May 23, 2024 By Jonathan Reed 3 min read

U.S. Secretary of State Antony Blinken announced the new U.S. International Cyberspace and Digital Policy Strategy during the recent RSA Conference in San Francisco. The strategy emphasizes the role of technology in diplomacy and the urgent need to build international coalitions.

“Security, stability, prosperity — they are no longer solely analog matters,” Blinken said at the conference.

The new strategy focuses on “digital solidarity” not “digital sovereignty,” Blinken said, emphasizing the importance of collaboration with like-minded nations. Also mentioned was the need to limit the influence of ideologically opposed authoritarian nations.

What does this new document mean for cybersecurity in the context of international diplomacy? Let’s find out.

A dual approach to cyberspace and digital policy

As per the State Department document, the strategy’s dual approach consists of:

  1. Rebalancing responsibility for defending cyberspace onto the government and private sector organizations that are the most capable and best positioned to reduce risks.
  2. Realigning incentives to favor long-term investment in cybersecurity through diplomacy, partnerships and information-sharing.

As per the strategy, the Department of State and interagency partners will build digital solidarity through four areas of action, which are outlined below.

Action area 1: Promote, build and maintain an open, inclusive, secure and resilient digital ecosystem

In coordination with allies, partners, the private sector and civil society, the State Department will campaign for open, interoperable, secure, trusted and reliable telecommunication networks, especially on 5G wireless networks. This also includes the development and deployment of cloud security, database security and secure undersea cables and satellite communications.

Action area 2: Align rights-respecting approaches to digital and data governance with international partners

The State Department and other federal agencies are building and reinforcing digital solidarity emphasizing these three aspects:

  1. The trusted flow of data.
  2. Advocacy for multistakeholder, risk-based approaches to digital and data governance.
  3. The promotion of shared values and governance principles for critical and emerging technologies, like artificial intelligence.

However, the document states that “the rise of a growing digital sovereignty narrative that has been embraced by some of our close partners and allies has the potential to undermine key digital economy and cybersecurity objectives.”

The State Department argues against data localization, network usage fees, digital services taxes and other market access barriers that contribute to the perception of increased control. These might actually undermine growth and security objectives, as per the document.

Action area 3: Advance responsible state behavior in cyberspace and counter threats to cyberspace and critical infrastructure by building coalitions and engaging partners

The document says that when a state engages in any destructive, disruptive or destabilizing malicious cyber activity contrary to international norms, responsible states must cooperate to hold that irresponsible state accountable.

As part of its counter-adversary cyber activity, the State Department provides foreign policy guidance and uses diplomatic engagements to support the Department of Defense (DoD)’s efforts to reinforce deterrence and frustrate adversaries. Some tactics include seizing malicious cyber infrastructure, seizing cryptocurrency and fiat currency and sharing actionable threat intelligence with the private sector.

Action area 4: Strengthen and build international partner digital policy and cyber capacity

The strategy document mentions that “Adversaries, and the PRC (People’s Republic of China) in particular… look to out-match the United States and like-minded partners by offering holistic support for ICT development from full package training programs to higher-level education and scholarships.”

In response to these challenges, the State Department plans to continue to provide partners with expertise and training to develop and govern secure, rights-respecting digital ecosystems. Through technical assistance, ICT and telecom policy capacity building and training grants, the strategy document describes pro-competitive legal and regulatory reforms required to remain competitive.

Plenty of cyber diplomacy work to do

The U.S. International Cyberspace and Digital Policy Strategy emphasizes unity and solidarity. This approach is necessary given today’s dangerous and increasingly complex threat landscape. However, Washington should anticipate tough conversations with allies and partners whose use of technologies may not completely align with the State Department’s vision.

More from News

Zero-day exploits underscore rising risks for internet-facing interfaces

3 min read - Recent reports confirm the active exploitation of a critical zero-day vulnerability targeting Palo Alto Networks’ Next-Generation Firewalls (NGFW) management interfaces. While Palo Alto’s swift advisories and mitigation guidance offer a starting point for remediation, the broader implications of such vulnerabilities demand attention from organizations globally. The surge in attacks on internet-facing management interfaces highlights an evolving threat landscape and necessitates rethinking how organizations secure critical assets. Who is exploiting the NGFW zero-day? As of now, little is known about the…

Will arresting the National Public Data threat actor make a difference?

3 min read - The arrest of USDoD, the mastermind behind the colossal National Public Data breach, was a victory for law enforcement. It also raises some fundamental questions. Do arrests and takedowns truly deter cyberattacks? Or do they merely mark the end of one criminal’s chapter while others rise to take their place? As authorities continue to crack down on cyber criminals, the arrest of high-profile threat actors like USDoD reveals a deeper, more complex reality about the state of global cyber crime.…

CISA adds Microsoft SharePoint vulnerability to the KEV Catalog

3 min read - In late October, the United States Cybersecurity & Infrastructure Security Agency (CISA) added a new threat to its Known Exploited Vulnerability (KEV) Catalog. Cyber criminals used remote code execution vulnerability in Microsoft SharePoint to gain access to organizations’ networks. The CISA press release states that “these types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.” However, Microsoft identified and released a patch for this vulnerability in July 2024. Cybersecurity experts…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today