The US and EU will reportedly work together to fund improvements to the cybersecurity of critical infrastructure in developing countries. The plan aims to help these nations better withstand attacks and improve the international community’s overall online resilience. The US has been engaged in this global cybersecurity “capacity building” for some time, and while this policy is not entirely altruistic, it can benefit the battle against criminal gangs.
Said to have emerged from the recently convened EU-US Trade Technology Council, the plan will see Europe and America fund programs to improve cybersecurity in areas where their respective policies align. This is likely to include measures to prevent the use of technology providers such as China’s Huawei, which have been identified as a security risk.
“This is very much a question of defending democracy and defending people’s rights,” said an EU official familiar with the talks quoted by the Wall Street Journal.
How will the EU and US fund cybersecurity in developing countries?
The US and EU hope that by working together and providing funding they will make it less likely that countries will accept support from China, the EU official told the WSJ. The arrangement could see US and European companies bidding for contracts to provide digital infrastructure which might otherwise go to Huawei or other Chinese tech businesses.
Africa and Latin America are likely to be the first regions to receive funding, and the partnership could be up and running by the end of the year. Russia’s war with Ukraine is said to have reiterated the need to provide strong cybersecurity around critical infrastructure.
In April the US and its allies in the Five Eyes Security Alliance, which includes the UK, issued a joint advisory stating a Russian attack on critical infrastructure was “imminent”, though so far no such attack has been publicly acknowledged.
However, Central and South American nations have been regular targets for hackers in recent years, with the Lapsus$ gang beginning its campaign in Brazil by targeting the country’s health ministry, and more recently Costa Rica coming under a sustained barrage of attacks from the Conti ransomware gang, which crippled many of its public services.
How the US uses cyber ‘capacity building’
If confirmed, the partnership will be the latest example of the US policy of supporting ‘capacity building’ in international cybersecurity. After the SolarWinds supply chain attack in late 2020, attributed to Chinese hackers, the US government announced that its long-term response to the aggression of Russian and Chinese-backed cybercriminals would involve co-operating ‘with allies and partners to counter malign cyber activities,’ with a particular focus on shoring up collective resiliency and attribution.
The US and the EU have already worked together to strengthen cybersecurity provisions in Eastern Europe, campaigning to strengthen government institutions, develop new cyber laws and institute best practices for cybersecurity. Similar moves are now taking place in Africa and the Indo-Pacific, and the new partnership would be the latest manifestation of this.
While stronger cybersecurity is beneficial to the entire international community, this capacity-building programme is also useful to the US for promoting its view of how the internet should develop and be governed, Laura Bate, senior director at the US Cyberspace Solarium Commission, told Tech Monitor last year. It also helps safeguard US and European institutions. “It is not so dissimilar to having people vaccinated, or wearing masks,” Bate said. “It’s one of these things that takes a whole community to really improve security for each individual actor, and the group as a whole.”