As things stall in the United Nations on all things cyber, the United States has been actively engaged in strengthening cyber cooperation with key individual states, as well as regional blocs, in an effort to share information, collaborate, and address state and nonstate actor threats. From a law enforcement perspective, these joint activities have proven effective in neutralizing some of the more pervasive cybercrime groups (e.g., ransomware gangs), prominent crime forums (e.g,, Genesis Market), and bulletproof hosting services that have inflicted substantial financial damage on the global community. What’s more, the United States has fully implemented its “defense-forward” strategy that includes proactively helping states with cybersecurity – whether that take the form of funding, training, or in the case of the United States’ tip of its cyber weapon, U.S. Cyber Command “hunt-forward” teams that collaborate with a host country to neutralize the activities and infrastructure of hostile threat actors. The United States has demonstrated that cyber cooperation does not have to be a static formal agreement but can also assume more dynamic measures.
Though formal agreements between states on cybersecurity matters is a necessary step in trying to bring countries together under a likeminded rubric, the verdict is still out on whether they are an effective means to bring about the type of security change necessitated by an ever-changing cyber threat environment. This challenge is further increased when trying to address nation state threats, particularly those that target the countries entering into these agreements. States have been entering formal and informal cybersecurity agreements for quite some time, though the degree to which these engagements are robustly supported is a matter of debate. There is little evidence at least provided publicly showing quantifiable metrics where state collaboration has made substantial gains in neutralizing other states’ hostile cyber activity. For the most part, press reports have cited incidents where government entities’ cyber attacks have been stopped before causing any impact, though they typically do not provide details as to the nature of the attack or other contextual information.
U.S. Cyber Command’s hunt-forward operations that deploy to countries requesting U.S. help may be the best example of more active collaboration whose results are more tangible, even if those operational details are equally redacted. Nonetheless, their success can be gleaned from the fact that these teams have deployed at least 47 times across 20 countries, a testament to that operational objectives have been achieved, even if the details of what they were have not been for public consumption. However, right now, it appears that hunt-forward collaborations are one-offs, missions that transpire within set parameters and durations. As such, there is a distinction to be made between “requests for assistance” from a state, and a “formal agreement contract” wherein hunt-forward teams consistently or at least routinely monitor a requesting country’s networks. However, it begs the question if such contracts are not in the not-so-distant future, which can certainly raise potential concerns among several countries in the global community.
The United States has long been the major influence when it comes to the Internet and governance matters, but that position has consistently weakened over the past decade as more governments want to ensure that their interests are represented in such matters. Simply, no government can unilaterally dictate how the Internet operates, which has facilitated the need for pacts and blocs to lobby for key positions on issues that effective the global community writ large such as cybercrime, state behavior in cyberspace, data privacy, and state Internet sovereignty. So, as logjams persist in international for a like the United Nations for setting norms, bilateral and regional engagement is taking a more prominent role in filling that void.
Though it’s debatable that the United States is intentionally increasing its outreach via these cooperations to solidify its position as preeminent influence on Internet evolution, the fact remains that these agreements can cause consternation among some (i.e., China) in the international community. Adversaries have notably accused the United States of cyber hegemony, a phrase that has typically focused on the United States’ long standing influence in all things cyber to include governance, standards setting, all with an eye toward “broadening its Internet strategy” beyond adversarial states. U.S. cyber cooperation can be perceived by some as a continuance of this practice – creating regional and global partnerships that allow the United States to not only share information and intelligence, but in those cases where host countries request U.S. assistance, enable U.S. cyber forces to operate in those spaces. This would certainly support a bedrock principle for the Department of Defense strategy – being able to operate in the air, land, sea, space, and cyber domains while deterring adversary behavior in those domains.
This is not to say that this is what the United States is doing. But it does bring attention to how such activities can be perceived by others, regardless of whether they are adversaries or not. What’s more, this can be used in influence operations to chip away at the United States’ image as a beacon of democratic principles. Over the past several months, China has been particularly vociferous in attacking the United States image, accusing it of conducting cyber operations as a means of maintaining its “hegemony” and trying to cause public relations problems by exploiting data leaks that have disclosed alleged U.S. cyber-enabled improprieties against its own citizens and allies. It wouldn’t be a surprise if China started to adjust its disinformation and influence operations campaigns to twist U.S. cyber engagements such as those with Japan and the Quad – two agreements that directly affect China – to further bolster its “U.S. as cyber bully” narrative as well.
On the positive side, despite China’s full-court press, there is little evidence that China’s messaging is having any noticeable persuasive effect on traditionally U.S.-friendly governments. But it doesn’t need governments to jump ship as much as cast enough doubt as to facture their confidence in U.S. intentions of entering into these agreements in the first place. One way to ensure that Chinese messaging doesn’t take hold is to ensure that cyber agreements are more than token acts of good faith and yield tangible results that benefit both parties. Even more so, such successes need to be publicized, when possible, to counter any negative image attacks being pushed via public channels. Because the best argument against accusations of hegemony is to show quantifiable examples where partnership was not only required, but it also made the difference, with the United States playing a supportive, and even secondary role, in the effort.