US and international cybersecurity officials called for greater international cooperation to combat Internet crime and malign cyber activity during the 8th annual International Conference on Cyber Engagement (ICCE) in Washington, DC, on April 23.
David Koh, who serves as commissioner of cybersecurity, chief executive of the Cyber Security Agency, and defense cyber chief in Singapore’s Ministry of Defense, called for likeminded nations to establish “a rules-based cyberspace based on applicable international law and the adoption of voluntary operational norms.” Koh argued that other global common spaces, such as maritime and aviation, are governed by complex international rule systems, and “cyberspace should not be any different from the physical domains.”
Although Singapore is a tiny nation-state with 5.6 million people, it consistently ranks as one of the world’s most committed governments to cybersecurity. Koh explained that his government has placed such a high importance on the issue due to his country’s high level of Internet and technology use, as well as its position as an important international trade hub. “The more digitalized and connected we become, the more important it is to secure our systems,” he said. “We should look at cybersecurity like the brakes on a car,” he added. “We can only drive fast if we have good brakes.”
Singapore’s focus on cybersecurity has led it to lead regional efforts to adhere to common rules and behaviors in cyberspace, Koh explained. In September, he reported, ministers and cyber officials from the Association of Southeast Asian Nations (ASEAN) member states “agreed to subscribe in principle to all eleven voluntary nonbinding norms” recommended by the United Nations (UN) Group of Governmental Experts (GGE) in 2015. Singapore will also complete the development of an ASEAN-Singapore Cybersecurity Centre of Excellence in October 2019, he said, which will provide the region with common capacity building and information sharing on cybersecurity.
While Koh conceded that many larger countries will resist agreeing to extensive new international norms in cyberspace, he believes that “if we focus on what we agree on and build on [it],” instead of just discussing the areas of disagreement, “there will be progress, which will be useful and build momentum.”
“We are sharply cognizant that a world where might makes right spells disaster for us and other small nations and perhaps even middle powers,” says Koh of @CSASingapore. “A rules-based international order is necessary for small states to control our own destiny.” #ACcyber 11/ pic.twitter.com/meul9oVGnB
— Atlantic Council (@AtlanticCouncil) April 23, 2019
He also emphasized the importance of keeping discussions within the context of the United Nations, which he argued, is “the only universal, inclusive, and multilateral forum” for discussing international rules. “States have always turned to the UN in developing rules for the global commons, of which cyberspace is part of,” he added.
Amy Hess, the executive assistant director for the Criminal, Cyber, Response, and Services Branch of the Federal Bureau of Investigation (FBI), also highlighted the importance of international cooperation in investigating and bringing malicious cyber actors to justice. With cyberattacks originating from both nation states and individual citizens around the world, the United States is dependent on international partners to help them “expose [criminals] and to limit their future criminal activity,” she said.
Hess highlighted the use of INTERPOL red notices, which allow the United States to mark potential cybercrime suspects, limiting “their ability to travel and if they do attempt to travel, we are more likely to catch them and to bring them to justice.” The United States, she said, “has bilateral extradition treaties with over one hundred countries and we also, in coordination with our international partners, look to dismantle the criminal infrastructure that is used to conduct cybercrime. Our foreign partners are key to those efforts.”
One such success in dismantling criminal online activity occurred in 2017, Hess said, when US and Dutch authorities took coordinated action to shut down dark web marketplaces AlphaBay and Hansa. Hess called the takedowns “one of the most sophisticated efforts to date on the part of law enforcement across the globe.”
The examples of international collaboration on cybersecurity presented by Koh and Hess are a major motivating factor for convening the ICCE, according to Frederick Kempe, president and chief executive officer of the Atlantic Council. “Cyber issues transcend nations and disciplines, demanding international collaboration. The goal of ICCE is to establish an ongoing forum where diverse experts and practitioners can establish a foundation for cooperation and international engagement to address the complex and fluid cybersecurity issues that we know all too well,” he said.
Catherine Lotrionte, a Brent Scowcroft scholar at the Atlantic Council’s Scowcroft Center for Strategy and Security, said “a true multidisciplinary approach and international engagement were and are the only way that the cyber community can begin to address the many complex challenges stemming from our interconnectivity.”
Lotrionte has organized ICCE since 2011. This was the first time that this conference has been hosted by the Scowcroft Center in partnership with Dentons, PKO Bank Polski, and Texas A&M University.
While many countries may be tempted to view cyber defenses as a purely domestic concern, Kempe maintained that “no matter which country it calls home, digital technology touches every person across the world and more and more it touches every aspect of their lives. International collaboration in cyberspace becomes more crucial each day to ensure a safe, secure, stable, and prosperous cyberspace for the citizens of the world.”
David A. Wemer is assistant director, editorial, at the Atlantic Council. Follow him on Twitter @DavidAWemer.