Cyberspace Cooperation

The Global Cooperation in Cyberspace Initiative seeks to reduce conflict, crime and other disruptions in cyberspace and promote stability, innovation and inclusion.

Learn More

Global Cooperation on Global Cyber Threats

Day 1: Global Cooperation on Global Cyber Threats

Seats were tough to find at the first day of the Eastwest Institute’s Second Worldwide Cybersecurity Summit in London, where more than 450 government, industry and technical leaders from 43 countries gathered to craft new solutions for threats facing our digital world.  Speakers called for cooperation between businesses, between governments, and across sectors.

“We need to be more open about discussing the threats and the issues around cybersecurity,” said Sir Michael Rake, Chairman, BT Group plc., in a keynote address.  “I think that it’s an area that will require huge investment and government-business cooperation.”

While speakers on the business panels pointed to a few examples of collaboration including an industry-government working group set up under British Prime Minister David Cameron to tackle cyber crime, they portrayed cooperation and information-sharing between competitors as all too rare.

“Companies actually underestimate the threats and quite often they don’t know what the real threats are,” said Natalya Kaspersky of leading anti-virus software provider Kaspersky Lab. “Even when they do, they tend to hide these facts.”

Other participants also pointed out that, to protect their reputations, companies often underreport the damage inflicted by cyber attacks.

“As our dependency on cyberspace grows, so does our need to be able to share information and act as a more united force against the cyber threat,” said Martin Sutherland, Managing Director of BAE Systems Detica, who estimated that cyber crime costs the private sector in the U.K. alone 21 billion pounds a year.

Shawn Henry of the FBI cast a positive light on recent international efforts to fight cyber crime, saying that the FBI arrested over 200 cyber criminals in 2010.  He explained, “Our ability to partner with many different countries allowed us to not only identify those actors but extradite them and bring them to justice.”

“No single country can deal with cross border issues such as hacking, viruses, or spam,” said Liu Xiaoming, China’s ambassador to the United Kingdom. “China stands for extensive international cooperation.”

The summit becomes interactive this afternoon, as participants gather in smaller breakthrough groups to discuss cooperative solutions for everything from securing the undersea cables that carry over 97% of internet traffic to ensuring emergency cooperation after disasters.

One breakthrough group will continue discussions between Chinese and U.S. experts on regulating spam – an ongoing bilateral process that has produced a major report, Fighting Spam to Build Trust.

In his opening remarks, EWI President John E. Mroz said that building trust is the key to cooperation – the kind of cooperation that produces concrete solutions.

“As we make progress in these relationships, we should face up to the fact that at both the national and international levels, there is a worrisome trust deficit between us—that is across professional disciplines—business, technology, law enforcement and policy,” said Mroz. “We have to address that.”

Day 2: EWI’S Cybersecurity Summit Advances Solutions for Digital Problems

On the second day of the EastWest Institute’s Second Worldwide Cybersecurity Summit in London, 450 private and public sector delegates advanced solutions to the complex problems facing our digital world.

Meeting in smaller “breakthrough groups,” participants hammered out next steps for everything from channeling emergency messages through congested networks, to securing global supply chains, to safeguarding the undersea cables that carry over 97% of Internet traffic.

“The technology is available – it’s not the impediment,” said the U.S. National Security Council’s former Acting Senior Director for Cyberspace Melissa Hathaway. “It's really that we need to move to collective action.”

What would that collective action look like? Several speakers called for business and technical experts to lead collaborative efforts with governments around the world.

EWI’s Chief Technology Officer Karl Rauscher applauded Huawei’s Chief Technology Officer Matt Bross’s personal commitment to champion the exploration of deploying international priority communications on all appropriate network systems.

“This would be one of the most dramatic examples of a proactive private sector initiative to save lives and property in future catastrophes,” said Rauscher.

Scott Charney, Microsoft’s Corporate Vice President for Trustworthy Computer, said to help counter global cyber threats, businesses need to ensure the transparency of IT product development and transport, adding, “We need a sensitive risk-based approach to help governments grapple with supply-chain concerns.”

Speakers on topics ranging from fighting cyber crime to protecting children online pointed out that cybersecurity challenges are borderless challenges.

Lt. General (Ret.) Harry D. Raduege, Jr., Chairman of the Deloitte Center for Cyber Innovation, shared a revelation he had during a trip to India.

“Isn’t our own homeland security dependent on India’s homeland security and their cybersecurity?” said Raduege. “These things are becoming interrelated as we gain more dependence on cyberspace.”

Panelists also discussed plans for EWI’s Third Cybersecurity Summit, to be held in Delhi in October 2012, and ongoing collaborations in between.  

“I’d like to see us create a working group which talks about cybersecurity espionage and cyber conflict in a big way,” said Dr. Kamlesh Bajaj, Chief Executive Officer of the Data Security Council of India. “Cybersecurity is now intertwined with international security, and you can't divorce it from that.”

Summit Coverage Highlights

Click here for the full list of media coverage higlights.

CBS News

Reuters

Financial Times

Sky News

Computer Weekly

InfoSecurity Magazine

Melissa Hathaway on WNYC's "The Takeaway"

Lt. Gen. Harry D. Raduege, Jr. on BBC's "The Takeaway"

Young People for Cybersecurity

On May 31, the EastWest Institute held the International Youth Congress on Digital Citizenship in London, bringing together dozens of young people with government, business and technical leaders to discuss solutions to universal Internet woes.

At the event, local students participating in Global Cyber Ambassadors for Peace (GCAP), a collaboration with UNESCO and the E-World-Wide Group, spoke about problems ranging from distracting pop-up ads to serious risks posed by pedophiles on social networking sites.

“The Internet allows a rapid and widespread distribution of false and misleading information,” Muaaz Patel, 14, pointed out.

Young people should take a leading role in developing and solving problems associated with broadband applications, as they often know more about them than their parents, said Secretary-General of the International Telecommunication Union Hamadoun Touré in his keynote address. He added, “Young people will be expected to help shoulder the responsibility for transforming the Wild Wild West of the online world into a civil society.”

GCAP students and participating Girl Scouts suggested practical solutions for self-protection online and guidelines for respectful behavior, including exercising caution in sharing passwords, posting photographs and disclosing addresses and other personal information.

Participants also explored the particular problems faced by youth in the developing world, where Internet availability is still lagging and education in “digital literacy” also has to catch up.  One panel considered the complexities of the Internet as a tool for social change.

“Technology is allowing people to participate in a democratic platform in a way that was never before possible,” said Mark Belinsky of Digital Democracy. Still, he said, technology cuts both ways, as demonstrated by the jailing of a prominent digital activist in Egypt during the protests there.

Participants will consider these issues and more in smaller “classroom” discussions this afternoon.

The Youth Congress grew out of EWI’s Worldwide Cybersecurity Initiative, which works across borders and boundaries to secure the world’s digital infrastructure.

“It is essential to include young people in discussions around these issues and recognize that they too have a key role in securing the digital economy,” said EWI Co-Chairman Francis Finlay.

The Youth Congress’s main recommendations will be shared at the Second Worldwide Cybersecurity Summit in London on June 1-2.

Click here for coverage on the work of Digital Citizenship Founder John Kluge, Jr.

EWI's Second Worldwide Cybersecurity Summit

On June 1-2, the EastWest Institute will host the Second Worldwide Cybersecurity Summit in London. Carrying on the work of EWI’s First Cybersecurity Summit in Dallas last May, 400 industry, government and technical experts from around the world will forge practical solutions for protecting cyberspace.

“Cyber challenges are by definition global and therefore require a global approach,” says EWI President John Mroz. Mroz adds that businesses should take a guiding role in joint initiatives with governments, and help achieve international cooperation on cybersecurity.

Sir Michael Rake, Chairman BT Group plc, and first U.S. Homeland Security Secretary Tom Ridge, President & CEO of Ridge Global and Senior Advisor to Deloitte LLP, will deliver the summit’s keynote addresses.

Other key speakers and panelists will include: Scott Charney of Microsoft; Lt. General Harry D. Raduege, Jr. (USAF ret.) Chairman, Deloitte Center for Cyber InnovationNatalya Kaspersky of Kaspersky Lab; former U.S. Homeland Security Secretary Michael Chertoff, Chertoff Group; Matthew Kirk of Vodafone; Martin Sutherland of BAE Systems Detica; and Kamlesh Bajaj of the Data Security Council of India.

While the panels will provide valuable insights, much of the work of the summit will be accomplished by “breakthrough groups” – small, international groups of experts each dedicated to solving a specific cybersecurity problem.

One working group will explore how to protect the undersea cables that carry 97% of Internet traffic and another will look for ways to ensure emergency communications after disasters.  Several groups will continue ongoing EWI-led bilateral processes, including U.S.-China talks on regulating spam and U.S.-Russia talks on forging “rules of the road” for cyberspace.

As a highlight, award-winning journalist Misha Glenny, author of the forthcoming book Dark Market: Cyberthieves, Cybercops and You, will be the luncheon speaker on the first day of the summit. Participants are also invite to a media breakfast on the first day  led by Financial Times Contributing Editor John Lloyd.

To address the unique cybersecurity challenges faced by children, EWI will hold the International Youth Congress on Digital Citizenship on May 31, preceding the summit. Former U.S. Federal Communications Commissioner Deborah Taylor Tate will give opening remarks, and participants will include youth cybersecurity groups from Lebanon to Nigeria to the UAE.

EWI will be tweeting about the summit under #cybersummit

India: Stepping Up to the Cyber Challenges

On April 20, 2011 in New Delhi, the EastWest Institute and the Federation of Indian Chambers of Commerce and Industry co-hosted a seminar entitled “India and the United States–Pathways to International Collaboration on Cybersecurity.” Senior private sector and government representatives emphasized the need for India to intensify its focus on cybersecurity issues—and to promote more international cooperation. According to Latha Reddy, the Deputy National Security Advisor of India, the government is  already doing exactly that. “India believes that access to Air, Sea, Space and Cyberspace domains are vital for security and economic prosperity of all nations,” she told participants. “We have launched dialogue with international partners to work together to develop a shared vision for these critical domains to promote peace, development and security.”

While the Indian government is clearly trying to demonstrate its commitment to working with other countries on cybersecurity, the fast-paced digitalization of the subcontinent is producing new problems—most notably, a sharp rise in cyber attacks and cyber crime. Along with the United States, India now ranks as one of the top five contributors to spam internationally. Since spam often carries malicious code, this is a matter of major concern—and many cyber experts fear that India’s spam production will rise dramatically in the near future. 

One of the greatest challenges is how to provide tutorials and antivirus software for computer maintenance in each of India’s multiple main languages. Reddy cited the lack of consumer awareness as a major factor in the country’s increasing problems with botnets, which can threaten economic development. Botnet operators understand the vulnerabilities of the country’s rapidly developing regions and target them. As a result, India already ranks first in the world with the most botted hosts (around 16 %). Reddy appealed to other countries to share best practices in this area, and urged the development of a more efficient cyber incident response mechanism to potentially catastrophic cyber attacks.

Digitalization has been a key ingredient in India’s spectacular economic rise over the last two decades, but the public sector is still struggling to implement a comprehensive approach to cybersecurity, despite the publication of a first draft of a national cyberspace policy in April 2011. And cooperation and partnerships between the private and public sectors on cybersecurity are still in their infancies. On the international level, India is now involved in a number of international forums such as the United Nations Group of Governmental Experts, the Council for Security Cooperation in the Asia-Pacific, and the UN Commission on crime prevention and criminal justice.  

“There is a tremendous opportunity to leapfrog many of the problems we face in cybersecurity through increased international cooperation,” said Shri R. Chandrasekhar, Secretary of the Department of Telecommunications within the Ministry of Communications and Information Technology. “There is a great risk that the openness and inclusiveness of the international economic system might soon be a thing of the past if we do not find ways to reduce uncertainty.”  
The relationship of two cyber superpowers, the United States and India, is of pivotal importance. Mary Tarnowka, Deputy Counselor for Economic Affairs and Environment, Science, and Technology from the U.S. Embassy in Delhi, listed some of the initiatives where India and the United States are currently collaborating in the field of cybersecurity. They include a joint study of the U.S. Federal Information Security Management Act by the U.S. National Institute of Standards and Technology and the Indian Department of Information Technology:  the U.S.-India Information and Communications Technology dialogue focused on increasing economic growth, trade, and investment in the ICT sector; and the U.S.-India Trade Policy Forum, which seeks to enhance trade in ICT services and goods while also addressing related cybersecurity issues.  

The second part of the EWI-FICCI seminar focused on the reliability of the global undersea cable critical infrastructure and finding better solutions for timely undersea cable repairs for enhancing network availability. Undersea cables carry over 95 percent of the world’s telecommunications and internet traffic, critical to commerce. The Indian National Security Council has tasked the EastWest Institute to further explore this critical issue with its Indian partners—the Federation of Indian Chambers of Commerce and Industry (FICCI), the National Association of Software and Services Companies (NASSCOM), and the Data Security Council of India (DSCI).  This is part of a broader push to implement the recommendations of the 2010 IEEE-EWI Report on the Reliability of Global Undersea Communications Cable Infrastructure (ROGUCCI).  A representative of the International Cable Protection Committee (ICPC), which has taken the lead in implementing several of the recommendations, also participated in this session. 

“India is rapidly becoming one of the most critical players in the global cybersecurity arena,” concluded EastWest Institute President John Mroz. “EWI is particularly pleased to be able to facilitate highly productive sessions such as this where representatives from both the private and the public sectors can work closely with their counterparts in the United States and elsewhere to promote best practices on cybersecurity.”

Click here to learn more about the Second Worldwide Cybersecurity Summit in London

Educating and Protecting Young Digital Citizens

On April 4, 2011, the EastWest Institute hosted the International Youth and Technology Forum in partnership with Columbia University, where the event was held. It brought together everyone from cybersecurity experts and activists to government representatives and Girl Scouts to lay the groundwork for a new alliance aimed to protect – and empower – kids and teenagers in our digital world.

Dominique Napolitano, a fifteen year-old Long Island Girl Scout who has testified before the U.S. House of Representatives, described the new risks kids face online, from “sexting” to cyber bullying.

“We need to empower youth to take this problem into our own hands and find solutions that will work for us,” said Napolitano, stressing the need for early education on cybersecurity.

The call for education resonated throughout the day, as did the call for people of all ages to become better “digital citizens,” capable of applying real-world knowledge, ethics and personal responsibility to cyberspace.

“With industry leading the way, it’s clear that all of us need to work together to create a global culture of responsibility offline as well as online,” said EWI’s John Kluge, Jr., who organized the forum.

James Lyne, Director of Technology Safety at Sophos, warned that cyber criminals fueled by organized crime are “winning the battle for the internet,” deploying about 95,000 bits of malicious code to threaten consumers each day.

“We have to modernize our best practices and update our awareness,” said Lyne in his keynote address.  The goal, he added, would be to deliver a message to the criminals: “It’s our internet and they can’t have it.”

 

The spread of computers is connecting previously isolated societies, but it also compounds the challenges of keeping youth safe online, particularly when children learn to use the internet before their parents.  A documentary film clip screened by Michael Kleiman of Righteous Pictures focused on Peruvian children who received laptops from the One Laptop Foundation; Salma Abbasi, Chairperson and CEO of E-Worldwide Group, described her experiences with Pakistani children. She also urged young people everywhere to help develop a new code of conduct for the internet.

Young activists using the internet to organize for political change in countries like Egypt face real risk from government crackdowns, especially when social networking sites fail to protect their identities.

Mark Belinsky, the President and Founder of Digital Democracy, urged social networking sites to do a better job of ensuring users’ privacy and security.

Even in democratic societies, several speakers noted, governments and citizens need to pressure companies to better protect online privacy and safety.

“It has to be a multi-pronged approach,” said Jacqueline Beauchere, Director of Trustworthy Computing, a Microsoft initiative for online privacy and safety.

Diana Pentecost, AOL’s Program Director for Consumer Policy and Child Safety, agreed that the effort to keep users safe online must be inclusive, saying, “Everyone has to talk with everyone else.”

Engaging a range of industry, government and technical experts is at the heart of EWI’s Worldwide Cybersecurity Initiative, which regularly brings together leaders from the Cyber40, the world’s most digitally-advanced nations.

The International Youth and Technology Forum grew out of a working group aimed at protecting youth online at EWI’s first Worldwide Security Summit in Dallas in May 2010; participants include AOL, Common Sense Media, the iKeepSafe Alliance,UNICEF, Movements.org, and others. On May 31, 2011 in London, EWI’s first International Youth Congress on Digital Safety and Citizenship, which will include many forum participants, will precede EWI’s Second Worldwide Cybersecurity Summit (June 1-2).

“The EastWest Institute may be one of the first organizations who have really recognized that child online safety plays such a large role in our worldwide cybersecurity,” said former FCC Commissioner Deborah Tate.

According to EWI President John Mroz, “Youth protection can bring people together, because it’s a critical issue everywhere.”

Click here for full list of speakers

Click here to learn more about the Second Worldwide Cybersecurity Summit in London

China’s Cybersecurity and Pre-emptive Cyber War

In a 2010 White Paper, China reaffirmed its earlier international commitments to collaborate internationally for cybersecurity. China’s strongest commitments on cybersecurity came in the 2003 UN General Assembly Resolution 57/239 on “Creation of a global culture of cybersecurity” and in the 2003 Geneva Declaration of Principles of the World Summit on the Information Society. There were earlier resolutions beginning in 1999 on the implications for international security and 2001 on combating criminal misuse of information technologies.
 

Examples of such commitments can also be found in the 2009 ASEAN-China framework agreement on network and information security emergency response and the 2009 agreement within the Shanghai Cooperation Organization on information security.  In July 2006, the ASEAN Regional Forum (ARF), which included China, issued a statement that its members should implement cybercrime and cybersecurity laws “in accordance with their national conditions and by referring to relevant international instruments”.

The ARF has also called on its members to collaborate in addressing criminal, including terrorist, misuse of cyber space.  China Japan, Korea have agreed a work plan that “includes projects on network and information security policies and mechanisms, joint response to cyber attacks (including hacking and viruses), information exchange on online privacy protection information, and creation of a Working Group to promote this cooperation” The APEC Working Group on Telecommunications agreed an action plan for 2010-2015 that included “fostering a safe and trusted ICT environment”, the security of networked systems, sharing of best practice approaches, joint technical cooperation, and cybersecurity awareness initiatives. The plan commits members to work with industry. In January 2011, the United States and China committed for the first time at head of state level to work together on a bilateral basis on issues of cybersecurity.

China is clearly on an institutional pathway of collaboration for cybersecurity. So what are the challenges? As the CEO of McAfee, Dave DeWalt noted in January 2010, some 20 countries seemed to be involved in a cyber arms race. He cited a survey commissioned by McAfee of around 600 IT executives worldwide which showed that 60 per cent believed that most attacks were government-initiated, with roughly equal numbers (36 and 33 per cent) seeing the United States and China as the main villains. But as the McAfee poll result suggests, the biggest challenges may not be just inside China itself. We are all familiar with the political and social situation in China. That presents a large enough set of problems for international collaboration from the perspective of countries like the United States.
 
This was made plain by the United States Secretary of State, Hillary Clinton, on 15 February this year in a famous speech on internet freedom. At the same time, the United States for its part may have not laid a very positive foundation for better international collaboration. As observed in a famous 1996 article in Foreign Affairs by Professor Joe Nye and Admiral William Owens, “The information technologies driving America's emerging military capabilities may change classic deterrence theory.” The United States went on to develop information dominance of the battlefield as a fundamental part of its military strategy. It was quite within its rights to do so. But events since 1996 have shown how profoundly this change of strategy did shift the calculus of deterrence between China and the United States.

The question to pose is how much does the American cyberwar doctrine, essentially a pre-emptive doctrine of “strategic strike in milliseconds”, contribute to China’s current patterns of cyber espionage and cyber operations internationally. If pre-emptive war is not credited much legitimacy in the world at large, then perhaps it is time to understand how a United States doctrine of pre-emptive cyber war may be driving Chinese responses -- and vice versa.

Click here to read Austin's piece in New Europe

E-Postcard from Tokyo

On a beautiful spring day in downtown Tokyo, it is hard to process the sense of threat that Japan’s government feels on occasions about its strategic environment. North Korea has nuclear weapons and has twice mounted conventional force attacks on South Korean targets in the last year. China’s navy has been more visible in contested ocean waters, and around a disputed island territory, as it pursues a defense modernization unfaltering since 1978. Japanese sources talk of a more aggressive faction in the Chinese navy that the Communist Party leadership works hard to constrain. Russia has just installed new anti-ship missiles on the disputed Northern Territories. Rising oil prices put pressure on Japan’s already enfeebled economy. And it faces escalating cyber attacks.

The sense of alarm can only have been heightened when, this past week, the United States Secretary of State, Hillary Clinton, invoked the United States Congress to "put aside the humanitarian, do-good side of what we believe in.” She said, “Let's just talk straight realpolitik. We are in competition with China." While this is not news to the Japanese government, their sense of heightened alarm will come from an understanding of the way China’s leaders will react to the Clinton statement. It represents a fundamental abandonment of the soft rhetoric that the United States kept up for more than two years in the run-up to the state visit of China’s President Hu Jintao in January this year. The neo-cons in Washington, who spent so much effort in the first Bush Administration to compete with China in realpolitik terms, will be smiling.
The United States has hardened its position on China because of the latter’s growing cyber warfare and space capabilities. "Advances by the Chinese military in cyber and anti-satellite warfare pose a potential challenge to the ability of our forces to operate and communicate in this part of the Pacific," Defense Secretary Robert Gates told a Japanese audience on 13 January in Tokyo.

That anodyne statement brings out into the open the growing mistrust of China in the United States because of its relentless cyber operations against American targets.
Japan and the United States have formalized a cyber alliance which, according to one source, commits both sides to renouncing cyber operations against the other. If true, and it may not be, this would be a significant first in international relations. Japan’s 2010 Defense Guidelines elevate cyber warfare capabilities to a new level. In a white paper issued in May 2010 by the Information Security Policy Council, Japan made plain its need to prepare for cyber war directed at its critical infrastructure.

One reference point for Japan’s heightened concern is a series of coordinated attacks on its allies in 2009. According to Professor Motohiro Tsuchiya: “In 2009, massive scale of cyber attacks was recorded in the U.S. and South Korea, including the Department of Defense (DOD), the U.S. Congress, the Treasury, the Department of Homeland Security (DHS), Federal Trade Commission (FTC), New York Stock Exchange (NYSE), Washington Post, among others.”

The right response to cyber threats of any kind, according to Professor Eva Vincze of George Washington University, has many levels. Affirming that technology by itself is insufficient, and emphasizing the human factor, she calls for international consultations with stakeholders with a view to improving communication based on span trust.

So where does that leave Japan? It must work, as other countries are also now realizing, to mount a diplomacy of cyber security, or cyber diplomacy. This will need to engage the countries, like China, North Korea and Russia, that Japan mistrusts most. Japan will need to construct a cyber arms control agenda, including confidence building measures, with its neighbors.

Click here to read Austin's piece in New Europe

Pages

Subscribe to RSS - Cyberspace Cooperation