The era of United States dominance in the digital world and internet governance is gradually eroding with the expanding digital footprints of rival nations like China and Russia. This is reflected in the United States’ inability to sustainably promote its vision of an open, interoperable, secure, and reliable internet, govern by multi-stakeholders. International cyber capacity building was identified as an enabler of this vision, but oversight, inefficient cyber diplomacy structure, and process on the part of the United States government agencies remain a hindrance to such initiative.
Recently, the ‘Cyber Diplomacy Act of 2021’ was being presented to fill this gap and to forge a way forward for the United States to regain its rightful leadership position of promoting international norms and standards in cyberspace. Passing this ‘act’ is aimed at greatly increasing the influence of the nation in cyberspace through international cybersecurity capacity building.
An Open, Interoperable, Reliable, and Secure Cyberspace
In 2011, President Obama set the stage to intensify the United States efforts to secure cyberspace with the introduction of the international strategy for cyberspace, and an international Cyber Capacity Building (CCB) was identified as one of the priority policy areas of this strategy. The strategy was America’s diplomatic approach to promoting a cyberspace environment that is open, interoperable, reliable, secure, and governed through the multi-stakeholder model. It identified the necessity for internationally agreed norms of responsible state behavior and confidence-building measures as necessary components to creating such an enabling environment.
In 2015, the United Nations Group of Governmental Experts on Developments, in the Field of Information and Telecommunications and in the Context of International Security (Group of Governmental Experts) identified CCB as the third pillar for responsible state behavior in cyberspace. To align with this, the United State cybersecurity strategy of 2018, released during President Trump’s administration listed international cybersecurity capacity building as a means of advancing American’s global influence in cyberspace. This reflects the importance the United States placed on CCB towards achieving its vision.
However, International CCB remains an area the United States government has not fully taken advantage of because: the capacity building has repeatedly been overlooked as a cybersecurity priority and the present diplomacy framework and processes are inadequate to meet the collaboration required for cybersecurity issues.
The Cyber Diplomacy Act of 2021 identifies this gap by stating that America needs to redouble its efforts in ensuring it remains a leader in the push for an open, interoperable, reliable, and secure internet. The Act is meant to support the United States’ international cyber diplomacy efforts by establishing the necessary structure to strengthen its leadership position in cyberspace. It proposes to create an office of International Cyberspace Policy within the Department of State, headed by an officer with the rank of ‘ambassador’.
This policy memo highlights some externalities associated with international CCB that impacts the United States’ vision for cyberspace and calls on policymakers to support the passing of the Cyber Diplomacy Act as it is being debated within the Senate.
What is International Cyber Capacity Building?
According to the United Nations, CCB is an enabler for promoting adherence to international law and the implementation of norms of responsible state behavior, as well as supporting the implementation of confidence-building measures. Collett describes international CCB as encompassing all activities that involve the inter-border collaboration of individuals, organizations, or governments with the aim of developing capabilities that will globally lessen the digital risks and result in the safe, secure, and open use of the internet and emerging technologies. Ford emphasis that it remains an element of international security and it represents a way of making the cyber policy more visible globally.
Status of Chinese Efforts in Global Cyber Capacity Building
1. Ability to adhere to international norms and internet governance requires nations to have the capacity to implement them. Hence, to operate in a free, secure, and open internet, nations need infrastructure, an enabling environment, and cyber capacity. These three elements are missing in the developing nations of the global south – home to the poorest nations of the world.
2. While United States’ diplomacy structure as it relates to cyberspace is slow in embarking on proactive effort to assist these nations with any of the three aforementioned elements, the Chinese government continues to aggressively expand its digital footprint by funding and building infrastructure worldwide through its Belt and Road Initiative (BRI) program. An initiative that about 70% of nations worldwide have signed cooperation or memorandum of understanding.
3. These situations could result in increased supply chain risk exposure for close to 140 nations due to infrastructures that were designed, installed, operated, and maintained by Chinese firms. China now has a broader entry point to implant different forms of vulnerabilities through infrastructure projects. This is evident in the data espionage incidents of the Africa Union’s headquarter building which was funded, architected, and built by the Chinese. The United States has also been the victim of China’s intellectual property theft.
4. With China’s expanding dominance in infrastructure and the highlighted negative effects on the promotion of a safe and secure internet, international capacity building appears to be a tool that the United State and its allies can use to slow down Chinese influence.
5. International Cybersecurity Capacity building requires collaboration and involves the transformation of people, institutions, and society. It is aimed at improving capabilities that mitigate risks to the safe, secure, and open use of the internet, and this may not be something the Chinese government would willingly invest in.
Why the Cyber Diplomacy Act of 2021?
Cyber Diplomacy Act of 2021 aims to strategically position the US for 21st-century cyber diplomacy challenges by proposing the establishment of an office of International Cyberspace Policy within the Department of State. The office will be headed by a senior official, at the rank of an ambassador – essentially the United States ambassador to cyberspace.
The cyberspace ambassador will lead and be a subject matter expert among the Department of State’s management as it relates to international cybersecurity on the internet, digital economy, and cybercrime.
The ambassador has 23 listed responsibilities to support the United States international cyber policies, among which are:
1. To promote an open, interoperable, reliable, unfettered, and secure information and communications technology infrastructure globally – i.e., to promote U.S cyber policy.
2. To act as a liaison to civil society, the private sector, academia, and other public and private entities on relevant international cyberspace issues; – These are the stakeholders involved in CCB at both the national and international level.
3. To promote the building of foreign cyber capacity.
4. To consult, as appropriate, with other government agencies on related cyber functions.
Countering the cyberspace efforts of China and its like-minded nations e.g., Russia and North Korea through international cyber capacity building is an initiative that the United States, needs to consider as a matter of urgent concern. The Cyber Diplomacy Act of 2021 will create an enabling environment and establish a way for the U.S to balance China’s dominance through international cybersecurity capacity building.
Since past recommendations on international CCB have always laid emphasis on stakeholders’ collaboration and coordination, the proposed Bureau of International Cyberspace Policy would serve as a coordination center (local and international) for the United States’ international cybersecurity initiatives – which includes cybersecurity capacity building.
This policy memo calls on members of the senate to vote overwhelmingly for the passage of this Diplomacy Act of 2021, which is aimed at increasing the US influence through:
1. Expanding network of foreign nations that will support the United States foreign cyber policy of an open, free, and secure cyberspace.
2. Reducing the influence of rival China’s digital footprint by empowering stakeholders in foreign nations through international cyber capacity building.
3. Solidifying the US cyber deterrence strategy.
Olatunji Osunji is a Cybersecurity Architect at the World Bank. He is pursuing his PhD at Marymount University, USA, with a special interest on cybersecurity capacity building and risks associated with the emerging technologies. He is also a research assistant at the Global Foundation for Cyber Studies and Research, Washington D.C, USA.