Empowering Global Cyber Resilience: United States' Efforts in Partner Cyber Capacity Building

Line of Effort 2: Augment Partner Cyber Capacity Building Efforts

Cyber capacity building efforts—which usually focus on strengthening a nation’s ability to adopt and develop cyber policies and strategies or improving their technical ability to detect, respond to, and recover from cyber incidents—have a direct and positive impact on international cyber stability and the security of U.S. citizens. Assistance directed at policy- and strategy-making increases states’ credibility and engagement in international discussions. It provides them with the national-level capabilities needed to implement the norms developed under the framework for responsible state behavior in cyberspace, to conform with the standards of the Budapest Cybercrime Convention, to hold irresponsible actors accountable in cyberspace, and to develop a national-level approach to counter persistent cyber threats and build long-term resilience. Improving partner operational capabilities makes it more likely they will be able to combat transnational cybercrime threats, share useful cyber threat and incident information with the United States, and successfully partner with the United States in operations to disrupt malicious cyber activity.

Over the last two decades, the Department of State has collaborated with other agencies, international partners, regional organizations, and the private sector to build cyber capacity abroad. Officials and private sector professionals from around the world participate in workshops on industrial control systems held with CISA. The United States assists efforts by the Organization of American States in areas such as cyber incident response, national cybersecurity strategy development and implementation, cybersecurity awareness, and cyber workforce development. The United States is a leading donor to Council of Europe programs designed to expand adoption of the Budapest Cybercrime Convention. The Global Forum on Cyber Expertise (GFCE), of which the United States is a founding and active member, provides a global platform to connect cyber policymakers, practitioners, and experts and to match assistance programs with recipients.

Multiple agencies have supported international partners in using and adapting the NIST Cybersecurity Framework, and the Department of State has supported international participation in the development of version 2.0 of the framework. The NICE Workforce Framework for Cybersecurity (NICE Framework) has been leveraged to support talent development and management. The Department of Commerce, NIST, USAID, and the Department of State will engage international partners to promote the development of critical and emerging technology standards in areas such as best practices regarding data capture, processing, privacy, handling, and analysis; trustworthiness, verification, and assurance of AI systems and AI risk management; and content authentication and provenance, synthetic content detection, and content labeling. In addition, NIST has selected four algorithms designed to withstand cyberattacks by quantum computers and is developing standards for U.S. Government use. The Department of State will work with NIST to internationalize – including through ongoing engagements in international standards bodies – these post quantum cryptography standards so that organizations around the world can integrate them into their encryption infrastructure. They will also continue engaging international partners in developing and implementing cybersecurity best practices in areas such as Zero Trust, IoT cybersecurity, digital identity, operational technology, software security, and supply chain risk management.