A map of the United States displayed on a computer screen shows cyber attacks (Image courtesy of U.S. Department of State).
A few years ago, some bad guys used tens of thousands of compromised computers located around the world to launch a cyberattack aimed at taking a number of U.S. banks offline. Of course, the U.S. Government and the victims used technical channels to try to respond, but we also decided to try a new option. We chose to use diplomatic channels to formally ask over twenty other governments where these compromised computers were located for their help. Building a collective approach to threats is a common tool of diplomacy and it turned out to be one of the most effective tools we had in that case.
In November 2015, the leaders of the world’s twenty biggest economies affirmed that they would abide by international law in cyberspace and that no country should use cyber means to steal the trade secrets of another to benefit their commercial sector. This political commitment means that cyberpace is not a lawless zone, nor is it the “wild, wild, web;” which helps to make us all safer. This commitment also was the product of diplomacy.
In June, I spoke to a TEDx audience about this example and the State Department’s broader efforts to develop a corps of cyber focused diplomats whose mission is to implement the President’s International Strategy for Cyberspace. The Strategy directs our response to a shifting landscape of global networks and communication technologies. While cyber and Internet issues were once seen as technical issues solely reserved for computer geeks, today they are increasingly being seen around the world as inextricably linked to national security, economic growth, social development, and human rights. Therefore, these issues are increasingly a core aspect of our foreign policy.
Let me be clear, this ongoing shift will require increased coordination at all levels of our government to achieve the policy priorities laid out in the International Strategy for Cyberspace. That is why my team is keenly focused on promoting the growing international consensus that says the basic rules of international law also apply in cyberspace. From this starting point we are establishing bilateral and regional cyber confidence building measures to reduce the risk of conflict.
Our work in the United Nations Group of Governmental Experts (GGE) — a group that has included representatives from a geographically diverse set of countries — exemplifies the potential success we can have in building mutual confidence and understanding in cyberspace. In 2013, for example, the GGE agreed to a consensus report that included a clear affirmation that international law, especially the United Nations Charter, is applicable in cyberspace, which was a landmark achievement. In 2015, the GGE reinforced that affirmation and also agreed to a set of voluntary peacetime norms of state behavior in cyberspace. While these were significant milestones, our work is far from finished.
Some countries continue to pose significant challenges to our efforts as they push their vision of a more state-centric, restrictive cyberspace environment. Yet, we know that the historic growth of the Internet and the social and economic impact that it has had on our lives are dependent on it remaining open, interoperable, secure, and reliable. Right now these questions are being debated all over the world in meetings, including ideas and proposals that could fundamentally affect our freedom and security both online and in the world.
As the State Department’s Coordinator for Cyber Issues, I am committed to ensuring that our view for the future of cyberspace wins over those that would restrain the future growth, openness, and innovation that an open Internet offers. With my team, I am also championing a framework for international cyber stability to ensure that all governments understand what constitutes responsible conduct in cyberspace and are building ways to prevent and resolve conflicts between states when incidents occur.
At the recent Munich Security Conference’s Cyber Security Series held at Stanford University, I laid out our vision for the future of cyberspace and explained the importance of our work to mitigate and deter cyber threats through cooperative international partnerships. Following my presentation, one attendee explained how he had never heard of a cyber diplomat. I told him that we are doing what diplomats have always done; building alliances, bridging gaps, and promoting international understanding and commitments to make us all more secure.
About this Publication:
All information regarding non-federal, third party entities posted on the HDIAC website shall be considered informational, aimed to advance the Department of Defense (DoD) Information Analysis Center (IAC) objective of providing knowledge to the Government, academia, and private industry. Through these postings, HDIAC’s goal is to provide awareness of opportunities to interact and collaborate. The presence of non-federal, third party information does not constitute an endorsement by the United States DoD or HDIAC of any non-federal entity or event sponsored by a non-federal entity. The appearance of external hyperlinks in this publication and reference herein to any specific commercial products, processes, or services by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government or HDIAC. HDIAC is a DoD sponsored IAC, with policy oversight provided by the Assistant Secretary of Defense for Research and Engineering (ASD (R&E)), and administratively managed by the Defense Technical Information Center (DTIC). For permission and restrictions on reprinting, please contact email@example.com. Any views or opinions expressed on this website do not represent those of HDIAC, DTIC, or the DoD.