Foreword

Cybersecurity looms as the 21st century’s most vexing security challenge. The global digital economy hinges on a fragile system of undersea cables and private-sector-led partnerships, while the most sophisticated military command and control systems can be interfered with by non-state as well as state actors. Technology continues to race ahead of the ability of policy and legal communities to keep up. Yet international cooperation remains stubbornly difficult, both among governments as well as between them and the private sector—the natural leaders in everything cyber. In 2007, the International Telecommunication Union (ITU) set up a High-Level Experts Group to try to address the problem but progress is slow. The European Union and Asia-Pacific Economic Cooperation (APEC) are working at the regional level. But it has only been in the past six months that public consciousness has started to grasp the scope and significance of the cybersecurity challenge. Pushed by a spate of revelations about cyber attacks worldwide, the media and key elites now seem to get it: cybersecurity is a fundamental problem that must be addressed across traditional boundaries and borders by the private and public sectors in new and cooperative ways.

Three years ago, the EastWest Institute used its Strategic Dialogue team from the United States led by General (ret.) James Jones and EWI President John Edwin Mroz to challenge senior Chinese and Russian leaders to begin the process of promoting international cooperation to meet cybersecurity challenges. The responses have been favorable and practical in both cases. Since then, we have engaged not just the Chinese and the Russians but also a broader array of “Cyber40” countries—the members of the G20 plus other countries who are key players in the cyber arena—to tackle together issues of cybersecurity. There was an immediate recognition of the lack of awareness of what is involved in protecting cyberspace. This quickly moved to a push for practical solutions that transcend national borders.

In early 2009, these cybersecurity efforts came together in the form of EWI’s Worldwide Cybersecurity Initiative. Its purpose is to work across borders to catalyze more rapid and effective responses to cybersecurity challenges identified by industry, governments and international organizations as well as civil society. There’s growing recognition—and mounting concern—about the vulnerabilities of today’s digital infrastructure, whether it’s international financial systems or critical government services. There are also growing dangers posed by criminal and terrorist groups, and the very real risks of cyber warfare, including attacks on states by non-state actors. As a result, top industry and government officials agree on the urgent need for bold new measures to ensure the secure functioning of the cyber dimension that underpins all of our lives in this century.

For this policy paper, EWI asked top cyber experts in five countries—China, the U.S., Russia, India, and Norway—to present their vision of what is needed to build an effective system of cyber deterrence. It is a first step in the process of building trust on tackling cybersecurity challenges—listening, understanding and probing the views, interests and concerns of key players in the global system. The EastWest Institute is not endorsing any of these proposals or taking a position on them. We strongly believe that it is vital for everyone involved in the cybersecurity debate to understand the differing perceptions, concerns and suggested solutions that are emanating from different parts of the globe. This is also a vital first step in the effort to find common ground for joint actions that are so desperately needed.

These essays will help stimulate discussions at EWI’s First Worldwide Cybersecurity Summit in Dallas from May 3 to 5, 2010, which will convene hundreds of international business leaders, technical experts, policy elites and national security officials. Building on earlier EWI consultations, most recently at the Worldwide Security Conference in Brussels in February 2010, we will seek to identify common problems and suggest breakthroughs and new agreements in critical sectors. We cannot allow the technological advances to continue outpacing common sense cybersecurity measures. It is time for the world to confront the challenges of our digital age. Comments and alternative views are warmly welcomed by the EWI cybersecurity team.