The Future of War?
Just as people expect government to defend the physical world, they also expect government to protect the cyber realm. Governments must have the means to hold criminals and non-state and state rogue actors in the cyber world accountable. They must be able to discover, attribute, and disrupt their actions. Governments must also create a resilient and robust digital infrastructure. These dual requirements are at the basis of a new policy in the U.S. known as the “Vulnerability Equity Process.” It evolved out of a series of discussions among U.S. government agencies and the private sector about how we can best protect and defend our cyber interests. The key tenets of this policy are transparency, accountability, and most important, informed dialogue. […] When cyber weapons are developed and implemented without consideration of the damage they can cause or the liability they bring, that impacts us all. The number of recent cyber incidents, in the past year alone, demonstrates the need for enhanced cooperation and a discussion of norms.
What is the correct response to these cyber incidents? Well, there are a number of answers to that question.
First, the United States is not afraid to call out countries and hold governments accountable. We have done that in identifying Russia as responsible for the deliberate NotPetya malware attack against Ukraine.
Second, the United States will use the tools of diplomacy and statesmanship. This includes sanctions as a response to cyber incidents.
Third, we will also use law enforcement. In 2014, the United States indicted Chinese military hackers. Earlier this year, thirteen Russians were criminally charged for interfering in the 2016 U.S. election.
Fourth, at times, our response will include cyber tools. One of the best tools we have to understand and get to the attribution of cyberattacks is our ability to hack back at the hackers.
Finally, we need to fight efforts by authoritarian states that use so-called “cybersecurity” arguments to lock down the Internet and repress their citizens.
And so, let me conclude where I began, with the need for increased cooperation. There are a number of ways we are using diplomacy to try to develop and implement the norms we need for a secure and prosperous cyberworld. And our efforts are stronger if we are united in our approach. That’s why the time invested in this Transatlantic Cybersecurity Dialogue, and in our broader ongoing transatlantic dialogue, is so important.
This text is adapted from Mr. Logsdon’s speech in Munich on March 15, 2018, at the Transatlantic Cybersecurity Partnership’s second conference.