This month, officials from the U.S.-EU Trade and Technology Council (TTC) have said they are having discussions about funding digital infrastructure in developing countries. This comes as Russia's invasion of Ukraine highlights the importance of supporting countries that are most vulnerable to nation-state cyberattacks. What other events surround this decision and in what would this council invest? Find out in this post.
Events surrounding the TTC decision
First off, what is the U.S.-EU TTC? It is a group created in 2021 to address policies on bilateral trade and strengthen cooperation on technology advances between the U.S. and the EU. Further, they intend to work together with like-minded third countries. That is, countries that value, or are struggling with upholding, democracy, freedom and other human rights.
One of the accomplishments of the TTC was to coordinate the two economies to impose sanctions on Russia during the ongoing invasion of Ukraine. Now, their concerns with this war do not stop at economy but rather expand to technology as well. Therefore, the conflict has fueled the interest of the two jurisdictions in helping infrastructure funding in Ukraine.
The cyberwar has increased the importance of securing organizations' information systems in countries vulnerable to nation-state cyberattacks. Already a series of worrisome events have been seen in the past two months in Costa Rica. There, the Conti ransomware gang (allegedly based in Russia) conducted a wave of cyberattacks against organizations, including systems of the government and private firms. And only a few weeks ago, the country was hit by another ransomware operation that may also have ties with Conti.
TTC officials told the Wall Street Journal (WSJ) this week that the council will tackle the issue of heightened risk in developing countries by funding their cybersecurity. The plan is that the projects kick off by the end of this year, likely in Africa and Latin America. This is unprecedented news. It's the first time the U.S. and the EU would join forces to help protect the critical infrastructure of foreign countries against cyberattacks.
By the explanation of one EU official, the council is stepping in before these countries accept funding from China. This proves an urgent matter for the U.S., as its relationships with some countries in Latin America may be deteriorating in favor of China. Case in point, the Ninth Summit of the Americas that was held earlier this month was met with harsh criticism after the Biden administration excluded Cuba, Venezuela and Nicaragua from the event. Moreover, top leaders from Mexico, Bolivia, Guatemala, Honduras and El Salvador skipped the meeting in protest. Journalist Roberto Lovato has commented on the significance of the discontent, saying that China is building infrastructure throughout South America and would likely gain more power in the region. For example, in Brazil, China has invested in a number of projects in the sector of information technology.
The concern with China goes beyond the growth of its trade relationships. An EU official told the WSJ that there are some security risks to using Chinese technology. Reportedly, products by some manufacturers may come with "flaws that can be used for government espionage." For instance, various news outlets said in 2018 that, for five years, China had been transferring confidential data from the Chinese-built information infrastructure in the African Union's headquarters in Ethiopia. Moreover, China has had a history of censorship, creating regulations that bar content on the Internet that criticizes the current regime. So, countering China, the TTC expects with its plans to defend privacy and democracy.
What would the TTC invest in?
The agenda of the TTC revolves around securing information and communications technology and services (ICTS). As a key outcome since last year, they mention launching a task force for funding secure, resilient and rights-respecting ICTS supply chains in foreign countries. In the council's statement, they say they aim to encourage the use of providers that do not represent a high risk. As to where do they get the money from, they have turned to public funding bodies, development finance banks and EU Member State export credit agencies.
In this new project, the TTC would be taking the opportunity, as previously suggested to the EU, to work closely with countries that are less developed and have (more) vulnerable democracies. The focus would be on developing digital regulation (e.g., data protection policies), therefore enhancing privacy and fighting disinformation. They also would work on enhancing the investment in connectivity and the cooperation in security and technology development.
Regarding the funding of physical infrastructure, the WSJ says that a model would be the USD 30M project in which the U.S., Australia and Japan helped fund the construction of an undersea cable to secure communications networks to Palau, an archipelago in Oceania.
But does this initiative not go beyond funding? Julia Schuetze, who directs projects for international cybersecurity policy, has expressed that this initiative should not be a matter of just paying for the infrastructure but also helping develop capabilities to maintain the security of the infrastructure. This may prove most beneficial to countries where there are fewer cybersecurity professionals. She says that these countries especially "have a hard time keeping infrastructure protected because equipment has to be kept up-to-date with security threats." So, to achieve their goals, the TTC may have to sustain a long-lasting engagement with these countries.
Although this news sounds promising for the Americas, we at Fluid Attacks reiterate the importance of testing the security of systems while they are being developed. Our ethical hackers use several techniques to find the vulnerabilities in organizations' systems before malicious attackers do. By fixing these issues promptly, firms throughout the continent can prevent ransomware and other kinds of attacks. Want to learn more? Contact us.
Recommended blog posts
You might be interested in the following related posts.
An OffSec Exploitation Expert review
An interview with members of our hacking team
A brief overview of this recent EU draft regulation
Increase the board's cyber savvy with these reads
Soon it will be a must in cybersecurity due to NIS2
Toyota's ancient and recently disclosed data leaks
Watch out for keylogging/keyloggers
There's not an only way but here's a good one