Cyber treaty not in the cards

Coordinator for Cyber Issues at the Department of State,  Christopher Painter.

Christopher Painter, coordinator for cyber issues at the State Department, wants to advance the principle of "self-restraint" in cyberspace.

The rapidity with which cyber technology changes makes any agreement on a broad treaty to establish cyber norms unlikely, according to the State Department’s cyber envoy.

"You often hear people say we need a treaty in cyberspace [and] I've said often I don’t know what a treaty is in cyberspace," Christopher Painter, the State Department’s coordinator for cyber issues, said at Georgetown University's International Conference on Cyber Engagement on April 27. "I don’t know who signs that treaty, I don’t know who the parties of that treaty are."

Painter is instead working on smaller measures to cultivate trust among nation-states in a field not given to transparency. The measures include exchanging points-of-contact and discussing cyber doctrine, Painter told FCW after his conference remarks.

"Let's not try to like rush into a treaty that would take years and we’re not really even sure what that’s about," he added. 

Though cyberspace has challenged traditional notions of sovereignty, the Internet has a physical backbone of infrastructure that lies within various nation-states. Even so, developing international norms in cyberspace has been a thorny process, given the myriad issues involved, from intellectual property to human rights. While Painter presented a succinct list of peacetime cyber principles at the conference, the U.S. government's approach to cyberspace is still evolving.

Painter recently returned from a multilateral cyber summit in The Hague, where he said one of the main outcomes was the establishment of the Global Forum on Cyber Expertise, a group created to help fight cyber crime, detect threats and protect privacy.

Following that agreement, Painter said he is looking to advance principles of "self-restraint" that nation-states can agree to during peacetime. Those principles include not conducting online activity that intentionally harms critical infrastructure, not preventing national computer emergency teams from responding to cyber incidents, and cooperating with international cyber investigations, Painter said.

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Cybersecurity
    cybersecurity (Rawpixel/

    CMMC clears key regulatory hurdle

    The White House approved an interim rule to mandate defense contractors prove they adhere to existing cybersecurity standards from the National Institute of Standards and Technology.

  • Comment
    cloud (Phaigraphic/

    A call for visionary investment

    Investing in IT modernization is not an either-or proposition, Rep. Connolly writes. This pandemic has presented Congress a choice: We can put our head in the sand and pretend these failures didn't happen, or we can take action to be prepared for the future.

Stay Connected