Diplomatic Efforts to Combat Cyber Threats and Maintain International Cyber Resilience

Line of Effort 2: Disrupt and Build Resilience to Malicious State Activity

Given the interconnected nature of cyberspace, international cooperation is crucial to deny, disrupt, and counter adversary activities in and through cyberspace.

The Department of State leads efforts, including facilitating international outreach, to address the rising threat of disruptive or destructive cyberattacks on the critical infrastructure of the United States and its allies and partners. This includes sharing through diplomatic channels joint cybersecurity advisories with the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and National Security Agency (NSA), and allies and partners on threats; capacity building and information sharing with new and existing partners to mitigate cyber threats and ensure the resilience of their critical infrastructure; and using bilateral, multilateral, and other fora to clarify and communicate expectations about adherence to international law and the framework for responsible behavior in cyberspace. In addition, members of the Quad have developed joint principles for the cybersecurity of critical infrastructure and NATO members have committed to ensuring the resilience of critical infrastructure, enhanced protection of critical infrastructure through training and exercises, and shared intelligence on threats.

As part of its counter adversary cyber activity, the Department of State provides foreign policy guidance and uses diplomatic engagements to support the Department of Defense (DoD)’s efforts to campaign in and through cyberspace below the level of armed conflict to reinforce deterrence and frustrate adversaries. As laid out in the 2023 DoD Cyber Strategy, U.S. Cyber Command continues to defend forward to discover, expose, and protect against the sources of malicious cyber activities and to reinforce responsible state behavior by encouraging adherence to international law and internationally recognized cyberspace norms. The DoD Cyber Strategy also notes that cyber operations are most effective when used in concert with other instruments of national power, including diplomatic engagement and cyber capacity building.

The Department of State, in close coordination with interagency and international partners, will continue to organize and execute sustained diplomatic pressure campaigns to raise international and public awareness of significant cyber threats and to increase the costs and risks to malicious cyber actors. For example, the United States has worked with allies, partners, and the private sector to disrupt DPRK revenue-generation efforts through cybercrime, crypto theft, and IT workers. U.S. Cyber Command, NSA, DHS, DOJ, and the FBI have exposed North Korean malware, seized malicious cyber infrastructure, seized cryptocurrency and fiat currency, and shared actionable threat intelligence with the private sector. The Department of State coordinates action with the Republic of Korea through a bilateral DPRK Cyber Working Group, including information sharing and policy coordination. Also, the United States, Japan, and the Republic of Korea coordinate efforts to counter DPRK cyber threats through a trilateral working group announced during the Camp David Summit in August 2023. The Department of State has also briefed officials around the world on threats posed by DPRK IT workers and cyber actors and deployed foreign assistance funds to build capacity to detect and defend against DPRK cyber and crypto threats.