Cybersecurity: The Next Frontier in Global Development and Humanitarian Response
USAID is committed to increasing cybersecurity resilience around the world
In January 2022, an unprecedented data breach rocked the international humanitarian community.
The personal information of over 500,000 International Committee of the Red Cross (ICRC) beneficiaries — including victims of conflict and other humanitarian crises — was stolen. While the hackers’ affiliations and motives are unconfirmed, the ICRC suspects the breach is affiliated with a foreign government due to the tactics used and the scale and sophistication of the attack.
The immediate impact was devastating and forced the ICRC to temporarily shutter its global Restoring Family Links service, which connects family members separated by conflict, natural disasters, and other catastrophes occuring around the world.
While unprecedented in both scale and impact, the ICRC attack is not the only high-profile cyber incident to disrupt development and humanitarian assistance efforts. Cybercrime, digital surveillance, disinformation, and state-sponsored cyber attacks are fundamentally changing local development contexts and impacting USAID’s work, including across global health, conflict prevention and stabilization, and agriculture and food security.
In this rapidly changing cyber threat landscape, USAID is committed to improving cybersecurity across its programming.
In 2021, the USAID Innovation, Technology, and Research Hub’s Technology Division established the Cybersecurity Team, which is building awareness and understanding of cybersecurity’s fast-growing importance for development. The team provides USAID Missions and external partners with technical assistance and tools to help defend and bolster digital investments and reduce the destructive impacts of cyber attacks — with an overall focus of mitigating cybersecurity risks in humanitarian operations.
Here are three ways USAID’s Cybersecurity Team is improving the readiness of international development and humanitarian practitioners.
1.Supporting the humanitarian sector’s first Information Sharing and Analysis Center (ISAC). In September 2022, USAID, the humanitarian alliance NetHope, and digital security company Okta announced a new partnership to establish a cybersecurity-focused forum for leading humanitarian organizations in both donor and partner countries with support from the CyberPeace Institute. The ISAC will allow governments, donors, tech companies, and humanitarian organizations to share sensitive information about cyber attacks and emerging cyber threats, and facilitate greater coordination on cybersecurity efforts in the sector.
To complement the ISAC, USAID is partnering with NetHope and DAI to deliver cybersecurity training to information security staff from 48 humanitarian and conservation aid organizations. More robust cybersecurity planning will help humanitarian organizations prevent and respond to cyber attacks, minimizing threats to their organizations, their partners, and the communities they serve. These information security staff represent over 30 countries — over 70% are based in low and middle-income countries, where some types of cyber attacks are on the rise and the capacity to mitigate and respond to these attacks is often low. Strengthening cybersecurity capabilities in USAID partner countries is essential to USAID’s localization strategy.
2.Providing cybersecurity training to more than 800 partner staff and helping partners identify and address over 2,000 cyber vulnerabilities. USAID’s Digital APEX activity is helping human rights and community groups operating in closing spaces — where digital surveillance and repression are common — to defend against cyber attacks. Working with U.S.-based cybersecurity small businesses, Digital APEX provides cybersecurity support to local NGOs, implementing partners, media organizations, government agencies, and other partners. Digital APEX provides a range of cybersecurity products and services, including cyber hygiene training, threat scanning and penetration testing, and specialized security software and hardware.
3.Developing training and other resources to improve the cybersecurity capabilities of USAID staff. Like the faithful workplace security guard who stands watch everyday, USAID staffers are also key to protecting the Agency. Through targeted, bite-sized trainings and other resources, the Cybersecurity Team is helping staff understand that cybersecurity impacts all development programming. Resources like USAID’s Cybersecurity Primer frame this issue as a global development challenge with far-reaching impacts beyond what we traditionally think of as digital development. While initially designed for USAID staff, these tools will be made available to the global development community.
Cyber threats — and the cybersecurity techniques to combat them — are evolving rapidly.
To effectively respond to these threats, the global development community must also evolve, learn from our mistakes, and coordinate on cybersecurity efforts. Building awareness is central to this effort. We can stay on the cutting edge of digital development without sacrificing safety and security.
USAID’s Digital Strategy is a five-year Agency-wide vision for development and humanitarian assistance in the world’s rapidly evolving digital landscape. Follow @USAID_Digital and sign up for the monthly Digital Development Newsletter to stay up to date on all things digital at USAID.
About the Author
Hank Nelson is the Cyber Development Specialist for USAID’s Digital Frontiers project and a member of USAID’s Cybersecurity Team.