Woman holding a cellphone at night

Building Global Cyber Capacity, Nation by Nation

By Denise Schiavone

Two MITRE programs are central to strengthening cyber defense among our nation’s international partners and allies. But they go beyond thwarting adversary threats. The efforts foster U.S. security and stability—and lay the foundation to collaboratively protect citizens, sectors, and networks worldwide.

After a series of damaging ransomware attacks in 2022, Costa Rica’s president, Rodrigo Chaves, requested assistance from the United States. In response, President Biden promised $25 million to enable the Central American nation to develop a cybersecurity program. The commitment came on the heels of a $50 million pledge to help Albania recover from a set of attacks attributed to Iran.

Why does the United States spend money on the cybersecurity of other countries?

Because threats against one nation—from rampant cybercrime to assaults on vulnerable supply chains—impact systems and people globally. A strong international cyber capacity bolsters U.S. national and domestic security, while reinforcing broader efforts in strategic competition.

MITRE’s whole-of-nation approach includes two efforts to strengthen global cyber capacity. Our International Cyber Capacity Building (ICCB) program works through the U.S. State Department to help developing partner nations (including Costa Rica and Albania) improve their strategic cyber capacity. Our Active Defense Capability Set (ADCS) provides training, technology, and technical guidance to support U.S. Department of Defense objectives to increase the cyber abilities of our defense allies.

We count on MITRE’s ICCB work to aid partner nations in developing capabilities that are secure, resilient, and responsive to an ever-evolving technological environment.  

Joanna LaHaie, U.S. State Department

Both efforts draw on MITRE-developed open frameworks and standards, like National Institute of Standards and Technology publications, ATT&CK®, and CALDERA™. And they focus on the policy, processes, and skills needed to make such tools effective.

The result: a global cyber community armed to meet the threats of today and tomorrow.

Principal cyber engineer Denise Olsen, MITRE’s ADCS lead, says, “In conjunction with open frameworks like ATT&CK, ADCS is laying the foundation for true collective self-defense.”

The U.S. State Department’s Director of the Office of International Engagement and Capacity Building Joanna LaHaie says, “We count on MITRE’s ICCB work to aid partner nations in developing capabilities that are secure, resilient, and responsive to an ever-evolving technological environment.”

Shaping the Future of Global Cyberspace

The strongest defenses start with a solid game plan. Our ICCB program guides partner nations around eight cornerstones of cyber strategy: risk management and resourcing; governance and civil law; policy and standards; operational resiliency; incident coordination and response; counter-cybercrime; workforce development; and public awareness.

MITRE’s Cynthia Wright, principal cybersecurity engineer, has worked on the effort since it began in 2016. She’s seen it deliver deep impact.

“In some cases, we’re changing the trajectory of how a country engages, both in their domestic cybersecurity and with the international cyber community,” she says. “For certain nations, we've essentially written the governance charters that shape how they’ll operate in cyberspace for years to come.”

ICCB has assisted nearly 100 countries. Its scope ranges from helping allies like Ukraine counter Russian cyber aggression, to assisting less-resourced African nations in establishing effective governance strategies, to fostering U.S. foreign policy goals in the Indo-Pacific.

In that region, ICCB plans to partner with 28 nations, starting with Bangladesh, Sri Lanka, Mongolia, Vietnam, Thailand, and Nepal. A key goal for the area: countering Chinese influence.

Wright says the initiative has evolved considerably over the years. “Most countries we work with now have a national cyber strategy, but they don't necessarily know where to go from there,” she explains. “We've transitioned to a large degree from assisting partners with developing strategies from the ground up to guiding them on how best to implement and sustain the ones they have.”

To ensure broad success, our team regularly collaborates with international organizations. These include the Organization of American States, the George C. Marshall European Center for Security Studies, and Carnegie Mellon’s Software Engineering Institute.

In addition to our U.S. State Department sponsor, the DoD uses the work for partner security cooperation activities. The Department of Homeland Security also incorporates it into various strategic efforts around cybercrime.

Fighting Adversaries Who Know No Boundaries

Our ADCS capability for international partners emerged from high-profile incidents in American politics. Following the surge of cyber threat activity leading up to the 2020 elections, DoD’s U.S. European Command engaged MITRE to develop a cyber capability building program to teach partner nations how to detect and remove adversaries from their networks.

From there, the effort grew into a five-phase, seven-step methodology to empower our foreign partners to conduct proactive cyber adversary hunting. The process emphasizes sharing threat information across the cyber defender community.  

ADCS includes a pre-assessment of cyber military forces, network infrastructure and cyber tools, and self-study (through MITRE Engenuity™ and Cybrary) in preparation for an in-country technical exchange. Our team also provides an in-depth technical manual. To ensure skills proficiency, we conduct a mission qualification certification and a culminating cyber exercise. For these, we simulate attacks and compromises within our Global Networked Experimentation, Research, and Virtualization Environment space, a.k.a. Global NERVE.

Since the effort’s initial achievements, ADCS will roll out for 21 European countries over the next four years. First stops are Romania and Slovenia. We also plan to implement a tailored program for U.S. Indo-Pacific Command (in Indonesia, Malaysia, and Taiwan, among others) and for U.S. Africa Command (in Ghana, Tunisia, and Morocco).

“I’m thrilled to see us expand like this, rolling out to combatant commands around the world,” says Olsen, who built the original program while deployed to Stuttgart, Germany, before the 2020 elections.

From under-resourced nations to our closest defense allies, our international partners benefit from the complementary aspects and information sharing of ICCB and ADCS cyber initiatives. 

Join our community of innovators, learners, knowledge-sharers, and risk takers. View our Job Openings.