International Cooperation Critical to Cyber Mission
 |
Gen. Keith Alexander, USA, leads both the National Security Agency and U.S. Cyber Command. The Defense Department, intelligence agencies, FBI and State Department are considered the major U.S. players in the cyberdefense realm. |
U.S. officials attending a United Nations meeting this month will try to sway other nations to agree to a set of international norms of behavior in the cyber realm. The U.S. approach is at odds with that preferred by Chinese and Russian officials, who argue that new treaties or international codes are needed for cyber.
“This event is going to give us an opportunity to participate with many nations in an international forum to discuss, among many things, our views about the need for international norms of responsible behavior,” says Maj. Gen. John Davis, USA, senior military adviser to the Undersecretary of Defense–Policy for Cyber. Gen. Davis explains that the Obama administration believes that existing treaties should be interpreted to include behavior in cyberspace.
The general cites the International Human Rights Law and the International Law of Armed Conflict as two examples. “Establishing norms of behavior that are based on existing international law and agreements is the right way to go. You already have long-standing, well-scrutinized laws that have been set in place and have withstood the test of time,” Gen. Davis says.
From the U.S. point of view, those existing laws can be used to establish agreements for behavior in cyberspace. “We believe those laws apply as equally to cyber as they do to other physical domains,” the general adds. “Given that framework, what we’d like to do is to work with other countries to establish what we can agree are the acceptable norms of responsible behavior.”
The approach favored by Russia and China, however, essentially would create new treaties modeled on arms agreements, which Gen. Davis and other U.S. officials say would be impossible to monitor and verify. It simply is more difficult to monitor what another country is doing in cyberspace than it is to count nuclear missiles or verify their destruction, for example.
Steven Schleien, the U.S. Defense Department’s principal director for cyberpolicy, expressed similar concerns at Georgetown University’s second annual International Engagement on Cyber, which also included officials from Russia and the Netherlands. Schleien described cyberspace as a novel arena for defense partnerships and said that in the U.S. view, “Arms control doesn’t work in cyberspace [because] I don’t know what we would monitor or how we would verify anything in terms of cyberweapons and cybertools.”
Gen. Davis explains that the difference between the U.S. approach and the one promoted by China and Russia is one largely rooted in contrasting political systems. “For the United States, one of our fundamental values is the free flow of ideas, the rights of citizens to express themselves. That’s a value fundamental to our constitution. We’re concerned that this talk of a regime of state-controlled codes could be exploited to involve state control over information and to suppress the kinds of things that are important to us as a fundamental human value,” the general asserts.
Gen. Davis acknowledges the challenges posed by the differing political systems. “On those points where there are disagreements, it is our hope that we can persuade those who disagree to [consider] our view. At least we can make them better understand our view and why we have this position and vice versa,” he says.
The expected August meeting comes on the heels of a meeting between top-ranking U.S. and Chinese officials in May. The event included Hillary Clinton, U.S. secretary of state, and Timothy Geithner, U.S. Treasury Department secretary, as well as high-ranking U.S. Defense Department officials. “There, you had senior representatives from the U.S. government in direct communication with their counterparts in the Chinese government,” Gen. Davis explains. “The discussion about cyber played a major role.” He adds that leaders from both countries were able to discuss their concerns candidly, “in order to find areas of mutual goals and objectives in an attempt to better understand each other so that we can prevent misunderstandings, prevent misconceptions and ultimately prevent mistakes.”
The May and August discussions are part of an overall strategy to foster understanding and build partnerships domestically and internationally in the cyber realm. The cyberdomain is critical to Defense Department operations, just as it is for all government agencies and individual citizens. The military, however, does not control all of the networks over which its data travels, so for years officials have been expanding cooperation with other government agencies, the private sector and other countries.
 |
The creation of the U.S. Cyber Command marked one of the major organizational changes for the U.S. military. Other changes include the adoption of cyber operational concepts and cyberdefense capabilities. The United States is pushing international cyber partnerships beyond traditional allies. |
Gen. Davis declines to offer details about the specifics of individual cyber partnerships. “A lot of these cyberspace topics are sensitive, and we don’t want to pre-empt their own government decision making, so we’ve decided to work with them and not to talk about it in public,” he says.
He adds that international cooperation on cyberprotection takes a number of forms, including sharing information about capabilities, warning each other about potential threats, sharing situational awareness and fielding more interoperable capabilities. “I would include, as part of that, joint training venues and exercises—everything from tabletop exercises to more sophisticated exercises. We have all of that going on with many international partners.”
The Defense Department has reorganized in recent years, creating the U.S. Cyber Command and a cyber component within each of the services. It also has put into place new concepts and capabilities for defending its networks. Now, the department seeks to help others do the same. Defense officials would like to extend their own changes—in organization, concepts and capabilities—where appropriate, to their partners in order to develop a collective defense capability. “That’s essentially what we’re after—collective defense,” Gen. Davis says.
He describes international cooperation on cyberstrategy as a dynamic area of activity. “You would probably be surprised at the pace and schedule of all those international engagements. It is a steady drumbeat of engaging bilaterally and multilaterally in a variety of forums,” the general asserts.
He stresses that international agreements are important, in part, because of the growing threat. “Verified by our intelligence capabilities, we see the scope, magnitude and number of intrusions growing both in size and sophistication. In the past, it used to be a relatively minor nuisance type of thing—denial-of-service attacks, botnets—those are disruptive capabilities. What we’re worried about now are the destructive capabilities that we know some threats are working on.”
Gen. Davis shies away from cyberspace analogies, such as “cyber Pearl Harbor” or “digital 9/11,” to describe potentially destructive attacks. He also disapproves of the phrase “cyberspace arms race” to describe U.S. spending on cyberdefense. “Because cyberspace has such unique characteristics to it, any analogies that we make tend to fall apart or become inaccurate at some point in time. So, I try to stay away from analogies because it will get you in trouble eventually,” Gen. Davis says. “I would put it in terms of a growing sense of urgency. We know our reliance on these technologies is growing in importance, and we know the threat is growing in size, scope and sophistication.”
With that growing threat in mind, Gen. Davis says, it is essential for the U.S. military to continue building international partnerships. “What’s at stake could be our ability to do our mission. That’s what I worry about. If we don’t get this right, and if we don’t do this with a sense of urgency, we could risk our ability to do our mission for the nation.”
WEB RESOURCES
International cyber partnerships: www.defense.gov/news/newsarticle.aspx?id=67889
U.S. Cyber Command: www.stratcom.mil/factsheets/cyber_command
