recommended reading

Administration unveils cybersecurity foreign policy

Cabinet officials on Monday introduced a plan to incorporate network security into future foreign policy actions. The announcement of an international strategy for cyberspace comes one week after the White House sent Congress a legislative proposal for a sweeping overhaul of U.S. network security.

Monday's policy outlines the moves the United States must make in partnership with allies to promote compatible, secure, reliable and unfettered information exchange.

"This is a strategy that goes beyond any singular partner or agency," John Brennan, President Obama's top counterterrorism adviser, said during a formal unveiling of the framework at the White House.

Academics have long warned that poor interagency collaboration and misaligned domestic and foreign cyberspace policies are hurting U.S. efforts to, among other things, cut off financial support for terrorist groups. Nabbing the groups backing, for example, suicide bombers requires balancing national security and individual online privacy. Government officials typically must trace credit card transactions, online payments, emails and other communications to understand the target's day-to-day activities.

Officials acknowledged that the strategy is vague on specific tools, as it is not a technical document. It largely builds upon existing policies, such as the 2001 Budapest convention on cybercrime, a binding pact signed by 30 countries including the United States, Canada, Japan and South Africa. The convention provides nations with a template for drafting laws on evidence-sharing and extradition. The United States wants more countries to join the convention, or at least craft laws modeled after its rules.

The department heads said they will carry out the initiative using global standards of acceptable behavior, rather than relying on statutes.

"The development of norms for state conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete," the policy document stated. "We will continue to work internationally to forge consensus regarding how norms of behavior apply to cyberspace, with the understanding that an important first step in such efforts is applying the broad expectations of peaceful and just interstate conduct to cyberspace."

Earlier this year, a study by the East West Institute, a Brussels-based think tank, concluded that a global cyber treaty may be unattainable because private companies -- not nations -- control much of the Internet's infrastructure. The organization recommended instituting voluntary private sector agreements and international standards, similar to the goals the Obama administration laid out on Monday.

The strategy makes clear the United States will defend its networks from terrorists, cybercriminals or other nation states when necessary, taking care not to violate the privacy of U.S. citizens.

"Department of Defense networks are probed millions of times a day . . . cyber threats are growing more serious and more prevalent," said Defense Department Deputy Secretary William J. Lynn III. "Far greater levels of cooperation with more nations are needed if we are to stay ahead of the cyber threat."

He noted Defense has in the works a forthcoming strategy for operating in cyberspace. Currently there is no Geneva Convention for cyberwar that would protect civilians by drawing a line against, for example, attacks on hospital databases or air traffic control networks.

The framework states, "We reserve the right to use all necessary means -- diplomatic, informational, military and economic -- as appropriate and consistent with applicable international law, in order to defend our nation, our allies, our partners and our interests."

It underscores that some regions, namely Africa and the Middle East, are not part of existing organizations that have begun dealing with network security issues, such as the Association of Southeast Asian Nations, Organization for Economic Cooperation and Development, and the United Nations.

Homeland Security Secretary Janet Napolitano said, "The strategy calls for assisting international partners with capacity building, especially when it comes to developing the computer emergency readiness teams" -- a squad of security specialists that can be called in to identify the origin of attacks and mitigate potential damage from breaches.

The initiative encourages governments and businesses to jointly develop international, voluntary standards for system compatibility and security. It adds that countries should configure their networks in a way that does not interfere with internationally connected systems.

Secretary of State Hillary Clinton said, "While the Internet creates new economic opportunities, it also gives criminals new opportunities to steal personal information and intellectual property."

Attorney General Eric Holder echoed that sentiment, saying, "Unfortunately, for every technological or commercial quantum leap that we have made, criminals have kept pace." He said the strategy signals a new era of cooperation and vigilance that began with the Budapest agreement a decade ago.

Clinton stressed that the plan is not prescriptive. Her department has taken the lead on so-called Internet freedom -- the drive to stop oppressive regimes from filtering and disrupting citizens' online communications. On the subject of online censorship, the framework says states should not arbitrarily disrupt peoples' access to the Internet or other networked technologies.

Threatwatch Alert

Stolen laptop

3.7M Hong Kong Voters' Personal Data Stolen

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.