U.S. officials: World needs to follow our lead on cyber norms


Written by

Even as the U.S. government shores up its own beleaguered cyber defenses, its officials are touting their progress setting cybersecurity standards — saying the rest of the world should follow the U.S. to protect itself online.

Two U.S. officials — Deputy Homeland Security Secretary Alejandro Mayorkas and State Department Coordinator for Cyber Issues Chris Painter — implored a roomful of global cybersecurity experts at the Billington International Cybersecurity Summit Tuesday to examine the various security frameworks and legislation the U.S. has crafted and use it as a model for their home governments.

In remarks at the National Press Club, Mayorkas touted the National Institute of Standards and Technology cybersecurity framework as a document that has lifted cybersecurity awareness in private companies, showing how companies should communicate and build accountability when it comes to mitigating threats.

“I would encourage those of you in the private sector, domestically and internationally to think of this framework as a framework of accountability,” he said. “To understand that the cure of one should be the cure for many. When one sees a competitor suffer, one can look at their watch and tick off the seconds until the same harm can be met on the threshold of one’s own company.”

He also talked about the department’s recently launched Automated Indicator Sharing platform, which takes advantage of new information sharing legislation passed as part of the massive omnibus funding deal last year. The new law grants companies liability protection if they share threat indicators. Mayorkas framed this effort as a collaborative one that protects not just various parts of the economy, but the entire online environment.

“The legislation that was passed at the end of this past year will greatly facilitate that effort because it protects liability and provisioning of information,” he said. “The sharing of information we advocated … is critical to the framework of enhancing the security of the cyber ecosystem.”

For his part, Painter highlighted progress made in the administration’s efforts on a global level, touting President Barack Obama’s international strategy for cyberspace as a way for countries to create what he calls a “peaceful cyber environment.”

“One of the real transitions I’ve seen, people thought of [cybersecurity] as a tech issue whereas now it is thought of as a core issue of national policy, a core issue of foreign policy,” Painter said.

He also talked about more recent efforts like the planned ICANN transition and the agreement at the November 2015 G-20 meeting that curbed theft of intellectual property as moves toward international standards for behavior on the internet — crafted by the community that runs the global network.

“This is the idea that the internet, for it to do the things that we really want to do, that it’s not just on the governments to figure this out, but it’s governments, the private sector, civil society, academics, internet wise guys, people who really know these things,” Painter said. “That’s how the internet has grown up. That’s a foreign concept for a lot of governments who are used to controlling this. If governments controlled the internet, we would not have this explosion we’ve had, we would not have the penetration we have.”

Even with the progress that Painter sees, he knows security efforts will have to be fluid if the world is to keep up with ever-changing threats.

“All of these things are non-static. All of these things need to be built on. As much as we have been able to accomplish in the past five years, we have to build on all of that activity,” he said.

“This is not an issue that is going to slip off the front page. The threats are going to be there. We also need to make sure we have the policies and we are working together to implement them.”