White House Sets Global Cybersecurity Strategy

The Obama administration today made it clear that it sees the fight against cybercrime and cyberattacks as a global effort that requires international cooperation in defining the norms of online behavior and consistently enforcing unlawful activities.

National cybersecurity coordinator Howard Schmidt -- along with Homeland Security Adviser John Brennan, Secretary of State Hillary Clinton, Attorney General Eric Holder, Secretary of Commerce Gary Locke, Secretary of Homeland Security Janet Napolitano, and Deputy Secretary of Defense Bill Lynn -- today unveiled the U.S.'s first-ever international strategy for cybersecurity and cyberspace.

"The International Strategy is a historic policy document for the 21st Century -- one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world," Schmidt said in a blog post announcing the document.

The new policy comes on the heels of the administration's proposed new cybersecurity legislation that would improve the protection of critical infrastructure, expand the sharing of security data, and impose national requirements for disclosing breaches.

President Obama's precedent-setting international cyberspace policy spells out the U.S.'s plan to reach out to other nations to help better secure and protect the Internet from cybercrime, cyberespionage, and cyberattacks, while maintaining the fundamental free flow of information and preserving user privacy.

The document "sets an agenda for partnering with other nations and peoples to achieve that vision," Schmidt blogged. "It begins by recognizing the successes networked technologies have brought us, in large part due to the spirit of freedom and innovation that has characterized the Internet from its early days as a research project. While the strategy is realistic about the challenges we face, it nonetheless emphasizes that our policies must continue to be grounded in our core principles of fundamental freedoms, privacy, and the free flow of information."

Jeff Moss, vice president and CSO of the Internet Corporation for Assigned Names and Numbers (ICANN), says the document represents a Magna Carta of sorts for the Internet. "This is what the U.S. believes in—the freedom to connect, and what it could mean," says Moss, who is also the founder of Black Hat. "In the last year, I've been saying we need the equivalent of a Magna Carta ... everyone can disagree or have different interpretations of it, but at least we can have a starting point for future discussions."

The "International Strategy For Cyberspace: Prosperity, Security, and Openness in a Networked World" policy document also makes it clear that, when necessary, the U.S. will defend itself from cyberattacks, including drawing on its military might.

"When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners," the document says. "We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible."

The document also calls out cyberespionage as an area where the U.S. would protect its interests.

"Cyberspace can be used to steal an unprecedented volume of information from businesses, universities, and government agencies; such stolen information and technology can equal billions of dollars of lost value … The persistent theft of intellectual property, whether by criminals, foreign firms, or state actors working on their behalf, can erode competitiveness in the global economy, and businesses' opportunities to innovate," the document says. "The United States will take measures to identify and respond to such actions to help build an international environment that recognizes such acts as unlawful and impermissible, and hold such actors accountable."

In addition, the White House called for law enforcement agencies worldwide to share information, team up where possible, and follow due process as outlined in the Budapest Convention on Cybercrime.

"When cybersecurity incidents demand government action, officials can detect those threats early and share data in real-time to mitigate the spread of malware or minimize the impact of a major disruption—all while preserving the broader free flow of information. When a crime is committed internationally, law enforcement agencies are able to collaborate to safeguard and share evidence and bring individuals to justice," the document says.

The document also calls for the international community to develop norms for how states interact in cyberspace in order to identify unacceptable behavior. "In other spheres of international relations, shared understandings about acceptable behavior have enhanced stability and provided a basis for international action when corrective measures are required.Adherence to such norms brings predictability to state conduct, helping prevent the misunderstandings that could lead to conflict," the document says.

Meanwhile, U.S. Senator Kirsten Gillibrand (D-NY) said in a statement today that she and other Senate members will introduce bipartisan legislation in support of the president's cybersecurity policy. "I am encouraged the Administration is taking the growing international cyber threat seriously. Now it is time for Congress to come together and pass bipartisan legislation to address this national security imperative, " Gillibrand said in a statement. “In order to safeguard our nation’s economy and high-tech infrastructure, we must be able to defend against cyber threats from around the world. This must be a top priority for our national security and our economy. We must go after cyber criminals wherever they are – and it must be an international effort.”

The White House policy paper is available here for download (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.