Turning cyber competition to cooperation

Avoiding “Cyber M.A.D.” through International Cyber Cooperation on Critical Infrastructure Protection

By Lydia Kostopoulos, PhD

The internet has become a global commons much like the sea and the sky. However, considering how much our society and the global economy rely on it, it could be argued that it is the most valuable global commons. It is in this cyber world where global-ecommerce flows, intellectual property is exchanged, ideas are shared, degrees are earned and sensitive government data is passed. However it is also a place where espionage, data theft, unauthorized intrusion and cyber-attacks take place.

The rapid escalation of cyber conflict and technological advances in offensive cyber capabilities among nation states have not been complemented with legal operational parameters. This has many ramifications – not just for military operations but also for corporations, who are still trying to wrap their heads around the cyber vulnerabilities threating their businesses. Equally concerning is the growing surface threat area for critical infrastructures as it too operates in the cyber global commons where many malicious threats exist.

While technology continues to advance and the internet challenges sovereign borders, the international legal infrastructure for state to state cyber operations is insufficient to meet the vulnerabilities and security concerns of our critical infrastructures today.

While much of the cyber domain operates under the classified Top Secret flag, countries need to come together in good faith to protect each other from Cyber M.A.D. (Mutually Assured Destruction ). Specifically, there is a dire need for internationally agreed upon “no attack zones” in the cyber world which affect the livelihood of civilian life and the economic prosperity of a nation.

A good starting point for this discussion among nations could be the protection of the following three infrastructures from any type of malicious cyber activity from another nation-state:

  1. water supply
  2. hospitals
  3. the electric grid

While cyber related negotiations among nations have been a sensitive, contentious and challenging issue, these three infrastructures have the potential to create a space of cooperation in the global cyber domain and protect very important critical infrastructures.

Cyber attacks on civilian infrastructure can have serious ramifications to international peace and prosperity and now is an excellent moment to bolster international efforts to be cyber-responsible with the new and evolving cyber capabilities and protect critical infrastructures from getting hit in the cyber battlefield crossfire between nations.

 For the purpose of this post, the author has addressed attacks on critical infrastructure conducted only by nation states. However there are other cyber actors who do not abide by the law and do not operate under a nation state flag; these actors also pose a threat to critical infrastructures.

Kostopoulos blog photoDr. Lydia Kostopoulos is an international security specialist based in Washington DC, having lived and worked in cross cultural and multi-lingual environments across three continents. She is the Communications and Outreach Coordinator for the Cyber Security Forum Initiative (CSFI) and oversees its mission in Europe. On Twitter. she can be found at @LKCyber where she tweets on intelligence, cyber defense and national security.

Contribute to the WIIS blog! WIIS members are encouraged to submit blog posts of 500-1000 words. Email [email protected] with your submission, short bio and photo.

[slideshow]Last week, we were honored at WIIS to host an all-star cast of cyber security experts from both the federal and private sector to discuss future cyber security challenges and how a diverse workforce is an important step to solving these problems.

THE TAKE-AWAY MESSAGES

  • The need for cyber security professionals will increase for the foreseeable future, and there will not be enough qualified people to fill the workforce deficit.
  • The cyber security field is diverse. STEM professionals are needed, but area specialists, foreign policy experts, law enforcement officials and others are also needed.
  • Our “pipeline” issue means that there are not enough women becoming interested, staying interested, and committing to careers in STEM areas.
  • Steps need to be taken to create a cohesive cyber security approach across all stakeholders, public and private.
  • Cyber security is an important national security area, on par with air, water, sky and space.

CONFERENCE PARTICIPANTS

  • WIIS Director Jolynn Shoemaker and CSIS Trustee Linda Hart gave the welcoming remarks.
  • Deloitte representatives presented the business case.
  • NGA COO Ellen McCarthy moderated the expert panel. Panelists included:

Rich Baich, Senior Vice President and Chief Information Security Officer, Wells Fargo

Cynthia Dion-Schwarz, Deputy Assistant Director, Computer & Information Science & Engineering (CISE) at National Science Foundation  

Karen Evans, National Director, US Cyber Challenge

Davina Pruitt-Mentle, Director of Educational Technology, Policy and Outreach, University of Maryland

Rosemary Wenchel, Deputy Assistant Secretary for Cyber Security Coordination, U.S. Department of Homeland Security

  • Janet Napolitano, Secretary of the Department of Homeland Security, gave the keynote address. Secretary Napolitano told the audience that cyber security attacks have increasingly become more prevalent, and that the greatest concern is the threat to infrastructure. She outlined the steps that DHS is taking to support the advancement of cyber security in the academic and private sectors, and stressed the need for cyber security legislation to create a cohesive and comprehensive defense against cyber attacks in the public and private sectors.

Event audio & video:

Video of DHS Secretary Napolitano’s keynote address

Audio of DHS Secretary Napolitano’s keynote address

Audio of expert panel

Media coverage:

The Hill: “Naplitano: Administration will act on cyber security if Congress fails to pass a bill”

Foreign Policy: “Napolitano: Cybersecurity legislation preferred over executive order”

Related articles:

Forbes: “More Women In Tech, More Women Mentors”