The Defense Department is moving beyond its traditional treaty allies to expand partnerships in cyberspace, a senior defense office said today.
Steven Schleien, DOD’s principal director for cyber policy, said DOD officials are working toward long-term goals of collective cyber self-defense and deterrence.
Schleien spoke at Georgetown University’s second annual International Engagement on Cyber here where experts from Washington, the Netherlands and Russia spoke about national security and diplomatic efforts in cyberspace before several hundred students and experts in the field.
“We started with our traditional treaty allies, those with whom we have commitments,” Schleien said.
The department started there in accordance with President Barack Obama’s international cyberspace strategy, released in May 2011, which says that “hostile acts in cyberspace could compel actions under our mutual defense treaties,” he said.
Defense officials worked with DOD allies and NATO staff during the 2010 Lisbon Summit, Schleien said, to bring all NATO networks, civilian and military, under the NATO Cyber Incident Response Center, which is expected to be complete later this year.
Most recently, he said, DOD officials are starting to talk with the Japanese, South Korean and New Zealand defense ministries about cyber security, while working closely with the British and Australian ministries “to talk about a whole spectrum of cyber interoperability.”
Cyberspace is a novel arena for defense partnerships, said Schleien, a former arms control official. “In our view …, arms control doesn’t work in cyberspace,” he said. “ … I don’t know what we would monitor, [or] how we would verify anything in terms of cyber weapons or cyber tools — an issue my Russian defense colleagues have raised.”
Internationally, though, “we do believe that we need to establish norms of international behavior for cyberspace,” he added.
“The law of armed conflict comes to mind as one that’s essential to DOD,” Schleien said, “because in our view, [it] applies to cyberspace as it does to the other operational domains.”
U.S. Cyber Command finds it necessary to share information with other countries, but harder to accomplish given its national security mission, Navy Rear Adm. Samuel Cox, Cybercom’s director of intelligence, said at the forum.
Cybercom Commander Army Gen. Keith B. Alexander also is the director of the National Security Agency, which Cox called a unique Defense Department and national intelligence collection organization responsible for exploiting potentially adversarial foreign networks for intelligence purposes, within the cyber realm.
“From our perspective, what we’re looking at is a global cyber arms race [that] is not proceeding as a leisurely or even linear fashion but is, in fact, accelerating,” he said.
The increasingly vertical nature of the threat, Cox added, “is what is motivating my boss and others for a particular sense of urgency in being able to move forward on this.”
It’s relatively easy to engage with longstanding international partners like the United Kingdom and Australia, as well as Canada and New Zealand, he said.
Beyond those nations, Cox said, “it gets significantly harder.”
One of the impediments is the high-level classification of the information, which has “very strict rules on how you can share this with foreign governments,” he said.
The bottom line is that military cooperation with foreign countries in cyberspace “is still an extremely difficult environment to try to navigate through,” Cox said.
But because cyber defense is a global problem, the admiral added, “if we don’t work together with many of those key allies, then we will not be able to make a significant improvement in the current threat environment.”
In the United States, Obama’s issuance of international cyber strategy was a landmark event in raising critical awareness of the cyber security issue, Christopher Painter, the State Department’s coordinator for cyber issues, told the audience.
“The threat certainly has become more acute,” he added, but the issue has evolved from a narrow, technical issue to “a national security issue and a foreign policy issue — and a foreign policy priority.”
A growing number of countries have released national cyber security strategies and “organized their government around this issue,” Painter said.
When Secretary of State Hillary Rodham Clinton announced Obama’s international strategy, he added, she characterized the range of cyber-related issues as constituting “a new foreign policy imperative.”
Painter added, “I think that is important because it raises the level of dialogue to something that those people who often didn’t play in this sandbox before — foreign ministries at the heads-of-government level — are now dealing with.”
What the United States is doing domestically feeds into what the nation is doing internationally, he said.
“I think it’s very important to do as much as we can to prevent and mitigate the threat at home, Painter said, “but we can only get so far acting unilaterally. We have to act in concert … with countries around the world to address this problem.”