The IT Nerd

The US Department of State have rolled out an International Cybersecurity Strategy. Here’s what it’s all about:

The National Cybersecurity Strategy calls for two fundamental shifts: rebalancing the responsibility to defend cyberspace and realigning incentives to favor long-term investments.  The digital ecosystem’s biggest, most capable, and best-positioned actors – be they in the public or private sectors – can and should assume a greater share of the burden for mitigating cyber risk.  When entities across the public and private sectors face trade-offs between temporary fixes and long-term solutions, they must have the resources, capabilities, and incentives to choose the latter.

The U.S. commitment to international partnerships on cyber issues remains strong, and the Strategy emphasizes working with our allies and partners to build a defensible, resilient, and values-aligned digital ecosystem.  Advancing shared goals requires promoting a global cyberspace where responsible state behavior is expected and where irresponsible behavior is both costly and isolating.

This Strategy sets out a path to secure the promise of our digital future.  Its implementation will build a durable cyber foundation for the Administration’s goals in infrastructure, clean energy, equity, democracy, and economic opportunity.  Fundamentally, it recognizes that cyberspace does not exist as its own end, but as a tool to pursue our highest aspirations.

Interesting. Tom Siu, CISO, Inversion 6 had this comment:

The announcement of an international cybersecurity strategy by the US Department of State will be an important acknowledgement of the impact of cyber in the realm of US foreign policy.  In essence, “cyber diplomacy” will affect how our nation relates to others, but we must remember that much of the origin of internet protocols, as evidenced by the Request for Comments (RFC) documents through the Internet Engineering Task Force (IETF) established technical standards that were agnostic of international divisions.  The internet, and the domain of cybersecurity, is a stateless (in a geopolitical sense) entity.

The question that comes to mind for me is will this newly announced strategy change statecraft to adapt to rapid changes in information flow, or will this strategy simply be added to the tools available to current foreign policy strategies.  

The brief description provided by Politico seems to point out that the US foreign policy, in the context of cybersecurity, is to use it as a tool to continue with declining American influence in the cyber realm, rather than a new Cyber Monroe Doctrine or promoting a series of cybersecurity RFCs which are adopted as both technical and behavioral standards.

The announcement of the $50M “Cyberspace and Digital Connectivity Fund” seems small in the realm of ransomware payouts, but may be useful in enhancing the cyber capabilities of our partners and allies.

This should be interesting to watch and see how effective it is. Which is something that will take years to measure.

This entry was posted on May 7, 2024 at 8:12 am and is filed under Commentary with tags State Department. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.