9:30 A.M. EDT
International Strategy for Cyberspace: Prosperity, Security, and Openess in a Networked World Report
MODERATOR: Thank you, everyone, for coming to the Foreign Press Center so early in the morning. We have with us today Mr. Christopher Painter, the State Department’s Coordinator for Cyber Issues. He’s with us today to discuss the Administration’s International Strategy for Cyber Issues.
Before we begin, just one quick reminder, please turn off all cell phones or anything else that will make a noise during the discussion. We also have participation via phone, so during the question-and-answer session we’ll move from participants in the room and participants on the telephone.
Mr. Painter.
MR. PAINTER: Great. Well, thank you all for being here today. I very much appreciate it and I’m very excited to be here to talk about the President’s International Strategy for Cyberspace and also the State Department’s role in that document and going forward, pivoting off that document, what we’re going to be doing in the future.
This strategy is really important if you look at what it is. It tries for the first time, and it does for the first time, pull together all the different strands of our policies in cyberspace from internet freedom issues to internet governance issues, to security issues, to military issues, to cyber crime issues, to economic issues, and puts them really all in one framework for the first time.
Now, why is that important? It’s important because in the past, both we and, frankly, I think, other nations too have looked at this issues in silos. And we’ve done a lot of great work, and there’s been a lot of benefit that the internet has given us over the last 20 years as we’ve developed this new technology and cyberspace more generally. But all of these issues are interrelated and all of those policies are interrelated, and I don't think you can really understand how important or what the future of this technology will be without looking at all of these different policies together.
So what this document does, and one of the very significant things it does, is it pulls these all together in one coherent fashion that really lays out, I think, for the first time what our goals are in cyberspace, what the future we’d like to see achieved in cyberspace. And I should note this is not – although this is a strategy that’s issued by our President, is it not a uniquely American vision. It is a vision that should be, and is, a world vision. And one of the key things behind this strategy is to find partners and to build a consensus around it.
The goal that we lay out is a future for cyberspace that is open, interoperable, secure, and reliable, that is something that can undergird and promote economic growth and innovation, free expression, the free flow of information. And to achieve that goal and to build that future, that we want to sustain an environment where norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace.
So that’s the goal. And you can’t get anywhere if you don’t have a goal. If you don’t know where your destination is, you can’t get there. And I think it’s important to have that as our goal, not just for us but for all of our partners working together. And this strategy really is a signpost. It is sort of the GPS to find where that goal is, to find that destination that we want to for this really powerful and transformative technology.
The other thing the strategy does is it focuses on a couple of different areas. It lays out a number of policy priorities, and those include and those are: the economy – promoting international standards for open and innovative markets, that includes sustaining free trade, protecting intellectual property, for instance; protecting our networks by enhancing security, reliability, and resiliency, that all nations need to protect their networks and work together to do that; and that includes promoting cooperation in cyberspace, promoting the rule of law in cyberspace, promoting norms in cyberspace; law enforcement collaboration, and again, the rule of law in that area; military – making sure that we are protecting our own systems and prepared to act in this area; internet governance, that we have a multi-stakeholder approach to internet governance that keeps the internet open and interoperable; international development – building capacity in this area.
I think one of the really important things for us going forward is, as I said, this is not a uniquely American vision. It means partnering with the rest of the world, including the developing world, and making sure that we and other nations are helping to build that capacity, whether it’s legal capacity or technical capacity in other countries. And finally, but not last, internet freedom – the free flow of information, the right of expression online, one of the things that the Secretary has been very vocal about in the past.
Now, how do we get to this goal? We get to this goal by having some core principles, which are set up in this document, and then trying to define norms of behavior around those principles by finding allies and building a consensus around this vision in the international community. And there’s lot of opportunities to do this. Virtually every international organization around the world is looking at some aspect of the cyberspace suite of issues. And therefore, there’s many opportunities to build consensuses in those multilateral organizations, but also bilaterally with all of the partners we have all over the world, and have a constructive dialogue around this.
There are many things coming up. There’s the OECD – there’s an OECD meeting on high-level principles with respect to the internet, policy making principles. That’s in June. There’s the G-8 that’s coming up in – very soon, next week, where President Sarkozy has made the internet one of the core aspects of that meeting. There is the conference that Foreign Minister Hague of the UK has called for at the end of the year to discuss some of these norms of behavior. But there’s multiple different forums where we can carry this forward.
And I think there are two other aspects of this. We’ve often looked at this issue in the past as being a technical issue or a security issue or a speech issue. And looking at it holistically, looking at all these things together, does what the Secretary said when she spoke on this on Monday; it really creates a new foreign policy imperative. This is really a new foreign policy area and a priority, not just for the United States but around the world. In part, the creation of the office that I have by the Secretary just two months ago, the coordinator for cyber issues, was meant to do exactly what this strategy talks about: to bring together all these different areas in the State Department and engage globally with our partners in trying to realize this vision. So that’s one important thing we’ve already started to do.
What the Secretary said in her speech was that this is – one of the core ways we achieve this vision is through diplomacy, through patient, persistent, and creative diplomacy. And that’s exactly what we need to do. Again, as she said, this is not a series of prescriptions, and that would be inappropriate. It’s not a series of prescriptions for the rest of the world. This is a series of priorities that we have of our vision, but a vision that we want to be a shared vision. And it is a – and we should not, and we are not, telling the rest of the world what to do. What we’re trying to do is get the rest of the world to join us in partnership around this document.
So with that – and I think you’ve all either seen or can see the document – it’s been posted now – I will open it up to questions, because I think that might be more interactive. So –
MODERATOR: And before we begin question-and-answer session, I just want to remind everyone to please state your name and media organization before going to your question. First, we’ll start with Lalit.
MR. PAINTER: I should add, I’ve been involved in doing – in some aspect of cyber issues now for over 20 years. I’ve been – I’ve had a long career in doing different aspects of this. And I really believe we’re at an inflection point right now where the decisions we are going to make over the next couple of years are really going to determine what this platform is going to look like over the next 10, 20, or 30 years. And I’ve also seen the ups and downs in cyberspace over those years and I’ve never been, I think, more optimistic or excited about the future of this technology and what we can do, and that’s why I think this vision in this document is so important.
QUESTION: Lalit Jha from Press Trust of India. I have three small questions. As a coordinator for cyber security issues, can you give us a sense of the level of cooperation or coordination U.S. is having with India in this area?
MR. PAINTER: So first of all, it’s a coordinator for cyber issues writ large, so security is part of that, but it also includes all those other issues that are talked about in the strategy. And that’s important because the Secretary understood that this had to be an integrated vision as well.
But we’ve had great cooperation with India. We’ve had meetings with – we’ve had many meetings with Indian officials in various different fora, including at the White House level. And we’ve – and I’ve participated in those meetings. I think we have lots more meetings coming up. I think we have very good cooperation with India, and that’s something we want to build on and expand.
QUESTION: And secondly, how does this policy addresses the issue of the use of internet as a tool for recruitment of terrorists, which al-Qaida does, Lashkar-e Tayibba does. A lot of Americans have been recruited. How – it’s just a global thing and it’s a dangerous use of internet.
MR. PAINTER: So the strategy does include both protection from crime and protection from terrorists using this technology to communicate and plan, et cetera. That is part of our approach. That’s part of the world’s approach to this. We don’t want terrorists to flourish. So that is part of this. It doesn’t get prescriptive. As I said, it doesn’t get into the individual details. This is a higher-level document, but it is something that’s addressed there.
QUESTION: And the most important thing: How does it addresses the issue of access to internet where, like people in Iran or in China, where the government of the day blocks the internet or access to them is limited? There’s a censorship. How do you address those things (inaudible)?
MR. PAINTER: Well, I’m not going to address any individual country, but I will say that access to the internet and the free flow of information are core values for us and core values we think will benefit the entire world, because that, I think, openness really promotes social growth, promotes innovation. We are – that is a core value that’s spelled out here. Access is one of the principles that we talked about, norms that’s very important. That’s something we’re going to carry forward on, so that’s something that we feel really strongly about. And the Secretary herself is – in both of her speeches before this document has made that clear.
QUESTION: Lisa Carlsson, Swedish television, and I would like you to talk a little bit more about where cyber command comes into this picture. You’re talking about free flow, cooperation, and so forth and so on, but I mean, must be one part that is not kind of outside that?
MR. PAINTER: So I mean, one – the strategy, as I said, deals with all these different issues. So one of the issues it deals with is the military. I mean, I talked – it doesn’t – it includes that, and the sweep of different issues are included. And as you know, cyber command is stood up primarily as a way to make sure that the military’s networks are more secure, but also to make sure that we have the capabilities if needed.
What the strategy says about this is that – about the military – is to recognize and adapt to the military’s increasing need for reliable and secure networks, build and enhance existing military alliances to confront potential threats in cyberspace, and expand cyberspace cooperation with allies and partners so we have better collective defense. That is really what cyber command is meant to do. It’s only part of our government, obviously. It is part of an integrated effort with all the other things that are going on in this area.
MODERATOR: Next, Maggie, do we have any questions in the queue?
OPERATOR: No, we have no questions in the queue. I would like to remind our telephone participants that you need to enter *1 to enter the question queue. Thanks.
MODERATOR: So we’ll go over here.
QUESTION: Grigorv Asmolov, Channel 9 Israel. There is an ongoing discussion between the United States and Russia about the question of international treaty for cyber security. My question is how the new strategy addresses the idea of making an international treaty for cyber security?
MR. PAINTER: So I think we’ve been very clear that we have the Budapest Convention, which deals with cyber crime. That is, we think, the most important instrument. That is an example, for instance, of a norm. One of the principles we set out in the strategy is protection from crime, and the norm is the legal framework that gets you there, and that’s what the Budapest Convention does. And more countries are joining, are acceding to the Budapest Convention all the time.
We don’t believe you need a – or this is – the time is ripe for a treaty to deal with, in the case you’re talking about, cyber weapons, so-called cyber weapons. There are lots of reasons for that. First, as the strategy sets out, we need to have the discussion, we need to build the consensus about what the rules of the road should be in cyberspace, what those norms, as we call them, are. That’s an ongoing process. We’re in the early days in having that discussion. That includes, what are the – how states should behave with respect to each other. It also includes confidence-building measures to make sure that you de-escalate and you don’t misperceive what’s going on. But it also – but we have to have that conversation first.
The other problem with trying to think about a global treaty in this area is, what really is a cyber weapon? I mean, there – these are dual-use technologies; they’re used for all kinds of different things. There is a serious issue with respect to attribution in cyber space, there’s not real verification. All of these things, I think, make a treaty not make sense at this time, and that’s been our position for some time and I think that’s carried forward clearly in the strategy.
MODERATOR: Over here. If you want to come a little closer so the microphones can pick you up.
QUESTION: Hi. I’m Lauren McGaughy from Asahi Shimbun. It’s a Japanese newspaper. Going back to the China issue, I know you don’t want to talk about any specific countries, but how are you going to convince countries that we have very differing views with on the internet, in terms of freedom and access? And is that going to be more at a working level? Is it going to be integrated into other meetings, like S&ED or Human Rights Dialogue? Or is it going to be an (inaudible)?
MR. PAINTER: So the way we are – will do this, is that we will – it does not make sense not to engage with other countries. There are countries that have different views. There are countries that we, at least in the beginning, may not agree with, and they may not agree with us. But that does not mean we shouldn’t have constructive engagement with all the countries around the world, and indeed that is something that we’re doing. And to try to reach as much of a consensus and agreement as we can, and try to have an exchange of information; I think that’s very important.
Some of those will be in existing forums, some of those will be in new forums. I think that, as I said, as this becomes a foreign policy priority and something that is recognized not just in the United States but in other countries as well as something that is not just a technical issue but a policy issue, that will be folded into many existing and new forums. And there – I mentioned that there were all these different forums. Back two years ago when I worked on the cyberspace policy review when I was at the White House, we said there was something like 16 different international forums that were dealing with this issue. There are more of them now, but there are also bilateral and other relationships. So I think it’s important to have constructive engagement recognizing that we’re going to have differences.
MODERATOR: Maggie, any questions in the queue yet?
OPERATOR: No, the queue is empty.
MODERATOR: Okay. We’ll go to Tejinder.
QUESTION: This is Tejinder Singh from India Today Group. Do you feel that the – I have come from Europe around two years ago, so I was 20 years in Europe. So do you feel the U.S. has been slow in cooperation with Europe and other countries? Because in Europe, this was an issue that was always there, like, and the U.S. participation was very low.
MR. PAINTER: I think there’s been very much increased cooperation on this issue. Look, we’re not starting from a ground stop in this area. We have been doing a lot of work in all these different areas I talked about. For instance, there’s been a lot of work with Europe and other countries in terms of exchanging information with respect to computer emergency response and security teams, how you respond to incidents. There’s been a lot of law enforcement cooperation on cyber crime issues. There has been a lot of work around internet standards with European and other partners. So this document doesn’t mean we’re starting everything afresh. We are taking all of that and we’re leveraging it to really move it to the next level.
Particularly with Europe, about a year ago there was – for instance, there was a – out of the summit, the EU-U.S. summit, there was a commitment to have a working group dealing with cyber security issues, and that work has been continuing apace. So there’s been a lot of work with the EU on that issue. There’s been a lot of work with our European colleagues. One of the things, I think, that recognizes how this issue has become more important is – one thing I used to do and I have done for many years, was chair a G-8 high tech group that built a network of 24/7 contacts. And that included many of the European countries, and it actually included 50 countries from around the world, and I think that was important.
Germany now, I think – Germany, the UK, France, and others have all – are all looking at or have created positions like mine in their foreign offices, which I think is important. There has been a lot – I’m interested that your perception is there hasn’t been that level of cooperation, but I can tell you from my personal experience there’s been intense cooperation with Europe. So if that’s not apparent, if that’s not being seen, then we need to reverse that, because that’s certainly happening.
QUESTION: And just a quick follow-up. If there has been cooperation, then it is in last two years; I was not there. But at the Council of Europe, at the European Parliament, during the summits, there has been always cyber crimes, cyber security forums, in which the Europe has been very much involved with India. How far U.S. is tapping into that, because of the Indian cyber --
MR. PAINTER: Well, I can tell you, first of all, with the Council of Europe, I know we’ve participated in that because I’ve done it. So – and that was more than two years ago, on several occasions, and we actually were working on the Budapest convention, which was the Council of Europe Convention long before that. So we’ve been very tied in with the Council of Europe.
And with respect to working with India, I mean, I think, yes, we will continue – we’re going to continue that. As I mentioned earlier – to the question earlier, we’re going to continue close cooperation with India. So we are looking for partners throughout the world and we’re building on relationships we already have. And I think we have very strong relationships and are continuing to expand them throughout both Europe and Asia, South America, really all over. So this is not – again, it’s not something new, but it’s something that we’re building on.
And we’re trying to also do capacity building and other ways of reaching out in Africa and South America and Asia – other places we can do it, not just us but our partners. So --
QUESTION: Just a quick follow-up.
MODERATOR: Tejinder, we have other people who --
QUESTION: Oh, just a quick follow-up. I would like to know, because India is one of the countries which has the cyber power, like, we have all the time importing Indian brainpower. So is there anything that’s really on the table, not just talks?
MR. PAINTER: Yeah. I mean, look, talks are just a reflection of the fact that we’re talking about how we exchange information, how we try to cooperate in securing networks, for instance, in fighting crime, in reaching agreement about these norms and that norm development, that rules of the road development. That’s a global effort that requires countries like India to work together with us in reaching that result. So there’s been very robust cooperation around that. And I’ve also been to India – not recently but I’ve been there a couple of years ago – so we have – this is – and I’ve met with Indian officials here. so this is something we take very importantly.
MODERATOR: In the yellow.
QUESTION: This is Liliana Henao with Voice of America for Latin America. I’m wondering if you could be a little bit more specific as far as the strategy to try to engage with countries that don’t necessarily agree with the United States on this issue. Two clear examples in Latin America, Cuba and Venezuela, where the access to the internet is either limited, controlled, or censored. So how do you expect to try to engage them to talk and to come to an agreement where they – I mean, they clearly don’t see eye to eye.
MR. PAINTER: Well, I mean, I think we have to – as we go forward, we have to figure out how to engage all countries. We have been engaging South America, particularly through the OAS, for instance, as one of the regional organizations that we’ve been quite active in, looking at various aspects, all of the different organs of the OAS – SICTA, CITEL and RAMA – the various aspects of this. But I think we have to kind of look globally and find the partners we can and make sure that we can go forward, and I think we’re still looking at that strategy at this point.
MODERATOR: I think we have a questioner on the phone.
OPERATOR: We do. We have a questioner on the phone.
MODERATOR: Go ahead.
QUESTION: Hello. Freke Vuijst.
MR. PAINTER: Hello?
OPERATOR: Hi. Go ahead and ask your question.
QUESTION: Okay. Freke Vuijst from Vrij Nederland in the Netherlands. I have a question about the critical infrastructure which the President talked about last week. So much of that is in the hands of the private sector. Do you have a sense of that you want a kind of a universal approach to that, or maybe in the Western world the same approach to that, or do you expect that some countries will have much more, heavier regulation than the U.S. is proposing?
MR. PAINTER: So a couple of things. First of all, since you’re from the Netherlands I should congratulate the Netherlands for issuing its strategy recently on cyber security issues. And I was just in the Netherlands three weeks ago talking about some of these issues.
Second, one – when I talk about this not being just a U.S. approach or a U.S. Government approach, this is an approach which – and we spell this out very clearly here – also requires partnerships with the private sector, with NGOs, and with civil societies. So it’s not just a government way forward on this. In fact, the internet, the way the internet is developed, has been very much a bottom-up approach, where multi-stakeholderism has led to the innovation and the free flow of information we have today. And that’s something we want to preserve.
So I think we – one of the things that we’ve done, and we’ve done this for some time – is to try to work with countries to understand that there needs to be a very good and strong relationship between the government and the private sector. Now, to be sure, they will have different ways of doing that, but I think it’s very important for that partnership to be there, because as you say, most of the critical infrastructure is not owned and operated by the government; it’s owned and operated by the private sector.
So I think how that’s done is going to differ from country to country, but that partnership needs to be there. Increasingly, I think governments are seeing that as important and are doing that. And increasingly, industry is doing the same thing. One of the things I’ve done in my new job is I’ve spent a lot of time reaching out the private sector, to civil liberties and privacy groups and others, because we have to build that coalition.
QUESTION: Hi. My name is Adam Ouologuem. I’m with the African Sun Times. What’s the involvement of Africa in this initiative? So far you did not mention –
MR. PAINTER: So I think I –
QUESTION: -- any African countries you have visited and what Africa – what is –
MR. PAINTER: So I will be African countries in the summer as it happens, and you’ll hear more about that when we’re ready to talk about that. But yes, Africa is a key part of this. I mean, Africa is, I think, an example of the developed and the developing world because there are different – different countries in Africa are in different stages of development. And it’s particularly important as they’re looking at these issues, as they’re facing these issues, to see both what has been done right and what has been done wrong, and to try to realize this vision, because I think this vision will be very empowering for African countries.
So yes, it is important for us. There has been some work done in Africa in the past. There’s been some legal capacity building and other work done there. There are several countries in Africa that are looking at this issue and seeing the importance of it, different aspects of it. So yes, we very much believe Africa is an important part of the world for this purpose.
QUESTION: Africa has 64 nation, which – I’m from Mali. You know that activity is much present in Mali, in the northern part of Mali. And what of the – the main tool used by the terrorists is internet. So what do you have? Which country in Africa, because Africa is huge.
MR. PAINTER: So it’s – this goes back to trying – as we’re moving forward, as we’re taking this document as our signpost, as our blueprint moving forward, we are trying to figure out how best to reach out to all those countries. And one way we’re going to do this and one thing we’ve already done is we have sent this strategy to all of our posts around the world, all of our embassies around the world. One of the things – I’m relatively new to the State Department, although my first federal job 20 years ago in 1984 was at the State Department for a short time, for a summer – and one of the huge strengths is our posts around the world who – we’re asking them to designate people who are seized with this issue, who understand this issue, and it’s a multi-aspect issue. So it means they need to cooperate with other parts of the agency, but then to reach out the governments around the world and to talk to them. And that includes governments in Africa.
Another thing – another approach we’re taking because we want to maximize our impact here is also to try to do regional meetings, and we’re looking at doing one of those. And again, when that – when we can talk more about that, we certainly will and tell you what’s going on in that area. So that’s another way we’re doing it.
Another is as we deal with all these international fora, many African countries – in some cases all African countries – are represented in those fora. And that means it’s important for us to build those relationships there.
So that is happening across the board. I’m not – in all those different aspects, and we’re going to continue to do that and really step that up. I mean, one of the – again, this is a platform for us to build on, and we’re going to continue to do that.
QUESTION: Can you name one or two countries you will be visiting?
MR. PAINTER: I don’t want to do that now, but I can soon. (Laughter.) This summer.
QUESTION: I’m Julian Hattem with the Japanese Yomiuri newspaper. You said your position is relatively new, and there are counterparts, in Europe especially you mentioned, that have your same job. But are you worried about not necessarily a capacity of developing and maybe less friendly nations to the U.S. about kind of engaging with this dialogue and people to talk to?
MR. PAINTER: Capacity, meaning?
QUESTION: Like a focus on the issue and like a person with your –
MR. PAINTER: Look, I think the key to diplomacy, the key to achieving the goals we’re trying to seek, starts with engagement, starts with discussion, and as the Secretary said, persistent and patient and creative engagement and creative diplomacy. No, I think it’s good as more countries recognize this as something that is – that rises to a real policy priority that will affect almost everything in their lives, in the lives of their citizens, over the next few decades. And so I think that’s a good thing.
I think there was a clear recognition by the Secretary in creating the job I have, which is – as I said, this is new office – it’s created in the Secretary’s office – that’s trying to bring together all of what State is doing and leverage all that State’s doing. We have a small staff, but we try to leverage everything in our embassies and throughout the Department in all the both functional and regional bureaus around the State Department to bring this together. So I think that’s a good thing. I think the more attention to this, the better. It mean that the dialogue can be more constructive and be more informed.
MODERATOR: Do we have any questions in the queue, Maggie?
OPERATOR: No. Our queue is empty.
MODERATOR: Any further questions in the room? All right. Right here.
QUESTION: I’m Josh Smith with National Journal. You mentioned that you feel like what – decisions that will be made globally over the next couple of years will shape what the internet and what you think technology’s going to look like. Could you give some broad examples of what those specifics decisions or choices are, in regards to what you and other policy makers and companies are facing?
MR. PAINTER: Yeah. So I’ll give you a few examples. One is do we have an internet that has open standards and has a multi-stakeholder governance system, or do we have one that is vulcanized and doesn’t promote either the free flow of information or really innovation? Do we have countries around the world adopting the criminal codes that deal with this, for instance, that kind of a norm to punish criminal conduct and cooperate with each other, or does the cyberspace become more of a lawless sphere, which is not really promoting the growth that we want?
Do we have the kind of cooperation with respect to security, or is, again, that not made a priority, and that could be an issue? Do we have a common understanding of what the rules of the road are for state-to-state behavior, the norms that I talked about earlier, where you have – you’ve created an environment where states can rally around what is – what makes sense in this area? Can we build toward that, or will we not do that and it will be more chaotic? I mean, I think the business case is clear for why we want to go in this direction and why we need to build this consensus.
MODERATOR: Any further questions?
QUESTION: Just a quick one again. Do you have anything to add on what role WikiLeaks played in hastening up this cyber security of the U.S.?
MR. PAINTER: This is – we’re talking about a policy priority here. WikiLeaks is really – the Secretary dealt with that in her speech and she said that was her last word on that. That’s not what driving this. What’s driving this strategy is the recognition that cyber issues writ large, including cyber security, are a national priority and an international priority.
QUESTION: In my earlier question, what I was actually referring to was not the attendance of the U.S. at these forum, but not so much cooperation and openness with the other countries (inaudible).
MR. PAINTER: All right. And I guess, again, I would differ from you – I would differ from your view, in part based on my personal experience, where I think the U.S. has and will continue to be, and will step up its efforts to really work in these and other forums to find partners. That’s, I think, a core part of our vision.
MODERATOR: If there are no further questions here or in the queue, I think this event is concluded. Thank you, Mr. Painter, for coming and thank you all for coming to the Foreign Press Center.
