Countries are interested in discussing cybersecurity issues on an international level and agree on cyber norms because they see the potential threats, according to Christopher Painter, coordinator for cyber issues at the State Department.
Painter has been creating a strategic framework for cybersecurity during peacetime and gaining support from other countries. The framework includes a global affirmation that international law applies to cyberspace, voluntary norms of behavior in cyberspace, and development of confidence and trust between countries.
“There’s general agreement even among our ‘frenemies’ that international law applies,” Painter said at the Akamai Government Forum on Tuesday. “We’ve gotten a lot of speed in moving toward this framework. We still have more to do. We need to get more countries to sign up.”
Painter said that one of the challenges to getting countries to agree to the framework is education on cybersecurity threats.
“I think it’s gotten easier, frankly, because people see the threat.”
If countries choose to break the norms established in the framework, other countries have the option to respond using sanctions, military measures, or other diplomatic tactics.
“Cyber is the new black,” Painter said. “Everybody wants to talk about this.”
DHS Cyber Posture Will Become More Dynamic and Data-Centered
For example, the United States and Israel established a cybersecurity working group after President Donald Trump’s meeting with Prime Minister Benjamin Netanyahu. The United States is working with other countries to ensure that they define the roles and responsibilities on the mitigation of cyberattacks across government. The State Department wants other countries’ networks to be secure because the United States’ networks often overlap in order for nations to work together and communicate.
“It’ll protect your country but it’ll also protect our country,” Painter said.
The State Department has more than 100 cyber diplomats at agencies around the world. When the United States experienced a distributed denial of service (DDoS) attack on its financial institutions from a foreign actor, the State Department was able to use diplomatic means to ask foreign leaders to help mitigate the attack.
“And we’ll help you if you come to us,” Painter said.
Other nations’ leaders are worried about bad actors attempting to change the integrity of data and intrusions into self-driving cars, according to Painter.
“We’re building alliances, trying to bridge gaps,” Painter said. “All to secure us online as well as offline.”
Painter said that cybersecurity has gone from a niche technical issue to a core issue of policy, security, privacy, and diplomacy.
“There’s a much better understanding that this is a key issue that’s not going away,” Painter said.
Painter said that one of the threats to diplomatic policy is states that draw borders around their cybersecurity to control all of the information that citizens can access. These countries often see the Internet as a threat to stability, whereas the United States sees it as a tool for economic growth.
“If we use security as a way to limit the positive things about the Internet, that’s going to cause big problems down the road,” Painter said.