The White House on Monday unveiled an international strategy for cyberspace that stresses developing norms of responsible state behavior to promote a secure, open Internet and other critical computer networks.
Drawing on President Obama’s principle of global engagement, the strategy marks the first time any administration has attempted to set forth in one document the U.S. government’s vision for cyberspace, including goals for defense, diplomacy and international development.
“A new era of global engagement and vigilance has begun,” said Attorney General Eric H. Holder Jr., one of several senior administration officials who introduced the strategy to an audience of foreign and U.S. officials, as well as representatives from industry and civil society groups.
The 30-page document, which argues that expanded access to secure networks is essential to economic prosperity, is a broad, aspirational strategy intended as a guide for more detailed policies. Its release follows the U.S. decision last summer to change its position on cybersecurity , agreeing to work with other nations to reduce threats to computer networks. Previously, the United States resisted proposals limiting possible military use of cyberspace.
“This is just the beginning of a conversation within governments, between governments, the private sector and beyond,” said Howard Schmidt, the White House cybersecurity coordinator, who also spoke Monday.
The document is crafted to signal other countries that the United States wants to collaborate in securing digital networks, not dominate them, said James A. Lewis, a senior fellow and director of the Technology and Public Policy Program at the Center for Strategic and International Studies.
“This is a departure from the Bush administration, which refused to engage on these issues,” Lewis said. “The Obama administration is turning around and saying not only will we engage, but here’s where we’d like to end up.”
It is also a “counterbalance” to fears that the United States, by recently setting up a military “cyber command” to defend military networks was seeking to dominate cyberspace, said Greg Rattray, former White House director of cybersecurity and a partner at Delta Risk, a cyber-security consulting firm.
Two years ago, Obama made a nationally televised speech proclaiming the nation’s networks and computers “a strategic national asset,” and saying that protecting them would be a national security priority. “We will ensure that these networks are secure, trustworthy and resilient,” he said at the time.
The international strategy is an effort to build on that speech. It states that the United States will, with other nations, “oppose those who would seek to disrupt networks and systems, dissuading and deterring malicious actors, and reserving the right to defend these vital national assets as necessary and appropriate.”
It says the United States will help other countries strengthen their abilities to defend their networks and foster an open Internet.
The strategy noted that the norms should be based on principles such as recognizing that states have an inherent right of self defense that may be triggered by certain aggressive acts in cyberspace, and that states should act within their authorities to help ensure that the Internet remains accessible to all.
One challenge will be working with nations such as China, which exercise state control over the Internet in the name of national security, Rattray said. “On balance,” he said, “this is a major step forward.”
Leslie Harris, president of the Center for Democracy and Technology, said “some principles outlined in the strategy will sometimes come into conflict — one measure of who we are as a nation will be how those conflicts are resolved.”