Cyberstability Updates – February 2018

The GCSC in the news

Reinventing Multilateral Cybersecurity Negotiation after the Failure of the UN GGE and Wannacry: The OECD Solution

The original article by Theodore Christakis and Karine Bannelier was published on 28.02.2018 in EJIL:Talk.

In recent years, States have tackled the problem of cyber security by multiplying initiatives in various intergovernmental organizations, be they universal organizations (such as the United Nations or the ITU) or regional or restricted organizations such as the European Union (with, for example, the recent cybersecurity package announced by the EU Commission in September), the Council of Europe, the OSCE, the OECD, the African Union, the Shanghai Cooperation Organization, NATO, ASEAN, the G7 or the G20. These initiatives are also developed in ad hoc frameworks specifically dedicated to cyber-security, where an impressive number of conferences are initiated by States, such as the Global Conference on Cyberspace (GCCS) which has launched the Global Forum on Cyber ​​Expertise (GFCE) – and this without counting academic initiatives such as the process that led to the adoption of the Tallinn Manuals 1 and 2 or the creation of Think Tanks like the Global Commission on the Stability of Cyberspace chaired by Marina Kaljurand (formerly Estonian Foreign Minister).

Read the full article here.


Punish countries that launch cyber attacks, global expert Chris Painter says

The original article by Andrew Tillett was published on 28.02.2018 in Financial Review.

Countries like Australia need to start punishing nations that sponsor cyber attacks economically and diplomatically to stop perpetrators thinking they can get away with them, one of the US’s top cyber security experts says.

Read the full article here.


Foreign interference in elections ‘will be repeated’: Former US cyber tsar

The original article by David Forman was published on 23.02.2018 in SBS News.

The United States’ former top cyber diplomat has warned that foreign interference in the US and other democratic national elections will keep happening if western countries don’t get better at imposing consequences on so-called ‘bad actors’ on the internet.

Chris Painter, who was until last year the Director of Cyber Issues at the US State Department and previously the head of cybersecurity in the Obama White House’s National Security Council, told SBS News that US government cyber specialists had been “caught off guard” by Russian online operations aimed at dissuading voters from voting for Hillary Clinton in favour of now President Donald Trump in the 2016 election.

Read the full article here.


Improving, But Work to be Done Yet: Chris Painter’s Verdict on Global Cyber Awareness

The original article by David Forman was published on 23.02.2018 in MacQuire Government.

Chris Painter is a veteran attendee at the Munich Security Conference, so his reflections on the changed mood around cyber security at this year’s conference bear attention.

Mr Painter, the former US Cyber Co-ordinator, White House Cyber Security Adviser, FBI cyber-crime deputy assistant director and Federal prosecutor, landed in Australia this week fresh from Munich.

This year, there was again an expanding array of cyber security “side events”, and cyber security issues were mentioned in addresses by several leaders – including UK Prime Minister Theresa May, US National Security Adviser HR McMaster and UN Secretary General Antonio Guterres.

But cyber issues were not core issues on the main stage. Chris believes this indicates they are still not mainstream at the highest levels of government national security discussions nor in boardrooms.

Read the full article here.


Rebuild internet governance now, before it is too late

The original article by the GCSC Special Advisor Vint Cerf was published on 20.02.2018 in Financial Times.

Preserving the openness of the internet, enabling the development of the digital economy and structuring online communities is vital for future generations. At the same time, legitimate concerns are growing about the widespread abuse of this unique instrument. The question of how to respond to such concerns has, therefore, moved to the top of the agendas of national and international policymakers.

Read the full article here.


Ein Wettrüsten, das nur Verlierer kennt

The original article by the GCSC Commissioner Wolfgang Kleinwächter was published on 15.02.2018 in Frankfurther Allgemeine.

Sicherheit, Wirtschaft, Menschenrechte: Die digitalen Probleme der Gegenwart könnten dramatischere Folgen haben als der Klimawandel. Mögliche Lösung: eine Art KSZE für den Cyberspace.

Read the full article here.


Rex Tillerson proposes new ‘cyber bureau’ at the State Department

The original article by Chris Bing was published on 07.02.2018 in Cyberscoop.

In an interview with CyberScoop, Painter said he was happy about the idea of empowering State Department employees working on cyber diplomacy, but Tillerson’s plan left various unanswered questions.

“The biggest macro issue in this proposal is that it reports to the Undersecretary for Economic and Business Affairs and that is far too narrow a window or perspective for important security and human rights issues that increasingly predominate in this space,” Painter said.

Painter also said Royce’s plan to have the cyber office report to the Undersecretary for Political Affairs “makes much more sense and is a much more effective approach” because issues such as international cyber norms and cybercrime response might get neglected in a reporting structure that puts the cyber office under the department’s economic policy leadership.”

Read the full article here.


Trump administration announces new cyber office at State

The original article by Derek B. Johnson was published on 06.02.2018 in FCW.

Christopher Painter, who served as the cyber coordinator at the State Department before stepping down last year, testified that he believed the administration was focused on broader reorganization priorities and did not fully appreciate the implications of its decision to merge the cyber coordinator office into State’s Bureau of Economic Affairs.

“They are working on some of these issues; however, the level of the person who is assigned over there is at a lower level, a deputy assistant secretary level in an economic reporting chain,” said Painter. “As important as those issues are, it doesn’t give full voice to all these other issues around deterrence, around incident response. I think it’s an unfortunate [signal].”

Read the full article here.

Read the full testimony here.


Commission on ‘stability in cyberspace’ advances talks on global norms

The original article was published on 05.02.2018 in Inside Cybersecurity.

The Global Commission on the Stability of Cyberspace, a group led by former U.S. and international government, industry and academic figures, at a recent meeting discussed its call for “norms” on protecting the technological underpinnings of the internet, and set up an upcoming discussion on electoral systems, “hack-backs,” and the security of commercial products.

Read the full article here.


Top US cyber adviser Chris Painter announced as ASPI distinguished fellow

The original article by Renee Jones was published on 05.02.2018 by ASPI.

“I am very happy to come back to Australia and spend time with my friends at ASPI’s ICPC and my many friends and colleagues in government, business and civil society. Australia has always been a strong partner on cyber policy and combatting cyber threats. As technical and policy threats increase in cyberspace it is imperative that we work together to promote an open and secure cyberspace, promote stability in cyberspace, and find new ways to deter bad actors,” Chris Painter said.

Read the full article here.


House Foreign Affairs panel announces hearing on cyber diplomacy issues

The original article by Maggie Miller was published on 01.02.2018 in Inside Cybersecurity.

The full committee hearing on Tuesday will feature witnesses including Christopher Painter, the former State Department coordinator for cyber issues under President Obama.

Read the full article here.


Securing the Digital Transition

The original article by the GCSC Special Representative Carl Bildt was published on 22.01.2018 in Project Syndicate.

Every year, the World Economic Forum publishes a Global Risks Report, which distills the views of experts and policymakers from around the world. This year, cybersecurity is high on the list of global concerns, as well it should be. In 2017, the world witnessed a continued escalation in cyber attacks and security breaches that affected all parts of society. There is no reason to believe 2018 will be different.

The implications are far-reaching. Most immediately, we must grapple with governance of the Internet as well as on the Internet. Otherwise, the opportunities afforded by digital technologies could be squandered in a regulatory and legal arms race, complete with new borders and new global tensions.

Read the full article here.


Norms in Cyberspace

Cyberspace Norms and U.S.-China Relations: Addressing the Challenge of ‘China, Inc.+’

The original article by Robert D. Williams was published on 26.02.2018 in LawFare.

A central feature of U.S.-China cyber diplomacy has been Washington’s effort to persuade Beijing to acknowledge and enforce a norm against state-sponsored commercial cyber theft. After years of private diplomacy and public signaling, in September 2015, U.S. President Barack Obama and Chinese President Xi Jinping reached an agreement that “neither country’s government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” This norm gained the support of G-20 leaders at their November 2015 summit, and the U.S.-China agreement was reaffirmed as recently as October 2017.

In consenting to this language, what did the respective leaders understand themselves to be committing to? What constitutes intent to provide competitive advantage to a nation’s commercial sector? Where is the line between commercial purposes and national security objectives? What degree of control is necessary to impute responsibility to a government rather than a nonstate actor?

The lack of good answers to such questions exposes one aspect of the complexity of efforts to develop and implement norms of state conduct in cyberspace.

Read the full article here.


U.N. chief urges global rules for cyber warfare

The original article by Andrei Khalip was published on 19.02.2018 in Reuters.

U.N. Secretary General Antonio Guterres called on Monday for global rules to minimize the impact of electronic warfare on civilians as massive cyber attacks look likely to become the first salvoes in future wars.

Computer hackers, many of them believed to be state-sponsored groups, last year disrupted multinational firms, ports and public services on an unprecedented scale around the world, raising awareness of the issue.

Read the full article here.

Bruce McConnell

Co-Director

Carl Bildt

Special Representative

Vint Cerf

Special Advisor