US taps IBM for 5-year deal to boost European, Eurasian allies’ cyber posture

The U.S. government’s lead development and humanitarian assistance agency locked in a five-year contract with IBM to head a project focused on bolstering cybersecurity support for a slew of allied European and Eurasian countries.

The U.S. Agency for International Development announced the initiative Wednesday — though IBM was first awarded the $95 million total contract in December — with $26 million in initial funding that was appropriated during FY23.

It tasks IBM to deploy their cybersecurity staff to allies with USAID presence, including Albania, Moldova, Azerbaijan, Kosovo and several others, to help build out security operations centers, train cybersecurity practitioners and enhance the defenses of critical infrastructure across the region. The contract stipulates the added possibility of providing assistance to nations like Montenegro or Romania that don’t have immediate USAID presence.

The project supports the agency’s Cybersecurity Protection and Response program and comes amid accelerated cyberattacks targeting European and Eurasian nations that have stemmed mainly from Russia’s ongoing war in Ukraine. USAID declared cybersecurity an economic development issue in 2021 and has been pushing to boost the technical prowess of underdeveloped nations abroad, arguing it can help curtail crippling cyberattacks deployed by foreign adversaries and cybercriminals.

Countless hacking incidents have crossed the European and Eurasian domain in recent years. Last month, the U.S. accused a Russian national of working with the Kremlin’s military intelligence directorate to deploy an insidious malware program against Ukrainian government computer systems ahead of Russia’s 2022 invasion of the country.

The announcement also follows a recent declaration from the State Department to push for “digital solidarity” across the globe as it sets renewed efforts on encouraging nations to align on cyberspace norms.

“If you’ve been to that part of the world, it’s really tough to build a national system for managing internet use,” Mike Purcell — a retired Marine officer who focused on Eurasian security cooperation and now teaches a graduate course on Russia and national security at The George Washington University — told Nextgov/FCW. “And it would be in the U.S.’s interest if it’s able to link [the countries] into a reliable, safe internet and cyberspace connected to Western Europe and their economies.”

The contract mainly centers on developing preventative measures to make the targeted countries and their critical infrastructure operators more resilient against digital intrusions through building “muscle memory” and expertise in technologies across the cyber domain, said Alice Fakir, who heads IBM Consulting’s federal cybersecurity services.

The broad nature of the company’s work is preparatory, she said, noting that IBM doesn’t necessarily aim to serve as a cyber “firefighter” that flies out to countries every time an incident occurs. “The intent is to start to understand the nature of the attacks in these environments … so that they can be able to build and respond to [cyberattacks] themselves,” she said.

But the deal includes both proactive and reactive components, said a USAID technical expert who spoke on the condition of anonymity per ground rules of an interview that previewed the announcement. One reactive piece gives USAID the ability to direct IBM to deploy a rapid response team within 72 hours of a cyber incident and perform forensic analysis or system recovery, the technical expert said.

Another aspect of the contract centers on cybersecurity workforce development and skill gaps. On top of that, allied officials will need to shore up their workforce while complying with leading EU cybersecurity regulations. The complex dynamic motivated IBM’s selection to lead the project because of its cyber analysts’ already large presence around the world, Fakir said.

The U.S. is currently grappling with its own cyber workforce shortage. Looking abroad, the matter is even more acute, said the USAID expert, who explained one goal of the contract is to prevent “brain drain” from these nations. If cyber governance frameworks aren’t positioned now then technological innovation won’t occur, they said.

As Purcell puts it, the workforce piece of the contract amounts to long-term institution building.

“It’s an extension of what we’ve been doing in that part of the world since 1992,” he said. “If you’re trying to help these countries build a capability to build and maintain a reliable, secure cyberspace, then you’ve got to have a workforce that is capable and willing to stay in those countries.” 

U.S. tech officials have previously engaged with international partners to plant seeds for cyber alliances and innovation, including a $25 million investment into Costa Rica’s cybersecurity operations after the nation was hit with a ransomware attack in 2022. The State Department also has a service focusing on getting U.S. tech businesses into international markets.

“This new partnership with IBM exemplifies our commitment to enhancing cybersecurity resilience and ensuring the protection of critical infrastructure and government networks across the Europe and Eurasia region,” USAID’s Assistant Administrator for the Europe and Eurasia Bureau Ambassador Erin McKee said in a statement.

The U.S. has been trying to gain the upper hand in cyberspace diplomacy as adversarial nations work to use their own internet and telecom standards bodies to push what officials view as dangerous agendas that create geopolitical instability and plant seeds for cyberattacks. Russia, for instance, has publicly objected to international proposals pushing for humanitarian digital conduct and has been accused of human rights abuses via its cyberattacks targeting Ukraine.

As part of the renewed digital solidary effort, officials hope that worldwide coalition-building will help deter hacking threats against critical infrastructure. Hackers from Russia, China and others have been found to be burrowing into and sabotaging critical economic sectors including water systems and healthcare providers over the past several years.

“Cyberattacks are a realtime, wartime tactic,” Fakir said, noting there’s opportunities for adversaries to gain larger strongholds across Eurasia if nations are unable to defend themselves in the digital domain. “When we look at health sectors and quality-of-life sectors, we’re starting to see the impacts of cyber affect the ability of these underserved countries to provide services to their public domain.”