Ambassador at Large for Cyberspace and Digital Policy Nathaniel C. Fick began work as State Department’s first Bureau of Cyberspace and Digital Policy leader in September. He came to the role with a background as a technology executive and entrepreneur, serving as CEO of the cybersecurity software company Endgame from 2012 through its acquisition by Elastic in 2019. He then led Elastic’s information security business globally. Fick spent nearly a decade as an operating partner at Bessemer Venture Partners, working with management teams to build technology businesses.
From 2009 to 2012, Fick was CEO of the Center for a New American Security, a national security research organization in Washington. Earlier in his career, he served as a Marine Corps infantry and reconnaissance officer, including combat tours in Afghanistan and Iraq. His book about that experience, One Bullet Away, was a New York Times bestseller, a Washington Post “Best Book of the Year,” and one of the Military Times‘s “Best Military Books of the Decade.”
The ambassador took time to share with HSToday his vision for the new State Department bureau and the cyber threat landscape.
Q: What does the establishment and mission of the Bureau of Cyberspace and Digital Policy (CDP) say about the importance of cyber in forging and maintaining global security?
A: At its core, cyber diplomacy is about protecting an open, interoperable, secure and reliable global communications network; working toward meaningful, universal connectivity; and building and maintaining standards of responsible conduct in cyberspace in order to decrease the likelihood of cyber and kinetic warfare. Bringing together policy and subject-matter experts from across the government, the new bureau integrates and elevates tech diplomacy at the Department of State and across the interagency.
The infrastructure, standards, norms, and policies that determine how digital technologies are developed, deployed, used, and governed are evolving, and where they land will define our shared technology future. We are in a global contest that will determine whether all people can use technology safely to reach their full potential. The alternative, one supported by the People’s Republic of China, Russia, and others, is an authoritarian approach which harnesses technology to repress fundamental freedoms and destabilize open, democratic societies. U.S. leadership matters in this arena. We are building a coalition of like-minded allies, partners and stakeholders in support of an Internet that puts people – the most important component of any network – first.
In practice, this means advancing policies, grounded in democratic values,
that encourage responsible state behavior in cyberspace and protect the integrity and security of an open and interoperable communications architecture. Specific to the question of security, we must continue to collaborate across the U.S. government and with partners around the world to impose meaningful consequences on states that engage in malicious cyber activity and those that willfully harbor cybercriminal organizations. We also need to work with partners around the world on building resilience against cyber-attacks.
Q: A stated objective of the Bureau is to lead and coordinate the State Department’s work on digital technology diplomacy. What do you see as key challenges and opportunities in this area?
A: The global digital economy lets U.S. companies and workers compete on an equal playing field around the world. A key challenge ahead is preserving the free flow of data across international borders while protecting users’ privacy and the confidentiality and integrity of their data. The Internet was established with open, transparent standards, governed by an inclusive set of stakeholders – not just nation-states. That model of Internet governance has enabled decades of innovation, and we must protect and encourage it. We must also make the case for innovation that promotes openness, security, and affordability in the physical infrastructure of the Internet — Open Radio Access Networks, for example.
Q: What is one thing you want readers to know about malign activities in the cyber sphere that undermine democratic values, and what can be done to counter this?
A: First and foremost, we must champion a positive vision for digital freedom and digital inclusion that discredits authoritarian approaches to the digital ecosystem. This means partnering with civil society, the private sector, and other governments to understand best practices in how digital technologies empower people to exercise their human rights. We must help more people – including those coming online for the first time – build awareness of and resilience from threats they may face, including abuse or foreign influence operations.
We remain concerned about the misuse of digital technologies in ways that threaten national security, enable human rights abuses, and target journalists, human rights activists, members of marginalized communities, political opposition members, or others perceived as dissidents and critics.
Specifically, I wish more Americans truly, viscerally understood the degree to which foreign adversaries have weaponized discourse online to stoke anger and infighting inside the United States. We all need to be more discerning consumers of information, and seek out trusted, verifiable sources across all media.
Q: How can collaboration with international partners decrease the ransomware threat?
A: This is an area where the U.S. government has been especially focused. In 2021, we joined more than 30 other nations to launch the International Counter Ransomware Initiative (CRI). This initiative has several workstreams focused on countering illicit finance, disrupting ransomware actors, promoting greater resilience, enhancing public-private partnerships, and deepening international cooperation through diplomacy.
Working with international partners, the United States is working to bolster global cooperation in ransomware investigations and the capacity of countries to cooperate with us. This includes by sharing threat intelligence, seizing ill-gotten gains, calling attention to states that sponsor these malicious activities or fail to hold criminals in their jurisdiction accountable.
In the simplest possible terms, efforts such as the CRI send a clear message to malicious actors that messing with any of us means messing with all of us.
Q: You come to your ambassador role with extensive entrepreneurship and industry experience. How will this background influence your approach to cyber policy in the government sphere?
A: Before coming into public service, I spent a decade building a cybersecurity software business, and also as an operating partner at a venture capital firm. Cyber and digital policy are areas where effective cooperation between the public and private sectors is indispensable. If for no other reason, most of the critical infrastructure we care about protecting is owned and operated by the private sector. The private sector is the source of most technology innovation. It is where most of the talent is located. The importance of collaboration among multiple stakeholders in this arena is real, not merely a talking point. Historically, collaboration between the federal government and technology companies has been bumpy, and I would really like to use my experience and position to help build bridges and strengthen partnerships among all of these essential elements of any successful technology diplomacy.
Q: You also bring military experience, including combat tours in Afghanistan and Iraq, to this role. How does that part of your career shape how you view nation-state engagement in cyber warfare and America’s response?
A: I served as a Marine infantry and reconnaissance officer in Afghanistan right after 9/11 and in Iraq in 2003. I witnessed firsthand the costs when diplomacy fails. Diplomacy absolutely needs to be our nation’s tool of first resort. I also believe strongly that diplomacy must adapt to new realities – technology policy is the next frontier of diplomacy, just as it’s the next frontier of healthcare, education, communication, and nearly every other aspect of our lives.
The military also taught me some foundational lessons about building and leading teams. Building a new Bureau within the State Department requires a great team, a strong and mission-oriented culture, a bias for action, and a willingness to take risks – all things my Marine commanders showed by the power of their examples. Those early lessons really stuck with me.
Q: How can the private sector best work with the Bureau of Cyberspace and Digital Policy?
A: First of all, we need to ensure we have open lines of communication. As highlighted throughout the National Security Strategy, the U.S. government is working to modernize and adapt our tools of statecraft for today’s challenges. I’d encourage private-sector colleagues to be in touch with our bureau in Washington and with our U.S. Embassies around the world. In certain cases, we can partner closely on activities like trade shows, exchange programs, legal and regulatory advocacy, workforce development, and even financing investments.
As they do business around the world, it’s critically important for companies to understand the role they play in shaping how technology will be used globally. Business decisions are not values-neutral – and we would like to see more companies standing up for democratic values and responsible and rights-respecting use of technology. By defending these core principles, we will not only enable more innovation and economic growth but will also counter the challenges of digital authoritarianism.