On Jan. 7, U.S. President Donald Trump issued a memorandum ordering the United States to withdraw from 66 international organizations. Many of these are various United Nations entities or organizations concerned with climate change or similar issues the Trump administration has criticized. Three organizations, however—the Global Forum on Cyber Expertise (GFCE), the Freedom Online Coalition (FOC) and the European Centre of Excellence for Countering Hybrid Threats (Hybrid Threat Centre)—deal with cybersecurity-related issues, which the administration asserts remains a priority at a time when cyber and disinformation threats are rising dramatically. The administration did not offer any individualized rationale for its decision on these organizations, instead stating that the listed entities are “redundant in their scope, mismanaged, unnecessary, wasteful, poorly run, captured by the interests of actors advancing their own agendas contrary to our own, or a threat to our nation’s sovereignty, freedoms, and general prosperity.” The administration further claimed that many organizations had been driven by “progressive” or globalist ideology.
The United States was a key player in each of these organizations. Its withdrawal will not only have a crippling effect on their work, but it damages the United States’ global reach and effectiveness in dealing with critical cybersecurity threats. If this is a prologue to a larger withdrawal from the many international cyber organizations to which the United States remains a member, it will be a serious blow to collective cooperation against cyber threats.
The Freedom Online Coalition
Determining why these three cybersecurity-related organizations made the list is somewhat speculative. The United States was a founding member of the FOC, an organization comprised of 42 governments created to champion Internet freedom and counter the attempts of repressive governments and other malign actors to censor or undermine free speech and expression online. The FOC has coordinated diplomatic responses to counter repressive actions—including Internet shutdowns and excessive government surveillance—and issued a set of recommendations to states on the human rights impacts of cybersecurity laws, practices and policies. The FOC actively works to counter disinformation online and, during the U.S. presidency of the FOC in 2023, its priorities included “building resilience to the rise of digital authoritarianism … advancing norms, principles, and safeguards for artificial intelligence based on human rights [and] elevating traditionally excluded voices, such as youth, women and girls.”
The U.S. withdrawal may be motivated by the Trump administration’s disengagement from traditional human rights organizations. It withdrew from the U.N. Human Rights Council early last year, treats gender equity programs with hostility, desires to have AI development largely unfettered by human rights or other safeguards, and strongly (though mistakenly) believes that disinformation programs target conservative and right-wing speech. Ironically, the FOC actively upholds certain stated priorities of the Trump administration, including countering censorship and advancing freedom of speech on the Internet. Whatever the reason for its withdrawal, the loss of U.S. participation—historically one of the FOC’s most active members and advocates—will significantly weaken the organization and only empower Russia, China, Iran, and other repressive regimes, which have continually expanded censorship, Internet shutdowns, and disinformation campaigns.
The European Hybrid Threat Centre
The Hybrid Threat Center resulted from a joint E.U.-NATO declaration, with the United States one of its initial members. Its mission is to enhance the security of participating states, the European Union, and NATO by providing expertise, training, and networks to counter hybrid threats, including disinformation, attacks on the integrity of elections, and the interplay between physical and cyber-enabled attacks.
Again, the U.S. withdrawal was likely motivated by the Trump administration’s deprioritization of disinformation and especially protecting elections from such activities. Last year, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) froze all domestic election protection activities, disbanding the team that dealt with election security and countering disinformation. Additionally, the Trump administration shuttered the State Department’s Counter Foreign Information Manipulation and Interference office, which was largely tasked with countering foreign disinformation that threatens U.S. national security interests. With the Trump administration’s withdrawal, the Centre will undoubtedly suffer from the lack of U.S. expertise and intelligence. Russia in particular has stepped up its cyber, disinformation, and other hybrid activities in Europe, especially since its invasion of Ukraine, and will likely benefit from any reduction of NATO’s joint cyber capabilities.
The Global Forum on Cyber Expertise
The GFCE is a cybersecurity capacity-building platform with over 260 members and partners, including over 60 countries and numerous private sector, academic, and civil society organizations. Its mission is to strengthen cyber capacity and expertise globally through international collaboration and cooperation regarding national cyber strategies, incident response, cybercrime, awareness and training, and emerging technologies. Again, the United States had helped found the GFCE and participated in directing its efforts through its role on the organization’s Strategic Steering Committee. It also funded several specific projects, including cybersecurity capacity-building coordination work in the Western Balkans—in part, from the U.S. perspective, to counter Russian influence and activities—and in the Pacific and ASEAN (Association of Southeast Asian Nations) regions to limit Chinese interference.
Having helped launch the GFCE during my time in government and later served as its President, it is harder to discern the rationale for the United States pulling out of this organization. It is a non-political, practical platform that does not constrain U.S. activities or sovereignty. If anything, it increases U.S. influence and effectiveness through its multi-stakeholder community and mechanisms for coordination to avoid duplication. Cyber capacity-building is not done as a charitable act just to help other countries. Rather, it strengthens U.S. cybersecurity. Malicious state and criminal actors attacking targets in the United States often route their attacks through countries with weak cybersecurity practices, institutions, or capabilities to avoid detection and complicate response. Strengthening partners’ cybersecurity capabilities and institutions—like national computer incident response and security teams—not only enhances their security, but allows them to better cooperate with the United States to thwart adversarial cyberattacks both globally and domestically.
Nor can the GFCE be labeled a “woke” organization, though it may have been targeted because it does promote gender opportunity and helped run a “Women in Cyber” program that the United States and other countries funded. This program aimed to increase women’s participation in U.N. cyber negotiations, but paid additional dividends by cultivating diplomats from underrepresented countries, thereby increasing the influence of the United States and a number of close, like-minded countries.
The withdrawal may simply indicate that the United States will significantly scale back its cybersecurity capacity-building activity and focus only on directly-run activities with recipients and partners chosen on a bilateral basis. However, deep cuts across the government—including at CISA—and a reorganization of the cyber work at the State Department will likely have an impact on any capacity-building programs that have survived to date.
The U.S. withdrawal from the GFCE will have a significant negative effect on the organization’s work. For many years, the United States has led cybersecurity capacity-building programs and initiatives and has tremendous capability and experience. Without U.S. participation, coordination of other country and stakeholder efforts will be more difficult, and the overall cybersecurity community will be deprived of U.S. experience—including lessons learned from past programs and expertise in crafting new ones, including on AI and emerging technology. Reduced information sharing and access to expertise will hurt other countries in building strong cybersecurity institutions and capabilities, possibly leading some to turn to Russia or China for assistance—neither of which are in the national security interests of the United States. Of course, the United States is not the only like-country engaged in cyber capacity-building, as many European nations, Five-Eye countries, and regional organizations like the Organizations for American States, are active in this area. But the United States is a major player whose shoes will not be easily filled, and the consequences of its absence will be felt not just abroad, but within the United States itself.
Conclusion
It may well be that the overarching reason for withdrawing from the GFCE, the FOC, and the Hybrid Threat Centre is that they are casualties of the Trump administration pulling out of multilateral bodies across the board. To the extent that the United States continues to engage in the cybersecurity activities these organizations promote, it will only do so on a limited direct basis with a vastly reduced set of partners. Still, at a time when cyber and hybrid threats from Russia and others are escalating, U.S. withdrawal will likely hamper intelligence-sharing, coordinated response, and capabilities in a way that not only threatens Europe and other parts of the world, but the United States itself. Even if European and other Five Eyes countries redouble their efforts—as some have argued in the face of these withdrawals—the United States is still an indispensable partner whose efforts will be sorely missed.
Perhaps the only silver lining here is that the United States only withdrew from three cyber-related organizations out of the many global and regional cyber and cyber-adjacent organizations that it currently plays an active and essential part. However, the executive order issued in February last year that triggered this action ordered a review of all international organizations in which the United States participates. The recent Presidential Memorandum makes clear that Trump’s review of State Department recommendations stemming from that order is ongoing.
So, while some may be breathing a sigh of relief, this memorandum may only be the tip of the iceberg for cyber-related organizations. Cybersecurity and hybrid threats are by their nature global and call for unprecedented global cooperation. Though the United States has great cyber capabilities, it cannot succeed alone. If these withdrawals are an indication of a larger pullback, cybersecurity will suffer globally as well as at home.
FEATURED IMAGE: Visualization of cybersecurity (via Getty Images)
Great Job Christopher Painter & the Team @ Just Security for sharing this story.
