A New Future for Digital Solidarity? Analyzing the United States International Cyberspace & Digital Policy Strategy

The U.S. Department of State’s International Cyberspace & Digital Policy Strategy ("the Strategy”) reaffirms the Biden administration's commitment to being a global leader in cyberspace. Secretary of State Antony Blinken unveiled the Strategy on May 6^th at the 2024 RSA Conference in San Francisco.  

Building on the objectives outlined in the 2022 National Security Strategy and the 2023 National Cybersecurity Strategy, this Strategy prioritizes a multilateral human rights-centric approach to enhancing digital security and driving economic prosperity and inclusion. It seeks to encourage global coalition-building in cyberspace to promote security and resilience, foster rights-respecting digital solidarity, and foster cyber capacity-building between the United States and its partners and allies. This blog examines the Strategy’s guiding principles and areas of action, its emphasis on digital solidarity, and opportunities and barriers for implementation. 

The Strategy: An Overview
   
Three core principles will guide the State Department's work over the next three to five years:  

1. “Pursue an affirmative vision for cyberspace and digital technologies” that is rooted in international commitments and international law, including human rights law and prioritizes delivering technology and digital benefits; 
2. Integrate cybersecurity, sustainable development, and technological innovation through its approach, acknowledging that cyber resilience and security is a prerequisite for, and an enabler of economic growth and vibrant civic spaces; and 
3. Implement a comprehensive policy that leverages diplomatic and statecraft tools throughout the digital ecosystem. 

To achieve these principles, the Strategy lists four areas of action: 

1. “Promote, build, and maintain an open, inclusive, secure, and resilient digital ecosystem; 
2. Align rights-respecting approaches to digital and data governance with international partners; 
3. Advance responsible state behavior in cyberspace, and counter threats to cyberspace and critical infrastructure by building coalitions and engaging partners; 
4. Strengthen and build international partner digital and cyber capacity.”  

The Strategy is the latest example of the Biden administration’s dynamic approach to tackling challenges in cyberspace alongside the National Cybersecurity Strategy and the International Counter Ransomware Initiative. It allows the State Department to distinguish its mission in cyberspace from that of other agencies’ digital and cyber strategies, like the Department of Defense. The Strategy stresses the importance of active engagement through multilateral, multistakeholder, and bilateral approaches, and proposes to sustain these approaches through public-private partnerships, civil society projects, and agreements with allied and partner countries.  

According to the Strategy, these principles and areas of action are a roadmap for success in the digital front of the U.S.-China competition. It identifies China as “the broadest, most active, and most persistent cyber threat to government and private sector networks in the United States.” The Strategy lists subsea cables, digital infrastructure like cloud services and data centers, telecommunications networks, and satellite networks—all of which are technologies in which the United States is competing with China for global dominance—as foundational technologies for today’s digitalized world. Sourcing these technologies from trusted suppliers is important to create a resilient and safe digital environment. The United States supports ongoing efforts to secure these technologies, such as the Digital Connectivity and Cybersecurity Partnership (DCCP). The DCCP promotes diverse telecommunications infrastructure and supply chains with partner countries and supports training programs on cloud computing for partner countries like the Philippines. Other initiatives include implementing the CABLES program to raise awareness of and provide support for secure undersea cables, and the State Department’s promises in the Strategy to partner with other nations to secure low earth orbit systems.  

The Strategy also calls for continuous observation of, and efforts to counter, the “significant harms” of digitalization. Adversarial cyber campaigns like espionage and ransomware, authoritarian cyberspace governance in countries like Russia and China that imposes digital freedom restrictions on citizens, and the ongoing digital divide (which the UN estimates at 1.73 billion individuals) exemplify these harms. Despite calling attention to these harms, the Strategy does not propose ideas for incentivizing states to abide by international rules and norms in cyberspace or how to reprimand states that engage in these harms. 

Digital Solidarity in an Evolving Threat Landscape 

A key cornerstone of the Strategy is the idea of “digital solidarity,” defined as “a willingness to work together on shared goals, to stand together, to help partners build capacity, and to provide mutual support.” The Strategy outlines how digital solidarity can support the United States’ efforts to create resilient coalitions in cyberspace and advance a secure and innovative global digital future. It highlights U.S. assistance to Costa Rica ($25 million in 2023) and Albania (over $50 million in 2023) in the wake of devastating cyberattacks as examples of ways to build this solidarity. The term is meant to be a rallying cry with the hopes of gaining other countries’ support for this approach towards engaging in cyberspace, according to a former State Department official. The Strategy states that “the United States recognizes the need to work together to align approaches to data and digital governance and to promote the research, development, and deployment of critical and emerging technologies.” Digital solidarity will be necessary for the United States to foster strong partnerships and maintain its leadership in cyberspace, the digital economy, and emerging technologies in an increasingly digitalizing world. 

This approach is contrasted with “digital sovereignty,” which the Strategy defines as a more protectionist approach to cyberspace. Policies that undermine digital interoperability and market access, such as data localization, are examples of digital sovereignty that could “undermine growth and security objectives.” Three other major players in cyberspace—the European Union (EU), China, and Russia—all maintain digital sovereignty policies related to cross-border data flows, but their approaches vary. The EU takes a regulatory approach to digital sovereignty that prioritizes protecting individual rights and control its own data, such as through the General Data Protection Regulation (GDPR), which requires companies that operate in the EU to store EU data in local servers. China and Russia, on the other hand, take an authoritarian approach to digital sovereignty policies to promote technology independence (primarily from the West), local data governance, and information control. Examples include China’s Personal Information Protection Law in 2021, modeled after the GDPR, and Russia’s 2019 “sovereign Internet” law that requires internet service providers to install equipment that grants Russian authorities control over information access.  

The Strategy’s approach to digital sovereignty is intended to encompass more than just alliances, according to former Senior Advisor for International Cyber and Digital Strategy Policy in the State Department’s Bureau of Cyberspace and Digital Policy Adam Segal. It is meant to promote collaboration between governments that prioritize rights-respecting technologies. By establishing digital solidarity as the main premise of this strategy, the State Department is signaling to its partners, allies, and adversaries that it is committed to international coalition-building on digital issues that uphold standards, norms, and responsible behavior in cyberspace. 

Opportunities and Challenges for Implementation 

The Strategy offers four initial signposts that will indicate how successful the United States is in accomplishing the Strategy’s objectives:  

1. “Reaching consensus on global norms and guiding principles for developing responsible AI;  
2. Developing shared principles for secure and trustworthy digital ecosystem through subsea cables, data centers, and cloud services;  
3. Promoting action-oriented international cybersecurity discussions at the UN; and  
4. Providing both rapid and long-term aid for incident response and capacity-building initiatives to allies and partners.”  

To strengthen its posture in cyberspace, the United States should take a proactive approach to digital partnerships with international allies and partners, especially those in the critical “Global South” region where the United States and China are competing for influence. The Costa Rica and Albania cyber cases exemplify a reactive U.S. approach to supporting partner countries in the wake of a cyberattack against them, and how that support built digital solidarity through cyber capacity-building initiatives and strengthening each country’s cyber defenses. The United States must consider short- and long-term plans to create robust and mutually prosperous digital partnerships while prioritizing economic prosperity, adherence to the rule of law, human rights, and other principles emphasized in the Strategy. Latin America and Southeast Asia are key regions that are looking to boost their cyber and digital capacity. The United States has already begun cultivating cyber and digital partnerships with these regions and should continue this engagement. The U.S.-ASEAN Cyber Policy Dialogue, U.S. support for establishing a Security Operations Center in Costa Rica by 2026, and U.S. private sector investments in Southeast Asian and Latin American data center development all exemplify ongoing actions by the United States government and private sector that support the Strategy’s international partnership aims.  

The United States will also need to establish formal agreements with allies and partners that guide bilateral and multilateral relations in the digital realm to support digital solidarity. One avenue through which to support digital solidarity is Clarifying Lawful Overseas Use of Data Act (CLOUD Act) agreements. The United States has signed CLOUD Act agreements with allies like Australia and the United Kingdom and could form more agreements with other partners like the EU to further build trust in the digital environment. Though not mentioned in the Strategy, a U.S.-EU CLOUD Act agreement could, if reached, signal international interest in engaging with the State Department’s solidarity-centric approach to cyberspace. 

Third, the United States should capitalize on the global momentum to foster AI innovation and maintain responsible and safe AI use to create global consensus on guiding principles for the technology. The G7-Hiroshima Code of Conduct and Biden-Harris Executive Order on AI have already produced positive outcomes, according to the Strategy. They reflect a global willingness to create agreements to guide responsible AI innovation. Since the Strategy’s release, the State Department has already demonstrated progress on this goal, as seen in the Department's Risk Management Profile for Artificial Intelligence and Human Rights (“the Profile”). The Profile reiterates the Department’s commitment to upholding human rights protections along with continued innovation in AI. Another example is the public-private Partnership for Global Inclusivity on AI, in which the State Department and eight U.S. tech companies commit $100 million to promote responsible use of AI for sustainable development. These actions reflect the country’s cyber and digital priorities and demonstrate how the Strategy is already influencing U.S. leadership in cyberspace. 

Finally, the United States must also consider how to effectively communicate its digital diplomacy successes to combat misinformation from adversaries. U.S adversaries like China, Russia, Iran, and North Korea pose a threat to U.S.-led digital solidarity by spreading disinformation about the country’s military leadership in Southeast Asian nations like the Philippines, propaganda about its role in the war in Ukraine, and other malicious efforts to discredit U.S diplomatic initiatives. Failure to proactively counter disinformation could also open the door for China to increase its global digital influence. For example, China supported Huawei’s 2023 cloud availability zone expansion in Chile, Mexico, Brazil, Argentina, and Peru, and Alibaba’s total investment of $1.8 billion in its Southeast Asian e-commerce platform Lazada in 2023. These actions put the Strategy’s objectives—and by extension U.S. digital diplomacy, national security, and global influence—at risk.  

The State Department’s new cyber and digital policy strategy emphasizes the need to create a more secure and resilient cyber environment and proposed digital solidarity as the best means to accomplish this. It outlines which technologies should be an initial priority for this work and highlights existing diplomatic efforts related to them. However, it does not provide concrete steps for how the United States will navigate the challenges that will arise from creating tailored digital diplomacy approach that meet the needs of different partners and allies. It also fails to put forward clear implementation steps regarding how the U.S. should address adversarial nations or actors that disregard the principles outlined in the Strategy. As the U.S. presidential election quickly approaches, the next administration must consider how to advance the objectives in the Strategy to further position the United States as a leader on rights-respecting cyber and digital policy in a new era of strategic competition with China. This will not be an easy task, but it is necessary if the United States wants to establish itself as the international partner of choice for building robust and resilient coalitions in cyberspace.