President Joe Biden faces a daunting list of cyber issues as he begins his term of office. Cyber space is an increasingly hotly contested domain that is fundamental to national security and national prosperity. As the new administration looks to set its diplomatic objectives, cyber security ought to be a key agenda item as it impacts every instrument of America’s national power: diplomatic, information, military and economic.
With the exigent need to reduce the country’s cyber risk rising, there are several opportunities where the Biden administration can make a huge and positive difference to better secure the cyber ecosystem through international engagement, both at home and abroad.
First on the list is to restore trust in the American government while reaffirming its values in both word and deed. Recent events have shaken trust and confidence in the reliability and integrity of the American government on international stages. President Biden and his team face stiff headwinds as they work to restore trust among shaken traditional allies and suspicious potential allies that the American government is good to its word and steadfast in its resolve.
Second, the president has the opportunity to put cyber security not only at the top of his agenda but also on the agenda of his fellow world leaders. An early conversation with Russia’s president, Vladimir Putin, included a discussion on cyber security, which is an encouraging start, yet should be followed up with cyber security conversations with other world leaders. President Biden should make cyber security cooperation and a commitment to an “open internet” a constant theme in all bilateral and multilateral engagements.
Third, the US has an opportunity to renew its participation and leadership in the international organisations that are instrumental in the development and administration of internet standards and governance. Over the course of many years, we have seen American leadership of key international forums, standards development bodies and internet governance organisations erode. The Biden administration should encourage greater American participation in and leadership of these critical multinational organisations to protect American interests, foster closer international cooperation and collaboration, and promote American innovation.
Greg Touhill, Isaca
Fourth, the Biden administration should renew international efforts to define acceptable behaviour on the internet. Reaffirming American commitment to the “cyber norms”, as articulated in the United Nations Group of Governmental Experts, is an excellent starting point. Only through a clear and unambiguous definition of acceptable behaviour on the internet can we set the stage for an enduring open, free, peaceful and more secure internet.
Fifth, the Biden administration must address internet-enabled criminal activity. The amount of internet-enabled criminal activity is staggering – some pundits speculate that if all the financial impacts of internet-enabled criminal activity were aggregated under a single organisation, its annual income would qualify it for membership in the G8 economic forum. Since virtually every country, including the US, has internet-enabled criminals in its citizenry, taking substantive measures to reduce criminal activity requires effective international legal frameworks, enforcement regimes and cooperation. The US can and should take a leading role to address the issue of internet crime.
Sixth, the Biden administration will need to tackle the vexing issue of cyber deterrence. The need for an effective cyber deterrence policy has been identified many times over the past decade yet the US has yet to hit the sweet spot. We are “late to need”. With cyber criminals and nation-state actors engaged in a wide swath of nefarious internet-enabled activities, frustration over the rising levels of cyber crime against American businesses and citizens, and nation-state breaches of government and critical infrastructure, is high. Creating an effective cyber deterrence strategy that addresses both cyber crime and nation-state activity will be difficult yet is something that should not be postponed any longer. I believe that for the elusive deterrence strategy to be viewed as credible, it must present viable consequences to those who challenge international standards of conduct.
Finally, president Biden and his administration have the opportunity to address “accountability” as a principal international cyber security issue. Accountability is at the heart of each of the points above. The administration must work across the world stage to identify and hold accountable those who violate cyber norms and standards of behaviour on the internet. This will require extraordinary international cooperation and presents itself as one of the great challenges ahead.
Retired brigadier general Greg Touhill was the first federal chief information security officer of the US government under president Barack Obama. Now president of AppGate Federal, he also serves on the Isaca board of directors and the faculty of Carnegie Mellon University’s Heinz College.