EWI Vice President Greg Austin

Greg Austin and Franz-Stefan Gady wrote this piece for New Europe.

“Cyberspace today is like the Wild West. It does not enjoy the international community’s setting of basic agreements, rules and procedures.” This is how EastWest Institute President, John Mroz, stated the problem at the opening of an international consultation on cybersecurity at the European parliament on 17 February.

The international regulation associated with defending information security and modern levels of network and internet connectivity is dismally poor. And this is in spite of high quality definition of what needs to be done. It is both urgent and essential to forge new international mechanisms of collaboration and awareness-raising for a multitude of cybersecurity problems.

The sorry state of diplomatic efforts to date can be seen almost daily in newspapers around the world with Russia and China typically being painted as villains, when according to the experts convened by EWI, the picture on the ground may be very different. The main threats are likely to be non-governmental and more globalized. Africa – with almost no international regulation of internet services – was identified as a major potential source of new threat. A straw poll of the 45 international participants in the consultation showed more feared the United States as a source of cyber attack than feared Russia or China. By contrast, leading United States intelligence figures have recently revealed their fears that the country could lose a cyber war if attacked.

The controversy about the right next steps to begin to bring “law and order” to cyber world has been evident through the Institute’s discussions on many occasions. At the Brussels consultation it was all too visible in disagreements even amongst Europeans about the authority to be accorded policy frameworks canvassed in a report by a high level experts appointed by the International Telecommunications Union (ITU).

So if the UN’s international framework for governing global connectivity cannot reach agreement, then what are the next steps?  More importantly, who will lead? Here are the initial conclusions from EWI’s work.

• Breakthrough solutions will require the effective integration of technical, business, legal, defense and international policy competencies on a level that has not happened so far
• Current diplomatic assets assigned to the problem are inadequate to the task and reflect a lack of political commitment at high levels
• The commercial drivers for building security into network equipment, networks and services are not adequate.  This is the result of a lack of consumer awareness of the risks and a lack of leadership and commitment from those in control
• There needs to be a clear and agreed definition of "cyber peace" and cyber security
• States are thinking too parochially about their online security to collaborate on crafting global cyber regulation.

There was a clear agreement at EWI’s consultation that Track 1 diplomacy on worldwide cybersecurity is not working well and practically non-existent at the strategic level. One delegate argued that, “We are quickly running out of time. Technology is developing at such a rapid pace that policy makers are playing a catch up game. Politicians and technical experts are not talking to each other.”

The results of the meeting in Brussels confirmed the view that new Track 2 efforts are needed to stimulate the much needed and overdue breakthroughs at official level.

In May 2010, a group of Texans will help to make that happen. Leading corporations, like AT&T and Dell Services, both headquartered in Texas, have joined the effort led by the EastWest Institute to bring a new cooperative spirit and practical progress to the “lawless cyber world”. At that meeting in Dallas, through 36 hours of deliberations, some 400 people from around the world will try to forge practical new mechanisms for official action and the new private-public partnerships that are needed to help secure cyberspace.

But the process does not start nor finish in Texas. EWI is working with leading governments (United States, Canada, Russia, China, India) as part of a new group called the “Cyber 40” (the top 40 countries in the field) to stimulate fresh action in this domain on a continuing basis. Leading media organizations, like the Financial Times and this newspaper, New Europe, are supporting the effort.

International harmonization of national approaches will be important. Another field of cooperation must be ‘authentication requirements’ (electronic signatures). Authentication has been plaguing policy makers in almost all countries but certain leading states have diametrically opposed views.

“Geek diplomacy” is here. Are the diplomats ready and engaged with a view to positive results?