MITRE Strengthens Cyber Capacity of Developing Nations
Topics: Cybersecurity, International Relations, Government Agency Operations, Military Operations (General)
From reducing crime to dealing with Russian aggression, developing countries often face some of the same problems as more developed countries. They may also face challenges that are unique to their environment or economy—such as poaching.
“No matter the problem, a strong and secure cyber capability is a powerful asset,” says Johanna Vazzana, a lead for MITRE’s international cyber capacity building team. Vazzana and her three colleagues have traveled to many developing countries to help them build their cyber capacity, such as Ukraine, Ghana, Botswana, Moldova, and Ecuador.
“We help government leaders first identify their high-level goals or missions, then work backwards from there to address cyber planning,” says Vazzana. “We recognize that cyberspace itself is cross-cutting and broad. There are so many adversaries, risks, and opportunities. Often, people don’t know where to start.”
Vazzana says that the MITRE team provides the thinking and tools to assist a national government in getting their hands around the problem. “We help them learn how to use their own resources, contacts, and mechanisms to make progress.”
While the State Department is the team’s primary sponsor, in 2018 the government of Singapore asked MITRE to engage with 10 South East Asian partner countries. Since then, the team has helped these nations build secure, open, and more resilient cyber ecosystems.
The United States, along with a coalition of other developed allies such as the United Kingdom, Australia, and the Netherlands, is committed to helping developing nations build their cyber capacity. The U.S. Department of State and Department of Defense Combatant Commands seek to help developing nations not only achieve their goals—but our nation’s as well. A strong cyber capacity in partner nations is essential to achieving long-term U.S. government success in national security, foreign policy, law enforcement, cybercrime prevention, and economic development.
Vazzana and team have already made significant headway against a difficult problem.
A Distinctly MITRE Approach to Developing Cyber Capacity
MITRE’s first step was to deliver to the U.S. Department of State in 2016 the National Cyber Strategy Development & Implementation (NCSDI) Framework for building cyber capacity. This framework addresses the building blocks of cyber capacity based on eight key capability areas. It continues to be a living and evolving process.
“Our approach is fundamentally different from organizations that bring in spot technology solutions or that focus on cybersecurity alone,” Vazzana says. “Our aim is to help nations develop a free, open, reliable, and secure cyberspace that enables their national goals.
“That goes beyond ad hoc technical solutions. It includes everything from policy and governance to human capital development to organizational transformation and change management.”
The team helps the government leaders define where their nation is currently in terms of people, process, and technology capacity. That way, the team can help leaders articulate where they want to be and establish a thought process that starts with a risk management mindset, using design thinking and multi-stakeholder involvement.
Since 2016, MITRE has directly supported U.S. missions in five developing countries. We’ve also worked through international organizations like the Economic Community of West African States, the Organization for Security and Cooperation in Europe, and the Organization of American States—reaching more than 100 nations.
“Our work and the use of the NCSDI Framework has achieved strong results,” Vazzana says. “We’ve been able to educate key stakeholders in nations of strategic importance to the U.S. by reinforcing international norms, providing essential governance skills and tools, raising awareness and capability to counter global cybercrime. And we’re helping establish the U.S. as the cyber development partner-of-choice in areas contested by China and Russia.”
Gauging Cybersecurity Readiness
Each assignment usually begins with a request from State to work with a nation’s government or an international organization, often centered around an event. In addition to the regional organizations (if involved), the MITRE team works with representatives within the U.S. Embassy in the nation, such as a cyber officer or digital economy officer.
The team soon begins collaborating directly with local government leaders to prepare for the initial forum, which may be a series of interviews, a seminar, or a workshop.
Typically, three of the members travel to the location. In addition to leading a portion (or all) of an event—they listen.
“We’re furiously taking notes and documenting conversations and interpersonal dynamics,” Vazzana says. “This includes taking in the verbal and non-verbal cues—who’s likely to make progress, who’s likely to be resistant and why?”
Back at MITRE in McLean, Virginia, the team performs a qualitative analysis. They put their findings into a series of reports for the State Department, the nation itself, and for the international donor community.
“This is the most important part of our work,” Vazzana says. “State wants to ensure that U.S. contributions are well spent and are coordinated with other efforts. We cooperate with other stakeholders like the Departments of Energy, Commerce, Treasury, and the DoD to help assure a comprehensive U.S. approach and voice.”
The Technology Is the Easy Part
The examples described below (see “International Success Stories Demonstrate Countries’ Unique Needs”) are just a few of the ways the MITRE Cyber Capacity Building team has assisted developing nations.
“We tell our stakeholders, ‘First, you have to define your goals, understand your existing capacity, and have the right mindset, so you can build a strategic plan,'” Vazzana says. “Then putting the right people and processes in place is key to ensuring you can implement your plan and fulfill your aspirations for your country.
“From there, the technology is the easy part.”
—by Bill Eidson