Tough political climate for cooperation
In 2015, former President Barack Obama and Chinese President Xi Jinping signed the U.S. China Cyber Agreement.
"They should be given a lot of credit for setting the stage on what international cyber governance and law could look like," said James Carder, CISO at security firm LogRhythm.
And early last year, President Obama announced the Cybersecurity National Action Plan, which provides for cybersecurity information sharing not only between the public and private sectors in the U.S., but also with other governments and agencies.
Another big step towards taking cyber attacks more seriously was NATO's decision last summer to make cyber operations part of its domain, in addition to air, sea, and land.
"Now the question is, if we confirm an attack from another nation, what will the United Nations, NATO, and other allies do about it?" Carder asked. "These are components that are still undetermined and need to be figured out before we see international governance and global response to cyber attacks be taken seriously. Until then, you’ll have countries that will continue to launch attacks without any real consequence."
Protecting against cyber attacks would seem, on the surface, to be a bipartisan issue. Last year, most security experts would probably have predicted slow but steady progress.
Now, however, all the old assumptions about how things work have been upended.
For example, there have been concerns raised about whether the U.S. should continue to support the U.N., said Jon Condra, director of East Asian research and analysis at Flashpoint.
"If these kinds of organizations start breaking down or lose credibility, we're going to be in a place where it's going to be a lot harder to come to some sort of agreement," he said. "Pulling away from international institutions that are designed to come to a consensus on major issues of international importance would have an impact."
It's the wrong time to try to make progress, said Anup Ghosh, founder and CEO at security firm Invincea.
Ghosh is a former offensive researcher with the Department of Defense, and points to the recent attempts to restrict international travel as one example of potential problems.
"The more we constrict and insulate ourselves from the world, the less likely our allies are going to cooperate from us, including on things like law enforcement actions," he said. "Most of the cyber criminals that we try to chase down have been protected by Russia. Today, we typically get them when they travel abroad on vacation."
On the other hand, he added, if cooperation with Russia does improve, then extradition could become easier.
According to Flashpoint's James, Russia has a different approach to cybercrime than the West does.
Sign up for CIO Asia eNewsletters.