US to unveil new international cyber framework

The United States will unveil a new international cyberspace strategy on Monday, marking an update of a 13-year-old document that outlines how America positions itself with other nations across the global internet ecosystem, the State Department told Nextgov/FCW.

The blueprint will be unveiled at the RSA Conference in San Francisco, which will include remarks from Secretary of State Anthony Blinken the same day. Nathaniel Fick, State’s cyber and digital policy ambassador, will also be on site.

The Obama-era outline launched in 2011 and sought to define U.S. cross-border digital conduct. It made multiple mentions of cybersecurity and data privacy, calling on nations to practice cybersecurity due-diligence to protect their infrastructure from compromises.

But the landscape has drastically changed over the past decade as cyberattacks follow more in parallel with regional conflicts, as well as the advent of consumer-facing AI tools and newly established cross-border data flow mechanisms.

Draft documents of the strategy were circulated among U.S. officials this past fall. The framework may discuss newfound cybersecurity areas like 5G networks or supply chain security, as well as an increased focus on global cyber partnerships as Western allies work to deter Russian and Chinese cyber influence from reaching far and wide.

The State Department did not share the contents of the new strategy, but a number of policy concerns have emerged since 2011 that appear ripe for international cooperation. For example, spyware abuses are a major area of concern for the department, which has been working to get global partners to make commitments to not use spyware tools for human rights abuses. The U.S. is working to get more nations signed onto the pact by November.

Spyware — software programs surreptitiously planted on victims’ devices to surveil their movements and capture private communications — has been deployed extensively by governments against journalists, politicians and dissidents around the world. Dozens of governments have contracted with spyware vendors over the past 10 years, enabling cyber surveillance activity to steadily increase.

The strategy may also address quantum computing and quantum encryption standards. Quantum computing is viewed as an emerging paradigm that will likely help the intelligence community and Defense Department enhance their cybersecurity and logistics capabilities. 

Thought leaders in the federal government are trying to thwart quantum-powered cyber intrusions like “record now, decrypt later” attacks, where an adversary will hoover up encrypted data streams, store them, and — with the eventual existence of a powerful enough quantum device — decrypt that data to use for theft or exploitation.

The U.S. has also been trying to gain the upper hand in cyberspace diplomacy as adversarial nations work to use their own internet and telecom standards bodies to push what officials view as dangerous authoritarian agendas that create international instability and plant the seeds for cyberattacks. Russia, for instance, has publicly objected to international proposals pushing for humanitarian digital conduct.

A recent data security executive order notably creates a legal framework aimed at preventing scores of sensitive data like genomics information from falling into the hands of foreign adversaries. 

The U.S. is also undertaking a major campaign to shore up domestic semiconductor manufacturing, a move that the Commerce Department says would reduce reliance on adversaries’ supply chains and create economic security for America’s tech workforce.