Cyberspace has become a critical component of business and government everywhere. Both the public and private sectors now need a reliable and predictable digital environment to thrive. While it is clear that the Internet creates enormous economic and social benefits, this global marketplace can at times be perilous. Organizations are increasingly aware of cyber risks, driven by widely reported attacks on corporations and government agencies. As a result, most actors today take cybersecurity seriously and work hard to reduce those risks.
However, the Internet has little respect for boundaries. Enhancing cybersecurity and combating cybercrime require engagement and cooperation by a variety of participants: among nations, across companies, and between government and the private sector. Indeed, many challenges in cyberspace can only be addressed through such a multi-stakeholder framework.
The global nature of the information and communications technology (ICT) marketplace lies at the heart of this conundrum. The ICT industry leverages resources—cyber, physical, and human—from around the world, creating better products and driving down costs.
Unfortunately, a growing number of countries are starting to favor domestic sources of ICT supply under the banner of cyber or national security. Ironically, such moves can actually increase security risks, as the most innovative and secure products will make full use of the best talents, ideas, and resources available, irrespective of the jurisdiction they are in.
A better approach would involve technology purchases based on fact-driven, risk-informed, and transparent requirements that assure the security of a product or service throughout its lifecycle. Such requirements would enable buyers to make informed decisions about cyber risk irrespective of where the ICT was produced. To be effective, however, there needs to be some level of international standardization on those requirements, which requires public-private cooperation on a global basis.
The undersigned companies hope that the forthcoming EastWest Institute’s sixth annual Global Cooperation in Cyberspace Summit will allow us to begin to take concrete steps towards that goal. Taking place in New York, with multi-stakeholder participation from over 40 countries, the summit aims to drive agreement on the most pressing issues we face in this space today, including:
- How can law enforcement and Internet companies work together to break up international cybercrime syndicates?
- What can companies that deliver critical services like electricity and finance do to manage cyber risks to their operations?
- How can confidentiality of business and personal information be balanced with law enforcement’s need for access to unencrypted data under widely varying legal regimes?
- What limits should be placed on governments’ creation and use of cyber weapons?
- Who should be responsible for the long-term governance of the Internet, a global resource?