Even as top U.S. diplomats press issues of cybersecurity and Internet freedom in virtually every top-level meeting with their foreign counterparts, it's too soon to begin contemplating a formal, multilateral treaty laying out parameters for digital rules of the road, according to a senior State Department official.
That's in part because it remains early days in cyber-diplomacy, but also because the U.S. approach of framing Internet issues within the context of existing international law and pushing to develop generally accepted norms is netting some encouraging results, Christopher Painter, the State Department's coordinator for cyber issues, testified Wednesday during a Senate hearing.
In particular, Painter argued to members of the Senate Foreign Relations Committee that it would be unwise to approach the cyber question in the same fashion as the global community has grappled with issues of nuclear proliferation (though officials make the comparison often). Cyber challenges, especially questions of security and free expression, can cut both ways.
"They're dual-use technologies," Painter said. "We are committed to keeping the most dangerous cyber tools from the most dangerous actors. At the same time, we're also committed to supporting the ability of our businesses, our consumers and the government to defend themselves from cyber threats and to promote innovation in cybersecurity."
In the fight against cyber it’s not just a question of offensive and defensive
The State Department is also mindful of the needs of the security research community, the white-hat hackers whose trade involves developing patches and defenses against new and emerging threats.
Then, too, it's not just a question of offensive and defensive capabilities.
"We're both concerned about technologies that could be used by repressive regimes to monitor their citizens, but we're also worried about tools that could be used by regimes that are not our friends to attack us, so we don't want to have either of those things happen," Painter said, stressing the multi-faceted nature of the Internet as it involves diplomacy.
Painter also rejected the idea of a standalone bureau or agency to deal with cyber issues, noting the multiplicity of agencies that can claim a sliver of jurisdiction over the Internet. Even within the State Department, a dedicated bureau would threaten to "stovepipe" an issue that agency leaders have been working to embed as foundational to every diplomatic endeavor.
"We're trying to mainstream this issue at the State Department," Painter said. "We're trying to make this something that is like every other foreign policy issue. We want people to deal with this in every bureau, regional bureau and functional bureau."
Instead, Painter outlined the policy framework that the State Department has been developing to apply international law to the cyber realm while looking to codify additional norms and pursue "confidence builders" as measures of good faith between the United States and other nations.
Sign up for CIO Asia eNewsletters.