Cyberspace governance: The American approach

cyber-spaceThe international discourse on cyberspace governance has come a long way since Russia introduced the resolution at the United Nations General Assembly (UNGA) on “Developments in the field of information and telecommunications in the context of international security” in 1998. As in many other cases, geopolitical differences have had their impact on this issue as well. Today, on the issue of cyberspace governance, the international community is broadly divided into two sides. One, led by Russia and China, calls for more governmental control over information dissemination technologies as well as on platforms including the internet. These countries are also making a case for an international treaty defining norms and rules to regulate cyberspace. The other side, led by the US, emphasises free flow of information in cyberspace and opposes governmental control over information platforms such as internet. It appears that the US, and broadly the West, remains unconvinced about the need for an international treaty to address transnational concerns in the cyber domain. In fact till 2009, the US opposed the idea of international cooperation to address concerns in cyberspace and opposed Russian sponsored resolutions in the United Nations (UN) on information security. However, in 2009, the US policy went through significant changes and Washington started engaging with the international community on these issues. Analysing the situation, Joseph Nye said that:

For more than a decade, Russia has sought a treaty for broader international oversight of the Internet, banning deception or the embedding of malicious code or circuitry that could be activated in the event of war. But Americans have argued that measures banning offense can damage defense against current attacks, and would be impossible to verify or enforce. Moreover, the United States has resisted agreements that could legitimize authoritarian governments’ censorship of the internet. Nonetheless, the United States has begun informal discussions with Russia. Even advocates for an international law for information operations are skeptical of a multilateral treaty akin to the Geneva Conventions that could contain precise and detailed rules given future technological volatility, but they argue that likeminded states could announce self governing rules that could form norms for the future”.1

The US policy against international cooperation to create rules for cyberspace was driven by two factors: the US was technologically superior in cyberspace and wanted to maintain its freedom of action in this domain, and had not yet realised the risks to its cyber infrastructure; and second, the US supported the free flow of information across borders particularly using the internet.

Stating its position in opposing an international treaty, the US in its reply to the Secretary General of the UN in 2004 maintained that “The United States of America does not believe that this approach [of governmental control] contributes to the goals of strengthening the security of global information and communications systems, but instead that it contravenes the principle of free flow of information critical to the growth and development of all States.”2

Shift in the American Policy

cyber-space1After the Obama administration took over in 2009, the US policy on cyberspace governance changed significantly. The US began engaging with other major powers to address issues that it faced in cyber space. The reasons for this change can be attributed to the new developments in information security as well as Washington and Moscow’s ’reset’ policy toward each other in their bilateral relationship. Around the same time, two incidents – cyber attacks on Estonia in 2007 and Georgia in 2008 – heightened the level of threats posed by cyberspace. The attack on Estonia crippled the country’s government websites as well as critical services such as banking and communication, severely threatening the social order. The cyber attack on Georgia raised further questions on the military application of cyberspace. The US Cyber Consequences Unit monitored these attacks and later published a special report on the “Cyber Campaign against Georgia in August 2008”. According to the report, the cyber attacks were carried out by civilians with no direct involvement with the Russian Government. However, the report stated that these cyber attacks were coordinated simultaneously with the Russian military operation at the time.

Additionally, many US government and cybersecurity firms’ reports started highlighting numerous incidents of cyber attacks carried out by foreign entities on American information networks. Reflecting these concerns, the US Office of the National Counterintelligence Executive stated in its report to the US Congress:

“Foreign collectors continued to target a wide variety of unclassified and classified information and technologies in a range of sectors…. Cyber threats are increasingly pervasive, and several key adversaries have drastically expanded their computer network operations for intelligence collection and military use. Moreover, the techniques used and the growing computer globalization made it increasingly difficult to detect and prevent intrusions. Tracking, analyzing, and countering foreign collection efforts are increasingly complex challenges as the growth of multinational organizations in the global marketplace compounds and obscures the threat to the United States.”

These developments underlined the challenges in cyberspace and led to a reassessment of the West’s approach to cyberspace governance. Additionally, the possibility of a state using non-state actors or using a third party’s cyber infrastructure to carry out such attacks raised the question about a proportional response, as yet undefined in international law. The lack of definitional clarity, and clear red lines in cyber space and the transnational nature of threats, set the stage for a joint international collaboration to address these issues.

Underlining the growing threat to America’s cyber infrastructure, US President Barack Obama stated in 2009 that “cyberspace is real. And so are the risks that come with it.” He outlined the country’s growing dependence in the cyber domain and that the country’s military and economic superiority lies in securing the digital infrastructure. He went on to acknowledge that “it’s now clear this cyber threat is one of the most serious economic and national security challenges we face as a nation. It’s also clear that we’re not as prepared as we should be, as a government or as a country.”

Highlighting the importance of international cooperation in dealing with challenges in cyberspace, the White House in its Cyber Security Review of 2009 stated that “The United States needs to develop a strategy designed to shape the international environment and bring like-minded nations together on a host of issues, including acceptable norms regarding territorial jurisdiction, sovereign responsibility, and use of force. In addition, differing national and regional laws and practices—such as those laws concerning the investigation and prosecution of cybercrime; data preservation, protection and privacy; and approaches for network defense and response to cyber attacks—present serious challenges to achieving a safe, secure, and resilient digital environment. Addressing these issues requires the United States to work with all countries— including those in the developing world who face these issues as they build their digital economies and infrastructures—plus international bodies, military allies, and intelligence partners.”

Washington, however, maintained its position on the need to maintain freedom of action in cyberspace and its opposition to governmental control over international information dissemination technologies and platforms including the internet, and therefore rejecting the need for an international treaty. This is well reflected in the statement made by General Keith Alexander, Commander and Joint Functional Component Command for Network Warfare before the House Armed Services Committee. In his statement, he outlined that “Maintaining freedom of action in cyberspace in the 21st Century is as inherent to U.S. interests as freedom of the seas was in the 19th Century and access to air and space in the 20th Century.” Although Washington continued to oppose an international treaty, it released “The U.S. International Strategy for cyberspace”. The strategy aimed to set out a path for the international community to collaborate together on cyberspace.

This shift in policy was also evident within the UN debate on cyber governance. While the first Group of Governmental Experts (GGE), set up by the UN to examine measures to address cyber security threats, failed to reach a consensus in its first meeting in 2004, the second GGE came out with a successful report in 2010. Additionally, the US was no longer opposing the resolution on information security in the UN General Assembly. The US, for the first time, co-sponsored the UN resolution on information security along with Russia in 2010.

Washington actively began discussing the challenges of cyber security at a global level. It realised that American policy needs to be integrated into the global concern by engaging in cyberspace negotiations rather than unilaterally opposing it. While divided in their ideologies, the two sides now agree on a need to work together to define the rules and norms of cyberspace. As a result the Third GGE (2012-13) achieved a consensus on a critical issue favouring the American position. While the official report on the third GGE is yet to be released, the US State Department has said that the GGE “affirmed that international law, especially the UN Charter, applies in cyberspace”, thus invalidating the need for an international treaty.

Conclusion

The US has become more proactive in engaging with the international community to address cyberspace challenges ever since the policy shift in 2009. However, it still maintains its opposition to the need for an international treaty to govern cyberspace. It also strongly opposes altering the nature of the internet by providing control to governments. Washington was against the draft code of conduct on information security put forward by Russia, China, Uzbekistan and Tajikistan in 2011 which aimed “to reach [a] consensus on the international norms and rules standardizing the behaviour of countries concerning information and cyberspace.” The US, justifying it stance, said that the code “would legitimize the view that the right to freedom of expression can be limited by national laws and cultural proclivities, thereby undermining that right as described in the Universal Declaration on Human Rights.”

Nevertheless, cyber security is now one of the prominent points of discussion in the US-Russia and US-China bilateral talks, indicating the increased willingness of Washington to cooperate on the subject.

(The writer is a Research Assistant at Observer Research Foundation, Delhi)

 

Courtesy: ORF; This article can also be read at Cyberspace governance: The American approach. 

References

1    Joseph S. Nye Jr, “Cyber Power”, Paper, Belfer Center for Science and International Affairs, Harvard Kennedy School, May 2010, available at http://belfercenter.ksg.harvard.edu/publication/20162/cyber_power.html.

2    “Developments in the field of information and telecommunications in the context of international
security”, Report to the Secretary General, United Nations General Assembly, 59th Session, Addendum, A/59/116/Add.1, December 28, 2004.

Author Profile

India Writes Network
India Writes Network
India Writes Network (www.indiawrites.org) is an emerging think tank and a media-publishing company focused on international affairs & the India Story. A venture of TGII Media Private Limited, a leading media, publishing and consultancy company, IWN has carved a niche for balanced and exhaustive reporting and analysis of international affairs. Eminent personalities, politicians, diplomats, authors, strategy gurus and news-makers have contributed to India Writes Network, as also “India and the World,” a magazine focused on global affairs. The Global Insights India (TGII) is the research arm of India Writes Network. To subscribe to India and the World, write to editor@indiawrites.org