US taps IBM to help boost cyber defenses in Europe and beyond

IBM employees will fan out to improve cybersecurity in a slew of allied European and Eurasian countries under a five-year contract with the U.S. government's lead development and humanitarian assistance agency.

The U.S. Agency for International Development announced the initiative Wednesday, though IBM was awarded the $95 million contract in December, using $26 million in initial funding that was appropriated in 2023.

Under the contract, IBM will send cybersecurity staff to allies that host USAID teams—Albania, Moldova, Azerbaijan, Kosovo, and several others—to help build out security operations centers, train cybersecurity practitioners, and improve infrastructure defense. The work may be extended to nations where USAID currently lacks teams, such as Montenegro and Romania.

The project supports the Cybersecurity Protection and Response effort by USAID, which declared cybersecurity an economic development issue in 2021 and began helping underdeveloped nations gain the technical chops to ward off adversaries and cybercriminals. Countless hacking incidents have afflicted the European and Eurasian domain in recent years, especially since Russian invaded Ukraine. Last month, the U.S. accused a Russian national of working with the Kremlin’s military intelligence directorate to deploy malware against Ukrainian government computer systems.

USAID's new project also follows the State Department's recent declaration of “digital solidarity” as it encourages nations to align on cyberspace norms.

“If you’ve been to that part of the world, it’s really tough to build a national system for managing internet use,” said Mike Purcell, a retired Marine officer who focused on Eurasian security cooperation and now teaches a graduate course on Russia and national security at George Washington University. “And it would be in the U.S.’s interest if it’s able to link [the countries] into a reliable, safe internet and cyberspace connected to Western Europe and their economies.”

IBM will mainly be helping countries and their critical-infrastructure operators ward off digital intrusions by building “muscle memory” and expertise in cyber technologies, said Alice Fakir, who heads IBM Consulting’s federal cybersecurity services.

IBM doesn’t necessarily aim to serve as a cyber “firefighter” that flies out to countries to respond to incidents, Fakir said.

“The intent is to start to understand the nature of the attacks in these environments…so that they can be able to build and respond to [cyberattacks] themselves,” she said.

But the deal includes both proactive and reactive components, said a USAID technical expert who spoke on the condition of anonymity per ground rules of an interview that previewed the announcement. The expert said USAID can direct IBM to deploy a rapid response team within 72 hours of a cyber incident and perform forensic analysis or system recovery.

Another aspect of the contract centers on developing cybersecurity workforces and filling skill gaps. Allied officials will need to shore up their workforce while complying with EU cybersecurity regulations. Fakir said IBM was chosen in part because is already has cyber analysts around the world.

The U.S. is currently grappling with its own cyber workforce shortage. Looking abroad, the matter is even more acute, said the USAID expert, who explained one goal of the contract is to prevent “brain drain” from these nations. If cyber governance frameworks aren’t positioned now then technological innovation won’t occur, they said.

As Purcell puts it, the workforce piece of the contract amounts to long-term institution building.

“It’s an extension of what we’ve been doing in that part of the world since 1992,” he said. “If you’re trying to help these countries build a capability to build and maintain a reliable, secure cyberspace, then you’ve got to have a workforce that is capable and willing to stay in those countries.” 

U.S. tech officials have previously engaged with international partners to plant seeds for cyber alliances and innovation, including a $25 million investment into Costa Rica’s cybersecurity operations after the nation was hit with a ransomware attack in 2022. The State Department also has a service focusing on getting U.S. tech businesses into international markets.

“This new partnership with IBM exemplifies our commitment to enhancing cybersecurity resilience and ensuring the protection of critical infrastructure and government networks across the Europe and Eurasia region,” USAID’s Assistant Administrator for the Europe and Eurasia Bureau Ambassador Erin McKee said in a statement.

The U.S. has been trying to gain the upper hand in cyberspace diplomacy as adversarial nations work to use their own internet and telecom standards bodies to push what officials view as dangerous agendas that create geopolitical instability and plant seeds for cyberattacks. Russia, for instance, has publicly objected to international proposals pushing for humanitarian digital conduct and has been accused of human rights abuses via its cyberattacks targeting Ukraine.

As part of the renewed digital solidary effort, officials hope that worldwide coalition-building will help deter hacking threats against critical infrastructure. Hackers from Russia, China and others have been found to be burrowing into and sabotaging critical economic sectors including water systems and healthcare providers over the past several years.

“Cyberattacks are a realtime, wartime tactic,” Fakir said, noting there’s opportunities for adversaries to gain larger strongholds across Eurasia if nations are unable to defend themselves in the digital domain. “When we look at health sectors and quality-of-life sectors, we’re starting to see the impacts of cyber affect the ability of these underserved countries to provide services to their public domain.”