Dive Brief:
- Major tech and cybersecurity companies are partnering to advocate for better cybersecurity-focused foreign assistance by the U.S. government.
- Members of the new Strategic Cybersecurity Coalition (SCC) — Carahsoft, Dell Technologies, Forescout, Google Cloud, Trellix and Velo — say increasing threats require faster deployment of “sustainable, interoperable cybersecurity solutions.”
- The formation of the SCC reflects the tech industry’s frustrations with the current pace of foreign cyber aid.
Dive Insight:
The U.S. for years has struggled to provide rapid cybersecurity support to international allies before, during and after cyberattacks. The Biden administration created a cyber aid program that includes a rapid-response fund, but upgrading the entire foreign-aid bureaucracy to match the speed of cyber incidents has been a challenge. The Trump administration’s pause in foreign assistance, which affected multiple cyber aid programs, has further impeded progress.
Nation-state hackers and cybercrime groups that target U.S. allies frequently target the U.S. as well, which means the U.S. government has a strong interest in understanding threat activity targeting its foreign partners.
“These early lines of defense enable U.S. cybersecurity companies to sharpen their toolkits by stopping cyber attacks which are often precursors to attacks on our own government agencies and critical infrastructures,” Tom Gann, Trellix’s chief public policy officer, told Cybersecurity Dive via email.
But legal and procedural restrictions have hampered the tech industry’s ability to supply other countries with cybersecurity services, which reduces the amount of threat data they can collect and share with the U.S. government. All parties in the system thus have an incentive to make the foreign assistance process easier, experts say.
“It is a national security imperative for the United States to help our partners build their cyber capabilities,” said Tatyana Bolton, the SCC’s executive director. “The security of the United States is intrinsically linked to the cybersecurity posture of its neighbors, as malicious actors can exploit vulnerabilities in partner countries to target U.S. interests.”
To that end, the SCC plans to lobby for incorporating cyber services into the foreign military sales (FMS) and foreign military financing (FMF) processes. In a press release, the group said this change would help the U.S. “enhance collective defense, promote American technological innovation, and deliver cutting-edge cybersecurity solutions around the world, particularly in places most necessary for U.S. operational advantage, including allied nations.”
Bolton said the group would push for a range of specific changes.
“We’re advocating to expand direct commercial contracting authority for cybersecurity, increase acquisition thresholds, adjust congressional notification requirements [to create a $50 million notification threshold for IT and cybersecurity sales], and allow the use of funds like the Special Defense Acquisition Fund and Section 333 for cyber capabilities,” Bolton told Cybersecurity Dive.
Bolton offered an example from the defense space. Military aid programs, she said, often are designed to help foreign countries buy major weapons systems like the F-35 fighter jet, not cybersecurity solutions, which the people involved rarely understand. “Some of these sales take five years — for secure computers, servers, and cyber training, we need to get that down to a more reasonable 12 to 18 months.”
Chris Painter, the top U.S. cyber diplomat from 2011 to 2017, said it is important for the private sector to stress the importance of cybersecurity aid at a time when the federal government seems unenthusiastic about it.
“Especially when the U.S. seems to be stepping away from foreign assistance, this is an important initiative to help address a critical need and possible shortfall that will not only help other countries but be in the interests of U.S. national security,” Painter told Cybersecurity Dive via email.
