U.S. Unveils Int'l Cybersecurity StrategySeeking Secure, Reliable Internet to Support Trade, Free Expression
To achieve that goal, the strategy says, cooperation among nations is needed to build and sustain an environment in which norms of responsible behavior guide states' actions, sustain partnerships and support the rule of law in cyberspace.
U.S. Secretary of State Hillary Clinton said the strategy is not a series of prescriptions. "There is no one-size-fits all, straight-forward-route to that goal," Clinton said. "We have to build a global consensus around a shared vision to the future of cyberspace, to make sure it serves rather than impedes the social, economic and political aspirations of people worldwide. And, that can only happen through patience, persistence and creative diplomacy."
A star-studded lineup of top Obama administration officials joined Clinton to emphasize the importance of the new strategy, including John Brennan, the president's counterterrorism and homeland security adviser; Howard Schmidt, White House cybersecurity coordinator; Attorney General Eric Holder; Secretaries Janet Napolitano of Homeland Security and Gary Locke of Commerce; and Defense Deputy Secretary William Lynn. The presentation was made in the Eisenhower Executive Office Building next to the White House and was attended by foreign diplomats, government, intelligence and defense officials, industry executives, academicians and civil liberties and privacy advocates.
Clinton outlined the seven principles in the international cybersecurity framework:
- Economic engagement Promoting international standards, innovation and open markets to ensure that cyberspace serves the needs of the global economies and innovators.
Protecting networks: Enhancing security, reliability and resiliency because strong cybersecurity is critical to national and economic security in the broadest sense.
Law enforcement: Extending collaboration and the rule of law to strengthen confidence in cyberspace and pursue those who would exploit online systems.
Military cooperation: Preparing for 21st century security challenges because the nation's commitment to defend its citizens, allies and interests extends to wherever they might be threatened,
Multi-stakeholder Internet governance: Fostering governance structures that effectively serve the needs of all Internet users.
International development: Building capacity, security and prosperity to promote the benefits of networked technology globally, enhance the reliability of shared networks and build a community of responsible stakeholders in cyberspace.
Internet freedom: Supporting fundamental freedoms and privacy to help secure fundamental freedoms as well as privacy in cyberspace.
The strategy means that American diplomats when engaging foreign government will not address a myriad of cyber issues separately. Too often, Clinton said, international discussions focus separately on cybercrime, Internet freedom and network security. "We can't have disparate stovepipe discussions," she said. "We are not dealing with these issues internationally, in a coordinated integrated fashion, and so, now we will based on our strategy."
Lynn, the Defense Department's point man on cybersecurity, explained why international cybersecurity cooperation is key to protect American digital assets as well as those of U.S. allies. "Just as our air defenses are linked with those of our allies to provide warning of attack, so too must we share information to prevent and, if necessary, respond to cyber intrusions," he said.
Schmidt said the creation of the international cybersecurity policy itself demonstrates that U.S. federal agencies can collaborate to tackle important IT security matters, pointing out that 18 agencies worked together to develop the strategy.
The release of the international cybersecurity policy is the second major Obama administration IT security initiative in as many weeks. On Thursday, the White House introduced a domestic cybersecurity legislative package that would codify the Department of Homeland Security as the lead agency in protecting federal civilian agencies and the national critical IT infrastructure as well as nationalize data breach notification and the toughening of penalties for cybercrimes (see White House Unveils Cybersecurity Legislative Agenda).