As the Biden administration expands its cybersecurity agenda, the State Department has been playing a more active role in bringing the private sector along for the ride.

Why it matters: Cyber diplomacy has been a major priority at the State Department during the Biden administration as nation-state hackers target U.S. critical infrastructure and criminal gangs recruit hackers from across borders.

The big picture: Compared to other U.S. cyber offices, the State Department is early in crystalizing its private sector engagement, a top official tells Axios.

• The department has been working on cyber diplomacy issues since at least 2011, including issues like creating norms around how nation-states safeguard hacking threats.
• Those efforts escalated roughly two years ago when the department created a new cyber diplomacy bureau.

Between the lines: Collaborating with the private sector is a major part of the State Department's new international cyber strategy, which debuted at the RSA Conference last month.

• In the strategy, the department says it needs to lean on the private sector to understand the nuances of international tech regulations and to expand internet connectivity around the world.

What they're saying: "It's a tired term, but it is a 'team sport,'" Liesyl Franz, deputy assistant secretary for international cyberspace security, told Axios during an interview at the RSA Conference. "We don't want to be either developing or reflecting [our] policies without having the input and experience of our stakeholders in their efforts around the world."

Zoom in: The State Department has long collaborated with the private sector. But the goal now is to figure out how to better streamline all of this work, Franz told Axios.

• State will often tap private sector representatives to join official U.S. delegations at key international meetings or to bring along a company expert to meetings with allied nations to trade cyber threat intelligence.
• State consulted many stakeholders, including private sector representatives, on the tenants of the international cyber strategy.
• "We're really just trying to make that [work] more knowable to the private sector community," Franz said.

Yes, but: State's priorities could change depending on the outcome of the November presidential election.

• The department closed the cyber coordinator office during the first year of the Trump administration — and then pitched creating a whole new cyber diplomacy bureau a year later.

What's next: The department is currently figuring out how to allocate a new $50 million fund — included in the government funding bill the president signed in March — designed to help allied nations respond to hacks and expand internet access.

• The money could go to a range of issues and stakeholders for a variety of projects — such as providing emergency aid after a cyber-related incident or helping to promote Western telecom equipment around the world.
• However, some experts have noted that $50 million is just a drop in the bucket of what the State Department needs for such an undertaking.
• "If we can craft the projects in a way that has short-term impact and long-term viability, then it will be obvious what more is needed and for what and how much," Franz said.

Federal officials, AI model operators and cybersecurity companies ran the first joint simulation of a cyberattack involving a critical AI system last week.

Why it matters: Responding to a cyberattack on an AI-enabled system will require a different playbook than the typical hack, participants told Axios.

The big picture: Both Washington and Silicon Valley are attempting to get ahead of the unique cyber threats facing AI companies before they become more prominent.

• Security has historically taken a back seat as new technologies go mainstream, leaving many companies flat-footed when cyber threats adapt to hit these devices.
• But as AI tools become more commonplace, hackers could use them to speed up attacks and scale them, Clayton Romans, associate director of the Cybersecurity and Infrastructure Security Agency's Joint Cyber Defense Collaborative (JCDC), told Axios.

Inside the room: The JCDC hosted the tabletop exercise Thursday at Microsoft's offices in Reston, Virginia.

• CISA did not publicly disclose what incident participants simulated, as is standard practice with any tabletop exercise.
• Romans said the incident explored the "threats we are seeing now" and how the government and the private sector can relay information about those threats.
• More than 50 AI experts across the U.S. government, international government offices and the private sector participated in the four-hour experiment.
• Officials from Amazon Web Services, Microsoft, Nvidia, OpenAI and Palantir were among the participants.

What they're saying: Kyle Wilhoit, director of threat research at Palo Alto Networks' Unit 42, also participated in the exercise.

• "It gave us an opportunity to talk about some of those current threats that we're seeing, and really hypothesize, to some degree, what those new vectors could look like in the future leveraging AI," Wilhoit told Axios.

Between the lines: The tabletop exercise helped CISA decipher who the right people are to contact in the private sector whenever an AI-related incident happens — and vice versa for the private sector, Romans said.

• The exercise also helped identify potential new threats on the horizon, Wilhoit added.

What we're watching: Lessons from the tabletop exercise will inform CISA's forthcoming AI security incident playbook, which is expected to publish before the end of the year.

• The JCDC hopes to host another AI tabletop exercise before releasing the playbook, Romans said.

Go deeper: Cyber companies start fulfilling the promise of AI security.

@ D.C.

🏛 A U.S. appeals court will hold oral arguments Sept. 16 for challenges to a law trying to force ByteDance to divest its ownership in TikTok. (Axios)

👋 David Hirsch, head of the Securities and Exchange Commission's crypto assets and cyber unit, has left the agency. (The Block)

🪖 House and Senate lawmakers have included a provision in the annual, must-pass defense policy bill that would require the Department of Defense to explore creating a uniformed Cyber Force unit. (The Record)

@ Industry

👀 The Stanford Internet Observatory, one of the top disinformation research hubs, is at risk of shutting down after shedding most of its staff amid political and legal attacks. (Washington Post)

🇹🇼 Cisco is standing up a cybersecurity center in Taiwan and providing cyber training to those in the region. (Reuters)

💰 Cyber company Huntress raised a $150 million Series D funding round led by Kleiner Perkins and Meritech Capital. (Wall Street Journal)

@ Hackers and hacks

🤖 Leading AI chatbots are repeating Russian misinformation as if it's fact, according to a NewsGuard report. (Axios)

🚔 The alleged head of the Scattered Spider hacking group — which is believed to be behind the Twilio, LastPass and DoorDash attacks — was arrested in Spain last week. (KrebsOnSecurity)

👾 One of the hackers behind the ongoing Snowflake incident says his group gained initial access by breaching EPAM Systems, a software engineering contractor. (Wired)

Rarely do you get to laugh while talking about misinformation or disinformation — but this post about the abundance of people misspelling it as "miss information" made me chuckle.