Six Cyber Diplomacy Milestones of 2016
Five years ago the Office of the Coordinator for Cyber Issues was created to promote the U.S. vision for an open, interoperable, secure, and reliable Internet where all stakeholders can experience its economic and social benefits. Each year since we’ve applied proven tools of diplomatic engagement to proactively lay the foundation of international norms and confidence building measures necessary for stability and conflict avoidance in cyberspace. We’ve also strengthened our bilateral and multilateral engagements with foreign partners and stakeholders to underscore our shared belief that malicious activity in cyberspace must be met by a collective front of like-minded actors.
Each day, our cyber policy officers throughout the world use these tools to foster a cyberspace environment that rewards innovation, empowers individuals and communities, builds better governments, expands accountability, safeguards fundamental freedoms, enhances personal privacy, and strengthens national and international security. While it’s impossible for me to highlight all of the great work by cyber policy officers this year, I compiled the following list to demonstrate the range of ways they’re having an impact.
1. Negotiated Landmark OSCE Decision on Cyber Confidence-Building Measures
In a landmark decision, the Organization for Security and Co-operation in Europe’s (OSCE) 57 participating states agreed at its Permanent Council meeting in March to expand a list of OSCE confidence-building measures (CBMs) to enhance security and stability in cyberspace. The agreement also stood to reduce the risks of conflict stemming from the use of Information and Communication Technologies (ICTs). Our cyber policy officers in Vienna played a key role in ushering in this ground-breaking development. Given the often complex nature of the impact ICTs can have on inter-state relations, the decision provided further clarity for nation-state actions in the cyber domain, which could rapidly escalate if misperceptions are not quickly addressed. Such an escalation towards conflict could threaten the economic and social benefits that Internet users worldwide have come to appreciate. While the 2016 decision doesn’t resolve all cyber related issues, it represents significant progress towards making cyberspace a little more stable.
2. Established First-Ever Bilateral Framework on Cyber
The U.S.-India relationship is a natural partnership between the world’s two largest democracies, and this is also true in cyberspace. In 2016, we welcomed a further deepening of the robust relationship by finalizing the first-ever framework, which recognizes a shared commitment to bolstering the economic and social benefits that the Internet and communication technologies provide. This is the first bilateral cyber framework agreement that the United States has signed. It is already enabling more cooperation on cybersecurity, cybercrime and the protection of critical infrastructure. Then, during the Fifth U.S.-India Cyber Dialogue we agreed to a series of tangible steps, including continuing to exchange information on cyber threats and issues of mutual concern, discussing possible cooperative measures, and promoting bilateral cooperation on law enforcement and cybercrime issues, among other topics. These developments followed on the heels of discussions between President Obama and Prime Minister Modi which included agreement on cyber issues.
3. Supported the Renewed Mandate for the Internet Governance Forum
The 11th annual Internet Governance Forum (IGF) conference took place in Guadalajara, Mexico in December 2016. It capped a year of continued efforts to strengthen dialogue on important cyber policy issues that affect us all in the Internet age; while fueling conversations about access, diversity, privacy, security, human rights, gender, trade, the Internet of Things, and more. Last year represented the first year under the new United Nations General Assembly’s mandate of the IGF, which was renewed for a total of ten years. The renewal is important because it affirms the primacy of the multi-stakeholder approach to Internet related policy issues that give a voice, not only to governments, to civil society, technical and academic communities, and the private sector, rather than top-down, inter-governmental control of the Internet.
4. Developed Programs to Strengthen Global Cybersecurity Capacity
Cybersecurity is critical to global security, and all nations have a responsibility to promote it by protecting their own networks and information infrastructure to ensure they are secure, reliable, and resilient. Those with poor cybersecurity pose a risk to everyone else online– a “weak link” in a global, borderless cyberspace. As such, the United States encourages all nations to adopt the best practices for a national approach to cybersecurity. That’s why we worked with MITRE Corporation to develop a “National Cyber Strategy Engagement Plan” to inform national strategy development and implementation efforts within a partner nation’s particular circumstances and aspirations. There is no one-size fits all model for national cyber strategies — each nation’s goals and approaches should reflect its needs and resources.
Additionally, my office worked with Carnegie Mellon University’s Software Engineering Institute (SEI) to strengthen African nations’ cyber incident response and coordination capabilities. One particular success was working with Cote d’Ivoire’s national computer emergency response team (CSIRT) to gain membership and be the fourth sub-Saharan Africa CSIRT to join FIRST, the premier global CSIRT community. Additionally, together with SEI, we developed a “National Computer Security Incident Response Team Development Mentoring Framework” that can be used to provide tailored and sustainable cybersecurity capacity building assistance.
5. Trained Cyber Policy Officers to Effectively Promote U.S. Interests in Cyberspace
Providing our diplomats and overseas personnel the training needed to engage foreign counterparts on the full range of cyber issues is a leading priority for U.S. foreign policy. That’s why we invited more than 80 cyber policy officers to Washington, D.C. to participate in a comprehensive multi-day workshop that included senior government and private sector speakers. Our training was a first of its kind for U.S. diplomats and established a standard for how cyber training can be organized and executed moving forward. My team is already engulfed in planning this year’s training where we intend to further strengthen the U.S. corps of cyber policy officers and digital economy officers.
6. Coordinated the Global Effort to Raise Cybersecurity Awareness
In support of National Cybersecurity Awareness Month (NCSAM), a U.S. initiative, U.S. embassies and consulates hosted discussions, competitions, guest speakers, and social media campaigns under the hashtag #Cyberaware. From Bandar to Bridgetown, Phnom Penh to Prague, our posts overseas conducted outreach activities and met with local representatives from the private sector, academia, and host governments to discuss cybersecurity policies and strategies.
Last year was full of cyber related milestones that in concert have made our nation more secure and ensured that we continue to benefit from a free and open Internet, however challenges remain. Therefore the work of cyber policy officers is far from complete. Reports of cyber incidents potentially linked to state-sponsored activity have become a regular feature in the public conversation. As recent events have shown, cyber policy is foreign policy. As I look to the milestones ahead, I am confident that global interest and awareness on cyber related issues will continue to grow. That’s why I like to say that cyber is the new black. In other words, these cross-cutting issues will increasingly touch all aspects of U.S. foreign policy and national security.