The State Department on Thursday announced its vision for U.S. cyberspace policy based on articulated deterrents to criminal cyberattacks, protection of an open Internet, and international engagement and collaboration to achieve those goals, according to the summaries of two reports to President Trump authorized by the Cyber Executive Order (EO) of May 2017.
“To achieve the stability necessary to maintain and promote the U.S. vision for an ‘open, interoperable, reliable, and secure internet,’ the United States and its likeminded partners must be able to deter destabilizing state conduct in cyberspace,” the State Department’s Office of the Coordinator for Cyber Issues wrote.
The first report, centered on the idea of creating deterrents, notes the difficulty in establishing culpability in state-sponsored and non-state cyber attacks, and discusses how the United States can open the playbook to responses that go beyond traditional shows of force.
“Efforts to deter state and non-state actors alike are hindered by the fact that, despite significant public and private investments in cybersecurity, finding and exploiting cyber vulnerabilities remains relatively easy,” the report states. “This report proposes developing a broader menu of consequences that the United States can swiftly impose following a significant cyber incident, and taking steps to help resolve attribution and policy challenges that limit U.S. flexibility to act.”
The report suggests placing “cost impositions” on foreign adversaries, “increasing the operational cost and complexity for non-state actors to achieve their goals, including through efforts to prevent and disrupt access to malicious cyber capabilities,” and using nation-state coalitions to jointly coordinate response to attacks.
It goes on to outline the need for a broad policy detailing what types of actions warrant response, and the agency and state-level steps that can be taken to deliver that response.
The second report discusses the U.S. imperative to an “uphold an open and interoperable Internet where human rights are protected and freely exercised and where cross-border data flows are preserved.”
“Some states have come to view the open Internet and the multi-stakeholder approach to governing it that the United States and many like-minded countries support, as threats to their domestic stability and means to protect established Western interests,” the report says. “These states seek intergovernmental regulation of cyberspace to diminish the role of stakeholders, and potentially fragment the Internet over issues such as censorship and flow of data.”
It goes on to describe a vision of an internationally-developed policy where appropriate governance of the Internet is established through state and industry stakeholders and supports innovation and a competitive marketplace.
The State Department reports come on the heels of several reports to the President commissioned through the Cyber EO and released to the public this week. The others tackled issues of the cybersecurity workforce shortage, significant gaps in Federal agencies’ cybersecurity programs, and the increasing threat from botnets in the Internet of Things era.