By Emilio Iasiello, LookingGlass Cyber Threat Intelligence Group (CTIG)
I recently attended Georgetown University’s 6th Annual International Conference on Cyber Engagement. The conference is intended to promote dialogue among policymakers, academics, and key industry stakeholders from across the globe, and explores the worldwide community’s increasing interconnectivity in this Domain: A specified location where a set of activity or knowledge exists. For instance, an Internet domain is synonymous with a website address or URL where information can be made available. LookingGlass Cyber (n) - A fancy name for a URL or website.. By drawing on the experience of government, industry, and academic participants, the conference is unique in that it brings together a multidisciplinary approach that actively seeks the insight of international partners in identifying the challenges of cyberspace from technical, corporate, legal, and policy perspectives. This was instrumental in determining potential areas of common interest as well as those areas where differences exist, thereby identifying areas for additional work and collaboration. This year’s conference featured attendees and speakers from 40 countries.
While all the talks were thought provoking, those that involved representatives from foreign governments and organizations were the most valuable in showcasing alternative viewpoints from that of the United States. This was especially insightful when addressing global issues such as the Wassenaar Agreement (a multilateral export control regime intended to regulate the export of various conventional arms and dual-use good and technologies), the European Union-United States Privacy Shield (an arrangement that imposes restrictions on how personal data is protected by U.S. companies), the cyber norms of nation-state behavior in cyberspace, and how to gain consensus among different governmental and cultural stakeholders.
I found these talks particularly interesting due to the current focus on the need for increased public and private cooperation when it comes to cyber security. Recently, the U.S. government enacted the Cyber Intelligence Sharing and Protection Act into legislation as part of the year-end budget deal, designed to facilitate the sharing of cyber threat-related information with private entities and non-governmental agencies. As of April 2016, the Department of Homeland Security was actively seeking better private-public sharing of cyber threat information by advocating all private sector organizations to get under its umbrella to better manage and mitigate risks to critical infrastructure.
Given the interconnected and borderless nature of the Internet, it stands to reason that international cooperation is a natural extension of these efforts. Many governments are actively seeking to find areas to cooperate and exchange threat information in order to improve their respective cyber security postures. In the past six months, the following countries and international organizations have engaged one another on cyber security issues: Japan-Estonia; India-U.S, Russia-U.S., Singapore-Israel, and NATO-European Union, to name a few.
This is not an exhaustive list but merely illustrates that the appetite for cyber security assistance is there and that governments are willing to engage counterparts on this issue. The fact that more governments are interested in participating in discussions such as those on state cyber norms of behavior, as said by one of the panelists at the Georgetown conference, further demonstrates the need for international engagement on all levels. Shared critical industries such as maritime shipping and commercial aviation ultimately rely on the security of all international stakeholders.
As an interconnected global platform, the Internet and its security is a shared responsibility that requires input from all stakeholders and cannot be corralled into hamlets of shared interests. While there will likely be differences in some areas between governments, shared areas of interest such as crime and critical infrastructure protection are platforms from which continued engagement can be leveraged. Ultimately, continued progress will rely on give and take between responsible public-private cooperation and the willingness to concede on some issues in order to promote and preserve stability in cyberspace.