by Kenneth Corbin

State Department argues against ‘cyber arms’ treaty

May 26, 2016

Senior State Department official says cyber is fundamentally different than any sort of conventional military or diplomatic arena, urges ongoing and multilateral development of u2018normsu2019 in global Internet talks.

cybersecurity denial
Credit: Thinkstock

Even as top U.S. diplomats press issues of cybersecurity and Internet freedom in virtually every top-level meeting with their foreign counterparts, it’s too soon to begin contemplating a formal, multilateral treaty laying out parameters for digital rules of the road, according to a senior State Department official.

That’s in part because it remains early days in cyber-diplomacy, but also because the U.S. approach of framing Internet issues within the context of existing international law and pushing to develop generally accepted norms is netting some encouraging results, Christopher Painter, the State Department’s coordinator for cyber issues, testified Wednesday during a Senate hearing.

In particular, Painter argued to members of the Senate Foreign Relations Committee that it would be unwise to approach the cyber question in the same fashion as the global community has grappled with issues of nuclear proliferation (though officials make the comparison often). Cyber challenges, especially questions of security and free expression, can cut both ways.

[ Related: U.S. says proposed Chinese regulations could fragment the Internet ]

“They’re dual-use technologies,” Painter said. “We are committed to keeping the most dangerous cyber tools from the most dangerous actors. At the same time, we’re also committed to supporting the ability of our businesses, our consumers and the government to defend themselves from cyber threats and to promote innovation in cybersecurity.”

In the fight against cyber it’s not just a question of offensive and defensive

The State Department is also mindful of the needs of the security research community, the white-hat hackers whose trade involves developing patches and defenses against new and emerging threats.

Then, too, it’s not just a question of offensive and defensive capabilities.

“We’re both concerned about technologies that could be used by repressive regimes to monitor their citizens, but we’re also worried about tools that could be used by regimes that are not our friends to attack us, so we don’t want to have either of those things happen,” Painter said, stressing the multi-faceted nature of the Internet as it involves diplomacy.

[ Related: What would a U.S.-China cyber treaty really mean ]

Painter also rejected the idea of a standalone bureau or agency to deal with cyber issues, noting the multiplicity of agencies that can claim a sliver of jurisdiction over the Internet. Even within the State Department, a dedicated bureau would threaten to “stovepipe” an issue that agency leaders have been working to embed as foundational to every diplomatic endeavor.

“We’re trying to mainstream this issue at the State Department,” Painter said. “We’re trying to make this something that is like every other foreign policy issue. We want people to deal with this in every bureau, regional bureau and functional bureau.”

Instead, Painter outlined the policy framework that the State Department has been developing to apply international law to the cyber realm while looking to codify additional norms and pursue “confidence builders” as measures of good faith between the United States and other nations.

Perhaps the most visible coup on that front came last year, when the United States and China entered into an accord that affirmed that neither country would support the theft of intellectual property for commercial gain, among other measures, including a pledge of cooperation between the two nations’ law enforcement communities.

[ Related: Chinese spies target U.S. intellectual property ]

That agreement was notable not only for addressing one of the perennial complaints among U.S. businesses who have said that they are subject to more or less constant probes from Chinese entities, but it also marked the first time that Chinese authorities were willing to decouple corporate espionage from the routine intelligence gathering that countries engage in, according to Painter.

“While these commitments do not resolve all of our challenges with China on cyber issues, nevertheless, they do represent a step forward in our efforts to address one of the sharpest areas of disagreement in the U.S.-China bilateral relationship,” he said.

And it’s not just China. Painter rattled off a host of recent multilateral meetings among nations from various regions of the world that have produced statements affirming some of the norms like freedom of expression and curbing IP theft that the State Department has been advocating, the most recent coming earlier this month when President Obama hosted his counterparts from the Nordic countries.

“The president in almost every meeting with a foreign leader, in every summit, or when we have high-level meetings with other governments on a diplomatic level, has raised the issue of the importance of norms in cyberspace, the importance of this international security framework,” Painter said.

“That’s different than trying to have a cyber treaty and I think one of the concerns we have about the cyber treaty is that’s often advocated by the Chinese and Russians to try to control cyber “weapons” as they say,” he added. “But really they’re trying to control … information. They view information as destabilizing, and they talk about information security.”