WASHINGTON — The State Department’s bureau for cyber policy, founded just 18 months ago, is hard at work on a new strategy for international cooperation against cyber threats, Ambassador-at-Large Nate Fick told the Billington Cybersecurity Summit on Wednesday.
“We will definitely have a draft circulating inside of government this fall,” said Fick, himself in the job just under a year after a career in industry, thinktanks, and the US Marine Corps. “We hope to have the product out in the world, obviously, as quickly as possible.”
The State strategy will build on the National Cybersecurity Strategy released by the White House in May [PDF]. That document notably held up “international partnerships” as one of its five principles, or “pillars.” Sub-themes called for the US to build coalitions to counter cyber threats, strengthen friendly countries’ capabilities for cyber defense, and defend complex, globe-spanning supply chains for technology.
What’s coming out won’t stray from that foundation, Fick emphasized, but it will build on it. “It is by definition a somewhat derivative document,” he told the Billington conference, “but at the same time, we do think there is some conceptual new ground to break.”
What might that new ground look like? Fick, who’ll likely leave a heavy imprint, has been a fervent advocate for international cooperation – among democracies. He started his tour by rushing to Bucharest to help block a Chinese power grab in the International Telecommunications Union. (The timeline was so tight, he told the Hudson Institute in June, that he had to get “sworn in by a notary public at a UPS store in Maine, with a line of people waiting behind me to mail their packages.”)
He’s spent so much time coordinating with the often fractious and factious European Union that, he joked at Billington, that “I probably ought to get an apartment in Brussells.” He’s advocated for a new “cyber assistance fund” to help boost friendly countries’ cybersecurity capabilities in a crisis, without waiting for the annual appropriations cycle. And he recently returned from a trip to Panama, Colombia, and Costa Rica, the last of which is getting $25 million in US cyber aid after severe cyberattacks in 2022.
RELATED: Chinese ‘Volt Typhoon’ hack underlines shift in Beijing’s targets, skills
At the same time, Fick is a fierce opponent of what he considers a Chinese-led campaign to subvert and fragment the free and open global internet. “The Chinese have made a 25-year concerted political and economic push… a deliberate couple-decade strategy of IP theft and government subsidies,” he told the Hudson Institute back in June. “We’re playing market economics, they’re playing geopolitics.”
“We’re not going to match them dollar for dollar in every geography around the world,” he said at Hudson. “We have to build the biggest possible coalition we can – [and] we do have a huge advantage because, in the long term, I’ll put my faith in free markets and democratic systems every time.”
But one longstanding struggle for free-market democracies is how to coordinate their responses to authoritarian threats. That challenge is addressed by another aspect of the White House cyber strategy:
the idea of shifting some of the burden of cyber defense to the private sector — especially the largest, best-resourced, and most technologically sophisticated firms. This idea isn’t just about domestic cyber defense, either: As Fick noted, such cutting-edge companies have played a major role in defending the US, Ukraine, and European allies against stepped-up Russian attacks since the February 2022 invasion, providing everything from security software to unjammable satellite communications to cloud storage for vital data safely out of Russian missile range.
Russian aggression has forced both countries and companies to work better together, Fick is fond of saying. In particular, he told the Billington conference, “The war in Ukraine has cast a very dark shadow across the world, [but] if there is a silver lining to that dark cloud, it is that the war, in my view, has fundamentally transformed — for the better — how we think about public-private partnership.”
When he was a private-sector CEO himself, Fick recounted, cybersecurity “cooperation” with government agencies often “felt like getting hauled in” to be pumped for data, only to get next to nothing in return. “That has fundamentally transformed,” he argued, with much freer flow of information about cyber threats.