Department of State: Cybersecurity Update
By Richard Weitz
The Department leads U.S. international efforts to strengthen global cybersecurity. It does so by building capacity in developing countries, promoting interoperable standards and enhancing international cooperation to respond to cyberthreats.
The State Department is involved with almost every element of international cybersecurity because of its prominent role in dealing with U.S. allies, friends, and foes as well as its negotiating treaties and with international organizations.
Both the Secretary of State and State’s Coordinator for Cyber Issues have made clear that the Department’s cyber priority is to ensure that the Internet remains freely accessible. As part of this objective, the Department seeks to protect individuals, especially Americans, from foreign on-line criminals, hackers, and predatory governments.
In February 2011, Secretary of State Hillary Clinton announced that Christopher Painter, the former senior director for Cyber Security as the NSC, would become the first State Department Coordinator for Cyber Issues.
Both Clinton and Painter played significant roles in developing the Obama administration’s International Strategy for Cyberspace which laid down a framework for how the U.S. government would respond to cyber threats.
The new office coordinates work across the Department and with other U.S. government agencies regarding cybersecurity and other cyber issues. The office encourages embassies throughout the world to promote good cyber policies, but also reaches out to other countries directly through conferences and events. The office has played a role in criminal cases where individuals from outside the United States hacked into various systems within the United States.
The State Department cooperates with other countries to fight transnational cybercrime.
It invests in helping other countries build law enforcement capacities. It led the campaign within the U.S. interagency to ratify the Budapest Cybercrime Convention, which sets out the steps countries must take to ensure that the Internet is not misused by criminals and terrorists. When foreigners are suspected of engaging in cyberattacks and cybercrime against the United States, the State Department will lodge protests and try to get those involved punished or at least shut down.
But State can do little when these cyberattackers enjoy the support and sanctuary of a foreign government.
At best, the foreign government might arrest and visibly punish a few lower-level people and shut down one malicious website while allowing another to open.
Observers credit the U.S. State Department with being the only U.S. Government agency that has achieved near-real-time situational awareness, which the Department calls “continuous monitoring.” It enables cyberdefenders to minimize their vulnerability by quickly protecting their systems when a new threat or vulnerability is discovered.
State Department managers update their threat assessments on a daily basis, not monthly or quarterly like most agencies, and can tell quickly when a computer network has not received a needed software patch.
Much of the Department’s work has involved the Russian Federation.
The Russian government seeks a treaty with the United States regarding cyberspace, but the two countries cannot agree on their priorities.
Russia seeks to prevent a “cyber arms race” by restricting certain offensive cyber weapons, while the United States seeks to improve its abilities to deal with hostile foreign individuals through extradition.
In June 2011, the State Department and the Russian government agreed to exchange the military’s views on cyberspace and to exchange information between the two nations Computer Emergency Response/Readiness Teams (CERTs) as well as establish protocols for communicating on cybersecurity issues.
Nevertheless, Russia’s indignant stance over a Russian citizen arrested in Switzerland for cyber crime and extradited to the United States in January 2012 emphasizes the need for a treaty.
The Department of State places a high priority on preserving international Internet freedoms.
The Arab Spring of 2011 has emphasized the importance of the issue of internet freedom. The internet, specifically the social media, became an important means of communication between revolutionaries in Egypt, Tunisia, Libya, Syria, Iran, and elsewhere.
Recognizing this, the governments of oppressive regimes throughout the world have made internet control a greater priority.
In a February 15, 2011 speech at George Washington University, Secretary Clinton called for
a global commitment to Internet freedom, to protect human rights online as we do offline. The rights of individuals to express their views freely, petition their leaders, worship according to their beliefs — these rights are universal, whether they are exercised in a public square or on an individual blog. The freedoms to assemble and associate also apply in cyberspace. In our time, people are as likely to come together to pursue common interests online as in a church or a labor hall. Together, the freedoms of expression, assembly, and association online comprise what I’ve called the freedom to connect. The United States supports this freedom for people everywhere, and we have called on other nations to do the same.
U.S. diplomats raise the cases of imprisoned bloggers, journalists and online activists at the highest levels of foreign governments, and take a public stand on their behalf. The Department’s Bureau of Democracy, Human Rights and Labor (DRL) had a budget of $74 million in FY 2012 and a proposed $64 million for FY2013. The Bureau is the State Department main agency for supporting democracy and human rights worldwide.
The State Department advances Internet freedom as an economic issue in multilateral forums and in bilateral relationships.
In September 2010, Secretary Clinton launched the mWomen initiative—a public-private partnership led by the Global Women’s Initiative designed to close the global gender gap in mobile phone adoption. The mWomen Initiative continues to host conferences and seminars on women and mobile technology and frequently publishes its research as well.
The Secretary’s 21st Century Statecraft initiatives complement the Department’s work to advance Internet freedom.
The 21st Century Statecraft initiative connects the private and civic sectors with foreign policy by bringing new resources and partners together, and using connection technologies to make diplomacy more innovative. Internet freedom is a prerequisite for the application of technology, because an open platform creates the space for innovation in diplomacy, development and beyond.
The Administration has also launched an unprecedented initiative to put State Department data online, to encourage citizen participation and to increase the openness of Government generally.
The State Department has organized and participated in cyber conferences throughout the world to raise global awareness of cyber issues.
In July 2011, the Department helped Kenya run a conference on cybersecurity with delegates from Kenya, Tanzania, Uganda, Rwanda, and Burundi attending. In addition to the conference, Christopher Painter traveled to Kenya several times to observe their new methods of payment through mobile devices. The Secretary also spoke at the London Cyberspace Conference in November of 2011 as did Vice President Joseph Biden. That same month, Secretary Clinton delivered a prominent address at the Conference on Internet Freedom at The Hague.
In addition to working with the United Nations and its affiliated agencies, the Department of State has engaged with various regional organizations on cyber issues.
For example, it has worked within the OSCE–the largest regional security organization in the world, with nations from Europe, North America, and Central Asia — to support cyber and other media freedoms. With U.S. encouragement, the OAS’ Inter-American Committee against Terrorism (CICTE), a branch of the OAS committed to combating terror, has considered cybersecurity a major issue since 2004, when it released a cyber strategy. CICTE establishes Computer Security Incident Response Teams through its training and assistance programs. In 2011, CICTE had twelve different events, including training session, missions, and an International Day of Cybersecurity.
Civil Society 2.0 aims to build the technical capacity of civil society organizations to accomplish their missions through the use of connection technologies.
Civil Society 2.0 seeks to match these organizations with technology tools and tech-savvy volunteers to help raise digital literacy, strengthen the information and communications networks of NGOs and amplify the impact of civil society movements. As part of the Civil Society 2.0 program, the United States, through the State Department, has held five Summits, with a sixth scheduled for April 2012 in Cartagena Colombia, at the time the Summit of Americas is meeting in that city. U.S. embassies host TechCamps, which are designed to increase the capacity and dynamism of civil society organizations by training them to use digital technologies to advance their missions. Civil Society 2.0 also participates in Strategic Dialogues with other nations, most recently in Lithuania and Washington, DC.
The State Department has been divided by vigorous debates over which projects it should support through its grants and whether to view the Internet as a weapon to topple repressive regimes.
The Department finances programs like circumvention services, which enable foreign users to evade state-directed Internet firewalls by routing their traffic through proxy servers in other countries. It also trains human rights workers how to secure their e-mail from surveillance and how to wipe incriminating data from mobile phones if they are detained by the police.
Critics of the Department’s approach argue that it needs to take a bolder approach and support a few key projects rather than disperse funding so widely. A report by the Republican minority of the Senate Foreign Relations Committee said that State’s performance has been so weak that financing Internet freedom initiatives—at least those related to China—should be moved to another agency, the Broadcasting Board of Governors, which oversees Voice of America and Radio Free Europe. The Congress successfully blocked an Administration proposal to end the VOA’s TV and radio broadcasts to China.
Critics on the left accuse the State Department of hypocrisy for supporting the free flow of information, except when it involves the U.S. government.
They cite the Department’s vigorous efforts to counter the release of its secret U.S. cables by WikiLeaks. Many of these cables contained unflattering observations and reports by U.S. Diplomats regarding their host governments Secretary Clinton has countered that, in addition to being a public space, the Internet is also a channel for private communications. For that to continue, there must be protection for confidential diplomatic communications online.
Furthermore, the Department’s support for Internet freedoms is limited by its responsibility to conduct the overall diplomatic relationship with all foreign governments in a way that maximizes U.S. security and economic interests.
When an important U.S. ally or trade partner engages in repressive Internet policies, the Department will at best issue quiet protests. Instead of confronting the government of an important country like China directly, the State Department prefers to place its bets on economic incentives and time leading these governments eventually to change their polices.
As Clinton put it,
Clearly, many businesses are willing to endure restrictive Internet policies to gain access to those markets, and in the short term, even perhaps in the medium term, those governments may succeed in maintaining a segmented Internet. But those restrictions will have long-term costs that threaten one day to become a noose that restrains growth and development.” Clinton has referred to “a dictator’s dilemma” in which governments that suppress Internet freedoms “will have to choose between letting the walls fall or paying the price to keep them standing.. and enduring the escalating opportunity cost of missing out on the ideas that have been blocked and people who have been disappeared.
The Department also balances the need for Internet freedoms with a desire to enhance Internet security.
In her George Washington University speech, Clinton noted that,
Finding this proper measure for the Internet is critical because the qualities that make the Internet a force for unprecedented progress—its openness, its leveling effect, its reach and speed—also enable wrongdoing on an unprecedented scale. Terrorists and extremist groups use the Internet to recruit members, and plot and carry out attacks. Human traffickers use the Internet to find and lure new victims into modern-day slavery. Child pornographers use the Internet to exploit children. Hackers break into financial institutions, cell phone networks and personal e-mail accounts.