I believe many readers would agree that cyber threats are one of the more significant issues facing our nation’s businesses and governments today. Earlier this month, I attended the EastWest Institute’s (EWI) Worldwide Cybersecurity Summit in London.
Perspectives coming out of the EastWest Institute’s global cyber security summit in London
EWI is a global think tank that has organized a series of meetings to help address the pressing issue of international cybersecurity cooperation. The London Summit was attended by government representatives from 47 countries, as well as a significant number of business and technology leaders.
For me, the important insights that emerged from the London Summit were the potential cyber threats that could impact state and local governments. Many vital citizen services are provided online and international cyber intrusions can compromise the security of these networks. Still there are significant challenges that need to be addressed in order to develop the multilateral agreements and the policies that need to be in place to ameliorate the cyber risks. This issue is not new. Two years ago in Beijing I attended meetings organized by the East/West Institute that addressed the issue of cyber threats. A preliminary agreement was reached at that time, to support multilateral cybersecurity negotiations around several agreed upon topics. The U.S., China, India, Russia and NATO were also ultimately parties to that agreement.
The discussions around protecting critical government services in cyberspace that emerged from the Beijing discussions became the platform for a preliminary interchange on the issue at the first EWI Worldwide Cybersecurity Summit held in Dallas in 2010. It was developed further this year at the 2011 EWI Summit in London.
In addition to the Summits, EWI working groups continue their work throughout the year, to try to hammer out recommendations that set the stage for international cyber cooperation to move forward. Earlier this year U.S./Russia bilateral negotiations on political infrastructure protection took place under the sponsorship of the EWI. The following five major recommendations emerged from that working group:
- Russia and the U.S., along with other willing parties, should conduct an evaluation of the present state of the intermingling of protected, humanitarian critical infrastructure with non-protected infrastructures in order to determine whether existing Convention and Protocol articulation is sufficient and whether significant detangling of essential humanitarian critical infrastructures is feasible.
- Russia and the U.S., along with other willing parties, should conduct a joint assessment of the benefit and feasibility of special markers for zones in cyberspace that can be used to designate humanitarian interests protected by the Conventions and Protocols of War.
- Russia, the U.S. and other interested parties, should assess how best to accommodate Convention principles with the new reality that cyber warriors may be non-state actors.
- Russia, the U.S. and other interested parties, should conduct a joint analysis of the attributes of cyber weapons in order to determine if there are attributes analogous to weapons previously banned by the Geneva Protocol.
- Russia and the U.S., along with other willing parties, should explore the value of recognizing a third, ‘other-than-war’ mode in order to clarify the application of existing Conventions and Protocols.
With these US/Russia recommendations as the foundation, one of the objectives of the London Summit was to define approaches to protect critical government services for our citizens. The protections are critical because of the proliferation of services available on the internet, including emergency response, health care, and human services. Several significant insights came out of the discussions at the Summit.
- There is a need to more clearly and specifically define those critical government services on the internet that directly affect the lives of private citizens.
- Work also needs to be done around policies to protect other critical infrastructure, such as the electric grid, which if attacked, could affect the ability of governments to provide critical citizen services.
- Once defined, policy should apply in peacetime as well as in wartime.
- Although consideration of the U.S.-Russia recommendation of markers in cyberspace was considered, there was concern about the recommendations as they did not address the risks posed by non-state actors.
- It was discussed that cost benefit analysis is required around potentially segregating certain vulnerable entities on the internet.
- Finally, it was also recognized that some multilateral backup capabilities may need to be established subject to assessing cost effectiveness.
The commitment was made by the Summit attendees to continue to refine the observations and recommendations, recognizing that there may ultimately be a requirement for international statutory changes and treaty agreements. The commitment was made to report back on progress at the third Worldwide Cybersecurity Summit planned for 2012 in India.
As always I welcome your feedback and questions for a lively discussion in the comment section below.
Mr. Robert N. Campbell III is Vice Chairman, Principal, Deloitte LLP and is the U.S. State Government Leader, based in Austin, TX