Nearly a year ago, I wrote about the “critical moment” facing the United States and other leading democratic countries as they support partner nations across the Americas in building digital resilience against cyberattacks. Continued and growing support for U.S. partners in the Americas serves two connected purposes: First, it reinforces the shared historical, cultural and economic ties that bind the hemisphere together; and second, it aims to counter Chinese efforts to bring Latin American and Caribbean (LAC) countries into its sphere of influence.
Since then, the U.S. has made progress toward meeting the challenges of the present moment and seems well positioned to work in lockstep with partner nations as they advance their digital resilience. In March, President Joe Biden (signed) a law creating a cyber aid fund aimed at fortifying global cyber resilience and stability and responding to the emerging needs of partner nations, with an initial commitment of $50 million.
At a major cybersecurity conference in May, Secretary of State Antony Blinken announced a new international digital policy strategy, highlighting the importance of collaboration and international coalitions—and cautioning about the risks that cyberattacks can pose to emerging economies’ development goals. The new strategy specifically called attention to China, which it referred to as the “broadest, most active, and most persistent cyber threat to government and private-sector networks in the United States.” It highlighted how China, as well as Russia, was promoting a vision of global internet governance antithetical to the values of democratic nations—and drew a contrast between China’s approach to international cybersecurity and the U.S.’s own, arguing that while the U.S. is committed to respecting nations’ sovereignty, China “distorts markets to advance PRC-based hardware, software and service suppliers,” ultimately harming emerging and developing nations.
It is too soon to determine whether that rhetoric will resonate with partner nations in LAC countries, but the U.S. appears to be taking a steady, long-term approach to supporting countries in the Americas.
Costa Rica is a good example. To help the country build resilience after a crippling cyberattack in April 2022 brought the government’s payment collection and customs systems to a halt, in March 2023 the U.S. provided an initial investment of $25 million to ensure a similar ransomware attack does not occur again. Costa Rica immediately began reconstituting its capabilities, increasing cybersecurity hygiene efforts across their government enterprise. In June 2023, the government released a draft strategy for digital transformation, emphasizing the importance of protecting both citizen and noncitizen data and the need to consider cybersecurity vulnerabilities in digital transformation efforts. This was followed by a push for a national code of digital technologies (October 2023), a partial reform of telecom (regulations), and a draft AI strategy.
U.S. Ambassador at Large for Cyberspace and Digital Policy Nathaniel Fick describes U.S. cybersecurity aid as setting into motion a series of “bouncing balls”: the first bounce denoting relationship-building through the initial response in support of the partner nation, the second bounce centering on strengthening and building joint infrastructure and response mechanisms.
In Costa Rica, government officials raised concerns over cybersecurity threats posed by Chinese vendors in the development of 5G networks. This led to the government excluding untrusted vendors—a decision that was ultimately upheld by the Costa Rican Supreme Court. This was followed by an April regional meeting in San José, which brought together dozens of nations to discuss trusted digital infrastructure.
The “third bounce,” which Fick described as ongoing, pertains to the more significant and sustained commitment to partnership by Costa Rica, which has increased interest and investment from global tech companies, especially in relation to microelectronics supply chains.
As the U.S. continues to advance its initiatives and support for digital resilience in the Americas, significant strides have been made. The establishment of a cybersecurity fund and international cyber strategy mark important steps toward building a robust cyber defense framework in collaboration with partner nations. The case of Costa Rica serves as a compelling example of how U.S. investment can foster meaningful changes, from enhancing national cybersecurity to attracting global tech investments.
However, the journey is far from complete. While the U.S. has made commendable progress, it must continue to strengthen its efforts to counter the extensive investments and influence of China in the region. The competition is fierce, and the stakes are high. To truly displace substantial Chinese investment, the U.S. needs to maintain a consistent and comprehensive approach, ensuring that it not only responds to immediate needs but also builds long-term, sustainable relationships.
Ultimately, the success of these efforts will depend on the continued commitment to fostering trust, collaboration and shared values among the nations of the Americas. By doing so, the U.S. can solidify its role as a key partner in promoting digital resilience and stability, ensuring that the hemisphere remains united against common cyber threats and challenges.
By: Randy Pestana
Randy Pestana is director of cybersecurity policy at Florida International University’s Jack D. Gordon Institute for Public Policy. He oversees the institute’s international cybersecurity capacity building efforts in Latin America and the Caribbean and the Balkans.
As originally published in Americas Quarterly.