Task force calls for stronger U.S. international engagement on cyber issues


A task force sponsored by the Council on Foreign Relations calls on the United States to build an alliance for cybersecurity with like-minded actors.

The task force – charged with making recommendations for the defense of an open global Internet and co-chaired by John Negroponte, a former diplomat and director of national intelligence, and Samuel Palmisano, the former chief executive officer of IBM – issued June 6 a final report (.pdf).

The report discounts warnings about a "cyber Pearl Harbor," stating that widespread cyber espionage is the most immediate threat to economic and national security interests. The capability to launch a sudden cyber strike that destroys or disrupts large swaths of critical infrastructure is likely limited to a few governments, the report says – and they are deterred from launching such a strike by the expectation of American retaliation. The report says offensive U.S. cyber capabilities are a necessary part of the deterrent, but calls for a more open discussion on cyber weapons and further declassification of information.  

When it comes to cyber espionage, the United States must take steps to address it, since failure to do so "makes it far more likely that distrust and conflict will rule the future of cyberspace."

Using the example of the Proliferation Security Initiative as a template (the PSI is an international effort to stop trafficking in weapons of mass destruction), the United States and other countries should incorporate a prohibition against economic cyber espionage into multi- and bi- lateral agreements, "perhaps eventually pursuing sanctions or other measures to restrict market access at the World Trade Organization." 

The United States should also find other governments, companies and non-governmental organizations willing to commit to a common set of Internet practices and principles.

"Other nations are looking to Washington to do more diplomatically to better coordinate and integrate cyber defense," the report says, stating that the Defense Department should expand military-to-military contact and training of cyber and defense authorities.

All future trade agreement should also contain a goal of fostering the free flow of information across national borders "while protecting intellectual property and developing an interoperable global regulatory framework for respecting the privacy rights of individuals."

Congress should amend the Computer Fraud and Abuse Act to strengthen civil remedies with specific dollar amounts that can be used against cyber spies, the report adds.

The report also makes the specific recommendation that the legal authority of the Homeland Security Department's National Cybersecurity and Communications Integration Center, which houses U.S-CERT and the Industrial Control System-CERT, should be increased. Presently, the NCCIC must request from many other agencies information that could help the private sector defend its systems, the report says. The position of NCCIC director should be elevated to an undersecretary "or even a deputy secretary rank, Senate-confirmed position."

The White House should also consider whether the position of cybersecurity coordinator – aka the cyber czar – should also be a part of the National Economic Council and the Office of Science and Technology Policy, rather than exclusively a part of the national security staff, the report says.

When it comes to multi-stakeholder governance of the Internet, the report warns that the United States cannot only beat back efforts to change it. The December 2012 outcome of the World Conference on International Telecommunications 2012 conference, in which authoritarian and developing countries generally agreed to a revision of the International Telecommunication Regulations that the United States and mostly Western and developed nations refused to sign, occurred in part because many developing countries feel shut out of the multi-stakeholder process and saw the revised ITRs addressing  their concerns, the report says.

"The United States needs to address the legitimate access, infrastructure, and security concerns of developing countries," the report says and should develop a tenacious international presence to combat incrementalism by the International Telecommunications Union.

For more:
- download the report, Defending an Open, Global, Secure, and Resilient Internet" (.pdf)

Related Articles:
U.S.: Cybersecurity should be regular part of diplomatic exchanges with China
Lewis: U.S. should go to WTO over Chinese espionage
Challenges for multi-stakeholder Internet governance