Rep. Mike McCaul (R-Texas), the chairman of the House Homeland Security Committee, has introduced a bill mandating a State Department report on its 2011 International Strategy for Cyberspace.
The 2011 strategy laid out in general terms how the United States would promote cooperation and reduce risk in cyberspace, develop norms around cyber conduct, and coordinate national-level responses to international incidents. But in the intervening years, as the Obama administration has confronted cybertheft from China and cyberattacks from Russia and North Korea, the State Department has said little about its progress in implementing the report’s goals.
McCaul’s bill, the International Cyber Policy Oversight Act of 2015, would require the department to outline the steps it has taken to “promote an open, interoperable, secure, and reliable information and communications infrastructure,” as the 2011 document proposed. It would also require State to draft a blueprint for future diplomatic efforts, summarize the cyber activities of other key nations, assess the various cyber threats to U.S. national security, and explain what “policy tools” the executive branch can draw upon to combat and deter them.
The report would be due within 90 days of the bill’s enactment.
The State Department, through the Office of the Coordinator for Cyber Issues, helps other countries build the infrastructure to guard against cyberattacks and track down online criminals. The office also establishes channels of communication with other states to reduce the risk of a misunderstanding leading to cyber conflict. These “confidence-building measures” mirror similar channels between the United States and Russia during the Cold War.
“We are obviously working on the development of norms, an affirmation of norms of responsible state behavior, and on collaborative confidence-building measures such as developing points of contact in order to be able to manage a major incident,” Deputy Coordinator Michele Markoff told the Daily Dot in August.
Cybersecurity has gained prominence as a foreign-policy issue as hackers, working alone or with state backing, have penetrated America’s vulnerable networks, from government computers at the Office of Personnel Management (OPM) to the email accounts of studio executives at Sony Pictures Entertainment. Hawkish lawmakers have repeatedly pressed the Obama administration to be more forceful in responding to these attacks. Others in Congress simply want clearer rules for what actions are permissible.
The United States and China recently agreed to new diplomatic engagement in cyberspace and a new process for jointly combating cybercrime. The deal followed reports that the Treasury Department was preparing a new round of sanctions on Chinese individuals and businesses engaged in cybertheft. Experts remain skeptical that Chinese President Xi Jinping will be able to convince his government—which encourages and significantly benefits from online intellectual-property theft—to honor the accord.
Although the threat of a full-scale “cyberwar” is often vastly overstated, the international legal landscape is murky with respect to cyber conduct, and that has allowed actors with a wide range of motivations to test the waters. Nations with poor governance and porous computer networks, particularly in developing regions like Africa, become havens for cybercrime, and hackers in other countries frequently route their operations through those regions, making them more difficult to trace.
The United Nations is working on cyber norms, but as with most other U.N. efforts, progress has been slow. In the most significant development to date, a group of experts—including representatives from China and Russia—agreed in June 2013 that international law applies to cyberspace.
H/T Politico | Illustration by Jason Reed