecurity threats or whether training becomes redundant and disjointed across the globe.

Randy Pestana serves as Associate Director for Cybersecurity Policy at the Jack D. Gordon Institute for Public Policy and the Director of Education and Training at Cybersecurity at Florida International University. In these roles, he is responsible for managing the institutes cyber-related partnerships to include U.S. Departments of Commerce, Defense, Homeland Security, Labor, State, and Veterans Affairs, the Organization of American States (OAS), and numerous industry partners across the cybersecurity community.

Leland Lazarus is Associate Director for National Security at Florida International University’s Jack Gordon Institute of Public Policy and a nonresident fellow at the Atlantic Council’s Global China Hub. He formerly served as special assistant and speechwriter to the commander of U.S. Southern Command and as a U.S. State Department foreign service officer in China and the Caribbean.

More Commentary

Scroll to Top