Eric Geller
SECURITY
July 2, 2024
SOURCE:
WIRED

The Tech Crash Course That Trains U.S. Diplomats to Spot Threats

The U.S. State Department is training diplomats in cybersecurity, privacy, telecommunications, and other technology issues, allowing them to advance U.S. policy abroad.

PHOTO-ILLUSTRATION: CAMERON GETTY; GETTY IMAGES

In a sunlight-filled classroom at the US State Department’s diplomacy school in late February, America’s cyber ambassador fielded urgent questions from US diplomats who were spending the week learning about the dizzying technological forces shaping their missions.

“This portfolio is one of the most interesting and perhaps the most consequential at this moment in time,” Nathaniel Fick, the US ambassador-at-large for cyberspace and digital policy, told the roughly three dozen diplomats assembled before him at the Foreign Service Institute in Arlington, Virginia. “Getting smart on these issues … is going to serve everyone really well over the long term, regardless of what other things you go off and do.”

The diplomats, who had come from overseas embassies and from State Department headquarters in nearby Washington, DC, were the sixth cohort of students to undergo a crash course in cybersecurity, telecommunications, privacy, surveillance, and other digital issues, which Fick’s team created in late 2022. The training program—the biggest initiative yet undertaken by State’s two-year-old cyber bureau—is intended to reinvigorate US digital diplomacy at a time when adversaries like Russia and China are increasingly trying to shape how the world uses technology.

During his conversation with the students, Fick discussed the myriad of tech and cyber challenges facing US diplomats. He told a staffer from an embassy in a country under China’s influence to play the long game in forming relationships that could eventually help the US make inroads there. He spoke about his efforts to help European telecom companies survive existential threats from Chinese telecommunications giant Huawei in the battle for the world’s 5G networks. And he warned of a difficult balancing act on AI, saying the US needed to stave off excessive regulation at the UN without repeating past mistakes.

“We really screwed up governance of the previous generation of tech platforms, particularly the social [media] platforms,” Fick said. “The US essentially unleashed on the world the most powerful anti-democratic tools in the history of humanity, and now we’re digging our way out of a credibility hole.”

Restoring that credibility and expanding American influence over digital issues will require tech-savvy diplomacy, and the State Department is counting on Fick’s training program to make that possible. To pull back the curtain on this program for the first time, WIRED received exclusive access to the February training session and interviewed Fick, the initiative’s lead organizer, five graduates of the course, and multiple cyber diplomacy experts about how the program is trying to transform American tech diplomacy.

Fick has called the training program the most important part of his job. As he tells anyone who will listen, it’s a project with existential stakes for the future of the open internet and the free world.

“Technology as a source of influence is increasingly foundational,” he says. “These things are more and more central to our foreign policy, and that’s a trend that is long-term and unlikely to change anytime soon.”

Maintaining an Edge

From Russian election interference to Chinese industrial dominance, the US faces a panoply of digital threats. Fighting back will require skillful diplomatic pressure campaigns on every level, from bilateral talks with individual countries to sweeping appeals before the 193-member United Nations. But this kind of work is only possible when the career Foreign Service officers on the front lines of US diplomacy understand why tech and cyber issues matter—and how to discuss them.

“The US needs to demonstrate both understanding and leadership on the global stage,” says Chris Painter, who served as the first US cyber ambassador from 2011 to 2017.

This leadership is important on high-profile subjects like artificial intelligence and the 5G war between Western and Chinese vendors, but it’s equally vital on the bread-and-butter digital issues—like basic internet connectivity and fighting cybercrime—that don’t generate headlines but still dominate many countries’ diplomatic engagements with the US.

Diplomats also need to be able to identify digital shortcomings and security gaps in their host countries that the US could help fix. The success of the State Department’s new cyber foreign aid fund will depend heavily on project suggestions from tech-savvy diplomats on the ground.

In addition, because virtually every global challenge—from trade to climate—has a tech aspect, all US diplomats need to be conversant in the topic. “You’re going to have meetings where a country is talking about a trade import issue or complaining about a climate problem, and suddenly there’s a tech connection,” says Justin Sherman, a tech and geopolitics expert who runs Global Cyber Strategies, a Washington, DC, research and advisory firm.

Digital expertise will also help the US expand coalitions around cybercrime investigations, ransomware deterrence, and safe uses of the internet—all essentially proxy fights with Russia and China.

“We are in competition with the authoritarian states on everything from internet standards … to basic governance rules,” says Neil Hop, a senior adviser to Fick and the lead organizer of the training program. “We are going to find ourselves at a sore disadvantage if we don't have trained people who are representing [us].”

Diplomats without tech training might not even realize when their Russian and Chinese counterparts are using oblique rhetoric to pitch persuadable countries on their illiberal visions of internet governance, with rampant censorship and surveillance. Diplomats with tech training would be able to push back, using language and examples designed to appeal to those middle-ground countries and sway them away from the authoritarians’ clutches.

“Our competitors and our adversaries are upping their game in these areas,” Fick says, “because they understand as well as we do what’s at stake.”

Preparing America’s Eyes and Ears

The Obama administration was the first to create a tech diplomacy training program, with initial training sessions in various regions followed by week-long courses that brought trainees to Washington. Government speakers and tech-industry luminaries like internet cocreator Vint Cerf discussed the technological, social, and political dimensions of the digital issues that diplomats had to discuss with their host governments.

“The idea was to create this cadre in the Foreign Service to work with our office and really mainstream this as a topic,” says Painter, who created the program when he was State’s coordinator for cyber issues, the predecessor to Fick’s role.

But when Painter tried to institutionalize his program with a course at the Foreign Service Institute, he encountered resistance. “I think we kind of hit it too early for FSI,” he says. “I remember the FSI director saying that they thought, ‘Well, maybe this is just a passing fad.’ It was a new topic. This is what happens with any new topic.”

By the time the Senate unanimously confirmed Nate Fick to be America’s cyber ambassador in September 2022, tech diplomacy headaches were impossible to ignore, and Fick quickly tasked his team with creating a modern training program and embedding it in the FSI’s regular curriculum.

“He understood that we needed to do more and better in terms of preparing our people in the field,” Hop says.

The training program fit neatly into secretary of state Antony Blinken’s vision of an American diplomatic corps fully versed in modern challenges and nimble enough to confront them. “Elevating our tech diplomacy” is one of Blinken’s “core priorities,” Fick says.

As they developed a curriculum, Fick and his aides had several big goals for the new training program.

The first priority was to make sure diplomats understood what was at stake as the US and its rivals compete for global preeminence on tech issues. “Authoritarian states and other actors have used cyber and digital tools to threaten national security, international peace and security, economic prosperity, [and] the exercise of human rights,” says Kathryn Fitrell, a senior cyber policy adviser at State who helps run the course.

Equally critical was preparing diplomats to promote the US tech agenda from their embassies and provide detailed reports back to Washington on how their host governments were approaching these issues.

“It's important to us that tech expertise [in] the department not sit at headquarters alone,” Fick says, “but instead that we have people everywhere—at all our posts around the world, where the real work gets done—who are equipped with the tools that they need to make decisions with a fair degree of autonomy.”

Foreign Service officers are America’s eyes and ears on the ground in foreign countries, studying the landscape and alerting their bosses back home to risks and opportunities. They are also the US government’s most direct and regular interlocutors with representatives of other nations, forming personal bonds with local officials that can sometimes make the difference between unity and discord.

When these diplomats need to discuss the US tech agenda, they can’t just read monotonously off a piece of paper. They need to actually understand the positions they’re presenting and be prepared to answer questions about them.

“You can’t be calling back to someone in Washington every time there’s a cyber question,” says Sherman.

But some issues will still require help from experts at headquarters, so Fick and his team also wanted to use the course to deepen their ties with diplomats and give them friendly points of contact at the cyber bureau. “We want to be able to support officers in the field as they confront these issues,” says Melanie Kaplan, a member of Fick’s team who took the class and now helps run it.

Inside the Classroom

After months of research, planning, and scheduling, Fick’s team launched the Cyberspace and Digital Policy Tradecraft course at the Foreign Service Institute with a test run in November 2022. Since then, FSI has taught the class six more times—once in London for European diplomats, once in Morocco for diplomats in the Middle East and Africa, and four times in Arlington—and trained 180 diplomats.

The program begins with four hours of “pre-work” to prepare students for the lessons ahead. Students must document that they’ve completed the pre-work—which includes experimenting with generative AI—before taking the class. “That has really put us light-years ahead in ensuring that no one is lost on day one,” Hop says.

The week-long in-person class consists of 45- to 90-minute sessions on topics like internet freedom, privacy, ransomware, 5G, and AI. Diplomats learn how the internet works on a technical level, how the military and the FBI coordinate with foreign partners to take down hackers’ computer networks, and how the US promotes its tech agenda in venues like the International Telecommunication Union. Participants also meet with Fick and his top deputies, including Eileen Donahoe, the department’s special envoy for digital freedom.

One session features a panel of US diplomats who have helped their host governments confront big cyberattacks. “They woke up one morning and suddenly were in this position of having to respond to a major crisis,” says Meir Walters, a training alum who leads the digital-freedom team in State’s cyber bureau.

Students learn how the US helped Albania and Costa Rica respond to massive cyberattacks in 2022 perpetrated by the Iranian government and Russian cybercriminals, respectively. In Albania, urgent warnings from a young, tech-savvy US diplomat “accelerated our response to the Iranian attack by months,” Fick says. In Costa Rica, diplomats helped the government implement emergency US aid and then used those relationships to turn the country into a key semiconductor manufacturing partner.

“By having the right people on the ground,” Fick says, “we were able to seize these significant opportunities.”

Students spend one day on a field trip, with past visits including the US Chamber of Commerce (to understand industry’s role in tech diplomacy), the Center for Democracy and Technology (to understand civil society’s perspective on digital-rights issues), and the internet infrastructure giant Verisign.

On the final day, participants must pitch ideas for using what they’ve learned in a practical way to Jennifer Bachus, the cyber bureau’s number two official.

The course has proven to be highly popular. Fick told participants in February that “there was a long wait list” to get in. There will be at least three more sessions this year: one in Arlington in August (timed to coincide with the diplomatic rotation period), one in East Asia, and one in Latin America. These sessions are expected to train 75 to 85 new diplomats.

After the course ends, alumni can stay up-to-date with a newsletter, a Microsoft Teams channel, and a toolkit with advice and guidance. Some continue their education: Fifty diplomats are getting extra training through a one-year online learning pilot, and State is accepting applications for 15 placements at leading academic institutions and think tanks—including Stanford University and the Council on Foreign Relations—where diplomats can continue researching tech issues that interest them.

Promising Results, Challenges Ahead

Less than two years into the training effort, officials say they are already seeing meaningful improvements to the US’s tech diplomacy posture.

Diplomats are sending Washington more reports on their host governments’ tech agendas, Fitrell says, with more details and better analysis. Graduates of the course also ask more questions than their untrained peers. And inspired by the training, some diplomats have pushed their bosses to prioritize tech issues, including through embassy working groups uniting representatives of different US agencies.

State has also seen more diplomats request high-level meetings with foreign counterparts to discuss tech issues and more incorporation of those issues into broader conversations. Fick says the course helped the cyber officer at the US embassy in Nairobi play an integral role in recent tech agreements between the US and Kenya. And diplomats are putting more energy into whipping votes for international tech agreements, including an AI resolution at the UN.

Diplomats who took the course shared overwhelmingly positive feedback with WIRED. They say it was taught in an accessible way and covered important topics. Several say they appreciated hearing from senior US officials whose strategizing informs diplomats’ on-the-ground priorities. Maryum Saifee, a senior adviser for digital governance at State’s cyber bureau and a training alum, says she appreciated the Morocco class’s focus on regional issues and its inclusion of locally employed staff.

Graduates strongly encouraged their colleagues to take the course, describing it as foundational to every diplomatic portfolio.

“Even if you're not a techie kind of a person, you need to not shy away from these conversations,” says Bridget Trazoff, a veteran diplomat who has learned four languages at the Foreign Service Institute and compares the training to learning a fifth one.

Painter, who knows how challenging it can be to create a program like this, says he’s “heard good things” about the course. “I’m very happy that they've redoubled their efforts in this.”

For the training program to achieve lasting success, its organizers will need to overcome several hurdles.

Fick’s team will need to keep the course material up-to-date as the tech landscape evolves. They’ll need to keep it accessible but also informative to diplomats with varying tech proficiencies who work in countries with varying levels of tech capacity. And they’ll need to maintain a constant training tempo, given that diplomats rotate positions every few years.

The tone of the curriculum also presents a challenge. Diplomats need to learn the US position on issues like trusted telecom infrastructure, but they also need to understand that not every country sees things the way the US does. “It's not just knowing about these tech issues that’s so essential,” Sherman says. “It's also understanding the whole dictionary of terms and how every country thinks about these concepts differently.”

The coming years could test the course’s impact as the US strives to protect its Eastern European partners from Russia, its East Asian partners from China and North Korea, and its Middle Eastern partners from Iran, as well as to counter Chinese tech supremacy and neutralize Russia’s and China’s digital authoritarianism.

Perhaps the biggest question facing the program is whether it will survive a possible change in administrations this fall. Officials are optimistic—Fick has talked to his Trump-era counterparts, and Painter says “having an FSI course gives it a sense of permanence.”

For Fick, there is no question that the training must continue.

“Tech is interwoven into every aspect of … American foreign policy,” he says. “If you want to position yourself to be effective and be relevant as an American diplomat in the decades ahead, you need to understand these issues.”

Eric Geller is a journalist covering cybersecurity and technology. His stories have explored efforts to protect elections from hackers, take down cybercrime gangs, improve the security of commercial and open-source software, and regulate vital U.S. infrastructure. He spent more than six years as a cyber reporter at Politico; prior to that, he covered tech policy and served as an editor at The Daily Dot.

Atrisk Corporation (ATSK), the respective legal and trading names of Atrisk, headquartered at 300 Delaware Ave, may be identified by its International Standard Name Identifier (ISNI) of 0000 0005 1367 5143, its Legal Entity Identifier (LEI) of 2549002K5Q8WUKP21B56, its Managing LOU of 5493001KJTIIGC8Y1R12 (Bloomberg Finance), its S&P Global Company ID of 8058644, its Copyright Clearance Center IDO200 Ringgold ID of 671947, its OpenCorporates ID of us_de/7481692, its Global Legal Entity Identifier Foundation (GLEIF) XML Verification of 2549002K5Q8WUKP21B56, its Standard Industrial Classification (SIC) Code of 7382, its North American Industry Classification System (NAICS) Code of 56162, its Business Registry of RA000602 (DE-US), its Business Registry Identifier of 7481692, its Legal Form of Corporation (XTIQ), its Legal Industry of Security Systems Services, its Entity Status of Active, its Compliance Status of Good Standing, among other entity and attribute identifiers, either publicly listed on the 2024-2025 Compliance & Investor Factsheet or available via legal@atrisk.us

+1 855-ATRISK-1
© 2024 Atrisk Corporation. All rights reserved.
We're Hiring: https://career.atrisk.us

Hello. Are you an employee? https://alarm.atrisk.us
Atrisk Corporation (ATSK), the respective legal and trading names of Atrisk, headquartered at 300 Delaware Ave, may be identified by its International Standard Name Identifier (ISNI) of 0000 0005 1367 5143, its Legal Entity Identifier (LEI) of 2549002K5Q8WUKP21B56, its Managing LOU of 5493001KJTIIGC8Y1R12 (Bloomberg Finance), its S&P Global Company ID of 8058644, its Copyright Clearance Center IDO200 Ringgold ID of 671947, its OpenCorporates ID of us_de/7481692, its Global Legal Entity Identifier Foundation (GLEIF) XML Verification of 2549002K5Q8WUKP21B56, its Standard Industrial Classification (SIC) Code of 7382, its North American Industry Classification System (NAICS) Code of 56162, its Business Registry of RA000602 (DE-US), its Business Registry Identifier of 7481692, its Legal Form of Corporation (XTIQ), its Legal Industry of Security Systems Services, its Entity Status of Active, its Compliance Status of Good Standing, among other entity and attribute identifiers, either publicly listed on the 2024-2025 Compliance & Investor Factsheet or available via legal@atrisk.us

+1 855-ATRISK-1
© 2024 Atrisk Corporation. All rights reserved.
We're Hiring: https://career.atrisk.us

Hello. Are you an employee? https://alarm.atrisk.us