America's New Cyberspace Strategy
At an Atlantic Council event last year, the singer Bono declared, “From rock stars in DC to street kids in Rio, from Harlem to Haiti, from Cape Town to Cairo, we all have a stake in this word America.” The White House’s new International Strategy for Cyberspace [PDF] roots that promise of rights and freedoms for all to something else the entire world has a stake in, that quintessential American invention, the Internet.
This new Strategy does an outstanding job of setting the agenda in a way that no country has before. Previously, the U.S. government has had varying (and often competing) agendas in cyberspace: fighting crime, protecting freedom of expression and intellectual property, promoting innovation, preventing attacks, and enabling military operations. Because there was no overarching vision, the different government departments involved these agendas were all too often at cross purposes. This often left confusion, for example, about whether the United States primarily considers cyberspace a place for cooperation (for innovation, commerce and free speech) or a new domain for conflict.
The new International Strategy is a cross-cutting, full-spectrum vision allowing, for the first time, a better balance between all these agendas to enable smarter policy making. Though it does not directly prioritize, it sends a clearer message to the American people and other nations.
The strategy makes it clear that the United States is primarily for the former, by describing four key elements the government seeks as part of the future of cyberspace, which must be (1) open to innovation, (2) interoperable the world over, (3) secure enough to earn people’s trust, and (4) reliable enough to support their work. This is a brilliant vision of a future for all of us – nations, individuals, corporations, non-government organizations – and a strong way to ensure inter-government cooperation. This vision matches the initial goal of the early Internet pioneers to current realities, hopefully allowing innovation, speech and commerce to flourish without being a completely lawless Wild West. The Strategy is rooted in American values, from Silicon Valley inventiveness to the Constitution and Universal Declaration of Human Rights.
One senior government official, in a closed pre-launch briefing, went so far as to say that the Strategy will allow the other nations to “hold us accountable” so that our actions match our stated intention. This has been missing for far too long in U.S. cyber statecraft.
Also, the U.S. government should be commended for adding the word “enough” in their vision of the future. All too often, cybersecurity has been seen in absolutes, especially “secure” and “reliable.” By modifying this to “secure enough” and “reliable enough” it is clear the White House has realized that cyberspace will never be fully secure and reliable and that we must manage the risks in cyberspace and not engage in an endless, fruitless chase to eliminate threats. As expressed by one senior government official, “Cybersecurity is not an existential end in itself” but instead must be focused on desirable outcomes.
One key way the Strategy seeks an open, interoperable, secure and reliable cyberspace is by committing the U.S. government to specific ten diplomatic, defense, and development norms. These ten norms are fundamental freedoms, respect for property, privacy, protection from crime, right of self defense, global interoperability, network stability, reliable access, multi-stakeholder governance, and cybersecurity due diligence.
The Strategy includes no implementation plan, as it is meant to be a vision. Rather, each department and agency will, over the coming months, use the Strategy to modify their own internal plans and programs. For example, when asked how the new Strategy’s goal of openness and free speech should be compared to military doctrine looking for “dominance” or “supremacy” in cyberspace, a senior government official replied, “stay tuned”, because the process has only just begun. This synchronization should be easier as the interagency process that led to today’s launch seems to have helped coordinate the major players (Defense, State, Commerce, and Justice) to the new vision.
Having been a previous cyber director at the White House, I must say the new Strategy is exceptionally well balanced, well crafted, and (so far) well executed. The rest of the world has a stake in the Internet, in cyberspace. This new document is the finest work of cyber statecraft by any nation or group to date and should make America proud as it lives up to what Americans believe about themselves. Now, that strong expectations have been set, though, it will be time for all of us to live up to them and help see them through.
Jason Healey is the Director of the Atlantic Council’s Cyber Statecraft Initiative. You can follow his comments on cyber issues on Twitter, @Jason_Healey.