US faces new uphill battle in cyberspace

As developing countries begin to catch up with the technology wave and realize the potential the Internet offers, the U.S. will face a new set of challenges on the policy front, according to a State Department cyber official.

“Not every country around the world agrees with the way we view the Internet [and] the way we view communications infrastructure,” said Christopher Painter, State's coordinator for cyber issues. “We really want this multi-stakeholder approach where industry and government and others in the society  . . . think innovation and openness are the most important things on this platform.”

Painter, who was appointed to his current role in February 2011, delivered a keynote at the July 20 Defense & Security MOBILE Symposium held in Washington, D.C. His speech stressed the growing recognition that cybersecurity and related issues are becoming increasingly important around the world.

“I’d say the most dramatic change is . . .  a huge uptick in the threats in the number of years I’ve been doing this,” he said. “I’ve also seen a huge uptick in government and the private sector’s ability to address these threats – not perfect, by any means, yet, but it’s getting better.”

In September 2011, China, Russia and other nations proposed a United Nation-backed code of conduct for cyberspace that would grant governments tighter control over citizens’ Internet activity.

The document met harsh criticism from U.S. officials, including Vice President Joe Biden who said the proposal “would lead to a fragmented Internet, one that does not connect people but divides them; a stagnant cyberspace, not an innovative one, and ultimately a less secure cyberspace with less trust among nations. “

Authoritarian governments that have different views on what constitutes Internet freedom and rights pose challenges to U.S. policymaking, as well as those nations who use technology for surveillance on their citizens, said Painter, who previously served as a White House cybersecurity policy official .

All these challenges mean “it’s critically important that we need to plug into these various debates around the world,” Painter said.

“We have to make sure we drive this policy forward to have the result we want to have,” he continued. “We need to drive this international process . . .  it’s critically important to have this dialog with people who can see what the challenges are and what the practical issues are so we can be better prepared to go represent the U.S. in all these forums.”

Another major change Painter noted was the shift from cyber being just a techie issue; something a chief information security officer – rather than a CIO -- would focus on. Cyber is “now being seen much more as a policy issue,” he said. Technical people are still very important forming what the debate will be but senior policymakers need to be on board as well to push forward the issue, he said.

The international community is just waking up to recognize the cyber threat, Painter said, and domestically, new technologies merged with citizens’ daily lives and business practices shape “a rich environment that has lots of possible pitfalls that we have to be very cognizant of.”

Painter called for continued attention on cybersecurity that started with the Bush administration’s National Comprehensive Cybersecurity Initiative. The 2008 presidential directive spells out U.S. cybersecurity goals and spans several agencies including the Homeland Security Department, the National Security Agency and the Office of Management and Budget. 

Despite its well-intended focus on strengthening cybersecurity education and awareness, NCCI initially had difficulties gaining traction. Times have clearly changed since, Painter pointed out.

“Now I cannot imagine a situation where we wouldn’t pay attention to these issues,” he said. “Cybersecurity really has become not just the flash point that’s sexy to talk about, but it’s something that’s here to stay both at the mid levels and the high levels of government and the private sector.”