9 September 2017

The Case for Diplomacy in Cyberspace

Chris Painter

For the last six and a half amazing years I have had the honor to serve as the first Coordinator for Cyber Issues in the Secretary’s Office at the State Department. I am tremendously proud of what we have accomplished during my time as America’s top cyber diplomat, and prouder still of one of the most talented, creative and dedicated teams in government — or for that matter anywhere. My office literally created and advanced a whole new area of foreign policy focus that simply didn’t exist before. As both cyber threats and opportunities have continued to grow, so too have the range of cyber issues — including everything from Internet Freedom and Governance to combatting cybercrime, fostering cybersecurity and advancing international security and stability in cyberspace. These important matters have evolved from being seen as largely niche or technical issues, to core issues of national security, economic security, human rights and, ultimately, core issues of foreign policy.

When then Secretary Clinton created our office, we were the first of our kind in the world. Today, there are over twenty such offices, and growing, in foreign ministries around the globe — a testament to the growing importance of these issues as a foreign policy imperative. We’ve also established other precedents for the international community. For example, we pioneered “whole of government” dialogues with global partners to ensure that we were leveraging all of the capabilities of our governments on these cross-cutting issues, that now are the model for engagement between many countries. More importantly, we made concrete progress, working with other countries and partners, to ensure we maintain an open, interoperable, reliable and secure cyberspace for the future, while responding to growing threats posed by nation states, criminal groups, terrorists and others.

We worked with like-minded governments to cooperate and use diplomatic tools to address world-wide cyber threats. We reached a landmark agreement with China that made clear that no state should use cyber means to steal the intellectual property and trade secrets of another to benefit its commercial sector that has been widely adopted by other countries. We led the international discussion and provided the thought leadership in promoting a framework of cyber stability to address the growing threats in cyberspace particularly as states develop new cyber capabilities. As part of that framework, we achieved a historic consensus that international law that applies in the physical world also applies in cyberspace; we articulated and advanced a number of norms of state behavior (voluntary rules of the road), and promoted cyber confidence building and transparency measures to avoid miscalculation and conflict escalation. This framework is the foundation of a more robust deterrence strategy in cyberspace that we are now developing and advancing. That strategy looks to builds a flexible coalition of likeminded countries who can respond to bad actors, using all the tools in our tool kit and some we haven’t even thought of yet. Inevitably, whether in the physical or cyber world, bad actors will violate norms and international law, but acceptance of those basic precepts allow the good guys to act together to ensure a safe and secure global Internet. We simply need to be more agile and timely in addressing and responding to the significant threats we face or we risk setting the norm that these pernicious actions are acceptable.

We joined with our human rights colleagues at State to help advance and protect Internet Freedom and make sure that promotion of these values were woven into our security work and engagements with other countries. We worked with our Department of Justice colleagues to get more countries to adopt the Budapest cyber crime convention and increase international cooperation and capacity among law enforcement professionals. We labored with our colleagues in the Department of Homeland Security and others to create and implement an ambitious capacity building initiative so that countries have the strategies and ability to help protect themselves and, given the global nature of cyber threats, cooperate to protect us. And, we worked with colleagues across the government, the private sector and civil society, to thwart continued attempts by repressive regimes to impose state control over the Internet and undermine its multi-stakeholder foundation.

While we have accomplished much, we are still at the beginning of this journey and there is a long road ahead. Indeed, I believe we are at an inflection point, where the work we do now and the choices we make will determine whether we can all continue to benefit from this amazing technology, or whether both growing policy and technical threats will undermine its incredible potential. Achieving the future we want will require continued high-level attention and a significant and sustained effort. Diplomacy has and must continue to play a pivotal role — shaping the environment, building cooperation, and working to build coalitions to respond to shared threats, and we must continue to lead the international community. This is not some legacy Cold War issue but the quintessential 21st century issue of our national security — involving aspects of human rights, security and economic policy — requiring high- level leadership and a matrixed 21st century response that leverages all of our capabilities.

Our approach to this issue must be agile, coordinated and creative, not stove-piped or siloed, to succeed. I am proud that my office, S/CCI, has tried to leverage all of the interests and capabilities of the Department of State and the interagency. Far from being divorced from the expertise and resources of any single bureau at State, we have tapped into and used the expertise of every regional and functional bureau — each bringing their own unique perspective and experience — on a wide range of issues across the entire Department. In turn, we have been a resource for each of their growing cyber efforts. We also established and trained a corps of cyber officers at our posts around the world to help weave this new issue as a new foreign policy priority into the very fabric of the Department.

I am honored to have served in a role that allowed us to be innovative and advance our important agenda, and I am tremendously grateful to the dedicated folks throughout the State Department — including our great cyber officers in posts around the world, our interagency and White House colleagues, my foreign counterparts, and my many friends, partners and colleagues in the private sector and civil society. And again, special thanks to the all-star team in my office. They are the lynchpin of all we have done and I am confident, with their help, that we can continue to make important strides in the future.

Talented S/CCI Family — The “Avengers” in Cyberspace

Those who have been to my office know that it is festooned with movie posters where computers or hackers are the main characters, including my favorite, “Colossus: the Forbin Project” (the first movie where computers took over the world) and many, many others. Many of these movies project a dystopian future where technology does not empower but rather controls us. We need to ensure that this dark future does not prevail by effectively combatting the many threats — both policy and technical — in cyberspace and taking advantage of the opportunities that cyberspace presents. Success will depend on using all of our tools including diplomacy.

I have devoted the last 26 years to these issues and I will stay passionate about them and stay involved. These issues are too important to our future for any of us to ignore. As I am fond of saying, cyber is the new black.

No comments: