International agreements form the foundation for international cooperation on a host of issues, from the proliferation of nuclear technologies, to chem/bio weapons, to terrorism, though no such foundations really exist for cybersecurity issues.
At a recent luncheon hosted by the World Affairs Council, Gen. Michael Hayden, former head of NSA and deputy director of national intelligence, Dr. Jim Lewis of CSIS and Dr. Jamie Saunders, counselor at the British Embassy in Washington, D.C., each spoke on the topic of the need for international cooperation in cyberspace.
Hayden highlighted some of the basic issues when discussing cybersecurity, particularly understanding just how complex the topic is.
“I would much rather be up here speaking about something as straight forward as Afghanistan,” Hayden said.
The issues surrounding cybersecurity are remarkably complex and represent a variety of challenges. Lewis discussed the need for a tiered approach to cybersecurity, saying “one size does not fit all.” He highlighted the need for increased international approaches to shrink the “sanctuaries” that are available to cyber criminals.
Saunders discussed his concern over any possible U.S. approaches to international engagement. He pointed to the threat of unilateralism in deciding protocols for cyberspace. Lewis, conversely, highlighted the need for the United States to take a central role in forming any international legal frameworks. As IT space begins to move further afield of the United States, it is possible that other nations will take the lead in developing cybersecurity solutions the United States may not like or agree with.
An interesting question, however, is does the United States need to decide its own domestic ideas of cybersecurity before moving into the international realm. Hayden seems to think so, observing the nation needs to be on the same page before going out to other nations in an effort to obtain a treaty or convention. Lewis took the concept a step further and pointed out that once that happens, there also needs to be consensus reached with foreign nations on what different words mean when holding discussions about cyberspace. Hayden also drew attention to the reluctance of the United States to talk about cybersecurity, both culturally and institutionally, along with finding the right balance of security, ease of use and privacy.
With all these challenges, what are some solutions? At this point, it is difficult to say. It is clear the United States needs to formulate a unified concept of what cybersecurity constructs are needed before proceeding internationally.
One thing is certain, cyber threats will continue to increase and new international codes need to be formulated to mitigate them.