Note to Industry: Make Spanish Language-Enabled Cybersecurity Tools

South and Central American countries working to improve their cyber stance need reliable cyber tools, especially solutions made in the United States, as opposed to China, Air Force cyber leaders said.

And what these countries especially need—such as Guatemala, which only has 50 military personnel to protect its nation’s networks from adversarial attacks—are Spanish language-enabled cybersecurity tools, said Senior Master Sgt. Joseph Moss, senior enlisted leader, Exercises and Engagements Division, A6, 12th Air Force (AFSOUTH). AFSOUTH is headquartered at Davis-Monthan Air Force Base in Tucson, Arizona, and has forward operations across Latin America and the Caribbean.

Senior Master Sgt. Moss, joined by Maj. Scott Lang, director of Operations, 223 Cyberspace Operations Squadron, Arkansas Air National Guard; Capt. Jonathan Weber, Cyber Security Cooperations Office, New Mexico National Guard; and 1st Lt. Jeremy Vital, director of Operation, New York National Guard, spoke on November 20 at the AFCEA Alamo ACE conference in San Antonio.

AFSOUTH operates in the U.S. Southern Command (SOUTHCOM) area of responsibility and, along with the other service components, is working to combat the predominance of malicious cyber threats in the region. Part of that effort is uniting with partner countries, their militaries and other organizations. AFSOUTH harnesses the U.S. Department of State’s State Partnership Program and relies on cyber subject matter experts and teams from the National Guard to help the countries improve their cyber posture.

“With these countries, although they may eventually warm up to the idea of having us sit over their shoulder and see what they're doing, it takes time,” Maj. Lang said. “It takes trust.”

Depending upon a country’s cybersecurity progress, the United States will help develop or increase its cyber defenses, cyber military tactics and cyber workforce in the face of countless nefarious cyber attacks and malicious activities, especially from the People’s Republic of China and Russia. Brazil, for example, has a more advanced cyber posture.

“In Brazil’s national defense budget, they spend a lot of money on their defense, and they spend a lot of money on the cyber,” 1st Lt. Vital noted. “They have a very robust force, both at the air and the joint level.”

As such, the U.S. leaders need to come up with a different level of cyber tools than, say, for Costa Rica, which is newer in its cyber journey and has fewer cyber protectors than Guatemala, Capt. Weber shared.

The U.S. cyber warriors rely heavily on the National Institute of Standards and Technology’s (NIST's) various cyber tools. “The NIST cyber framework, that has really been an anchor point for us at AFSOUTH and at our SOUTHCOM joint level,” Senior Master Sgt. Moss noted. “The NIST framework also provides us with a lot of great talking points, teaching points and leverages a lot of homework that's already been done. It's really a great tool.”

In addition, the U.S. cyber teams use NIST’s cybersecurity maturity model to identify where different countries are in their cyber maturity. “What we found is that most countries in the Caribbean and in South America are around a one or two level. They are emerging,” Senior Master Sgt. Moss explained. “They are aware of cyber, they know they should be spending money in cyber, and they are just trying to decide how to best utilize their resources.”

Brazil is more of a level four, defending its cyberspace and looking to both offensive and defensive operations in cyberspace, 1st Lt. Vital said. But even so, Brazil needs robust cyber tools available in Portuguese.

The U.S. leaders are most worried about the prevalence of inexpensive, Chinese-backed cyber tools or network infrastructure, designed with intentional weaknesses or back doors. And for these countries, the military leaders do not necessarily understand why they should not rely on Chinese software and information technology. Or they know better but don’t have the right licensing.

The solution, the U.S. cyber leaders said, is for American cybersecurity companies to make available Spanish or Portuguese language-based solutions.

“I have had a tremendous challenge in finding Spanish cyber training and tools for our partners,” Senior Master Sgt. Moss noted. “It shocks me when I walk around conferences just like this, and stop at every single booth and ask if they have Spanish-enabled cyber tools. A lot of times the answer is ‘no.’"

The U.S. cyber leaders have seen that in many countries the young airmen, the cyber defenders, have not had the opportunity to take English courses. Sometimes, the priority is that only the officers receive English training.

“And so there are very few individuals who are ready to take on whatever tools we can throw at them,” the senior master sergeant said.

The leaders encouraged cyber companies to leverage help from the U.S. Department of Commerce. “Vendors, if you are not working with your Department of Commerce reps in your local state, I highly encourage you to do that,” Senior Master Sgt. Moss emphasized. “And for the military side of the house, if you're running into the same problem that we are in getting tools and opportunities into a partner nation, find out who the Department of Commerce contact is for that partner nation.”

With the level of cyber threats only increasing, the countries need cybersecurity tools from U.S. industry—and in their own languages.

Industry, please take note, the leaders said.