Internet Governance Lab Joins Paris Call for Trust and Security in Cyberspace

The Internet Governance Lab joined over 650 signatories from across States, industry, and civil society on Monday in joining the Paris Call for Trust and Security in Cyberspace, the largest cybersecurity-focused, multi-stakeholder agreement in the world.

Launched by French President Emmanuel Macron at the 2018 UNESCO Internet Governance Forum in Paris, the Paris Call seeks to foster collaboration between States, the private sector, and civil society in protecting users’ rights and security online. In particular, the call outlines nine goals aimed at supporting an “open, secure, stable, accessible and peaceful cyberspace”:

  • Prevent and recover from malicious cyber activities that threaten or cause significant, indiscriminate or systemic harm to individuals and critical infrastructure.

  • Prevent activity that intentionally and substantially damages the general availability or integrity of the public core of the Internet.

  • Strengthen our capacity to prevent malign interference by foreign actors aimed at undermining electoral processes through malicious cyber activities.

  • Prevent ICT-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sector.

  • Develop ways to prevent the proliferation of malicious ICT tools and practices intended to cause harm.

  • Strengthen the security of digital processes, products and services, throughout their lifecycle and supply chain.

  • Support efforts to strengthen and advance cyber hygiene for all actors.

  • Take steps to prevent non-State actors, including the private sector, from hacking-back, for their own purposes or those of other non-State actors.

  • Promote the widespread acceptance and implementation of international norms of responsible behavior as well as confidence-building measures in cyberspace.

In a company blog post, Microsoft President Brad Smith wrote, “Today’s announcements came as part of the Paris Peace Forum, an event commemorating the centennial of the Armistice that brought an end to the First World War,” adding “As was the case a century ago, the nature of technology and warfare is changing. A century ago, governments and human institutions failed to adapt to the changing world. This century, we need to do better. With the help of clear principles, strong protection and a growing multistakeholder coalition, we can build on today’s milestones and continue to provide the world the strong cybersecurity it deserves.”

At DC CyberTalks, cybersecurity leaders call for robust cyber workforce, enhanced collaboration, and secure critical infrastructure

The annual DC Cyberweek, presented by CyberScoop, brought together more than 10,000 attendees to over a hundred community events last week. As one of the main events of the week, CyberScoop hosted CyberTalks, a daylong TED Talk-style conference focusing on cybersecurity featuring a wide range of influential cyber leaders from both government and private sector. Throughout each of the thirteen talks and interviews, the speakers highlighted current issues, priorities, and advancements in cyber today.

Three themes emerged throughout the day: an urgent need for a greater cyber workforce, more efficient collaboration between agencies and the private sector, and the need to build in cybersecurity into critical infrastructure.

For many of the speakers, the most pressing threat to longterm cybersecurity was not a particular foreign adversary but rather the difficulty of staffing the gargantuan cyber workforce necessary to stay ahead of an ever-expanding ocean of threats. Representative Mike Rogers stressed the shortage of workers in the government, where he said there are currently over 3000 cyber jobs vacant. Rogers explained that in the context of the federal workforce, government salaries cannot currently compete with the salaries offered by tech companies. Also addressing the growing cyber job market, Matt Olsen, Chief Trust & Security Advisor for Uber, made a case for greater commitment to cybersecurity expertise, stating that there will be 3.1 million unfilled cyber jobs by 2021. Bill Rowan, VP of Federal Sales at VMware said, “Let’s build our [cyber] workforce, not just at the federal level, but also in industry, at a national level.” Meanwhile, over half the speakers addressed the urgent need for a larger and more expert cyber workforce, with an emphasis on the need to attract young people to the field.

Goldy Kamali, Founder & CEO of Scoop News Group, gives introductory remarks at DC CyberTalks2019.

Goldy Kamali, Founder & CEO of Scoop News Group, gives introductory remarks at DC CyberTalks2019.

In addition to a larger workforce, several speakers discussed ongoing and sustained tactics towards cybersecurity efforts, both from a large-scale perspective as well as from the role of the individual. Suzette Kent, the Federal CIO at the Office of Management and Budget, proposed a shift in the way we thing about cybersecurity, from discrete one-off attacks to a constantly shifting “digital battlefront,” in which skirmishes are fought on a daily basis. Kent claimed, “We will win on this digital battlefront. We’ve proven that we can win.” Matthew Dunlop, VP and CISO at Under Armour, and Toke Vandervoort, SVP Deputy General Counsel at Under Armour, talked about making users into better “cyber citizens.” They stated a need for more effective cybersecurity training programs because 99% of errors are user mistakes. When it comes to practical application of defense strategies against cyberattacks, such as a ransomware attack, Gary Brantley, the CIO of the city of Atlanta, emphasized the theme of “preparing for the inevitable.” That it is not a matter of if, but when, the next cyberattack will occur, making it important to train a “muscle memory for disaster.”

As one way to address the battle against cyberattacks, many speakers underscored the need for better and more efficient collaboration, both within the government—between agencies—and the need for both industry and government to work together. To this end, Chris Krebs, the Director at CISA, discussed the need to pull together broader threat feeds to provide real-time advice. “Context is king,” said Krebs, explaining that information sharing is much more than compromise; rather, information sharing in appropriate contexts can make all the difference when dealing with a cybersecurity threat. This sentiment was echoed by other speakers who called for better methods of information sharing and establishing structures that increase the speed and quality of information sharing. Anne Neuberger, Director of Cybersecurity at the NSA, reiterated that it is essential for information to be shared quickly and in an unclassified way, adding that it is critical to work with the private sector, as “we all have pieces of the puzzle.”

A main concern regarding cyberattacks is not just the speed of the threat, but also the scale. Tonya Ugoretz, Deputy Assistant Director for the Cyber Division at the FBI, showed how sometimes the scope of cyberattacks are hard to comprehend. Ugoretz shared some numbers to try to capture the scale of cybercrime: in terms of business email compromise—which is only one type of common cybercrime—all 50 states and 157 countries have been affected, totaling losses of more than $26 billion globally. Additionally, ransomware attacks to date have cost $7.3 million with attackers targeting hospitals, schools, and first responders—those who can least afford to be offline.

In discussing the role of critical infrastructure in cybersecurity, many speakers stressed the need to directly build in cybersecurity at the infrastructural level, rather than adding it on later as an afterthought. Chris Johnson, Google Cloud’s Global Compliance Product Lead, argued that we are at a pivotal moment, as many companies and organizations are in the process of moving infrastructure. He explained that to achieve better outcomes in cybersecurity, there is a need for better “buildings”—that is to say, cybersecurity needs to be “built in, not bolted on.” Speaking to the importance of data resiliency, Teresa Shea, VP of cyberwarfare and mission innovations at Raytheon, explained that “it’s all about the data,” estimating that by 2025, the collective sum of the world’s data will be 175 zettabytes.

Similarly, Shea lamented the degree to which security struggles to keep pace with innovation, “We’re in a race to get our tech into place before the bad guys,” she explained, indicating that the ability to get the technology in place involves two key components: (1) taking tech into the backend process and (2) fixing current laws and policies, which have not kept pace with the telecommunications world. Here Shea emphasized the importance of “modernizing law and implementing it in dynamic ways.”

Overall, a key takeaway from CyberTalks was a call for greater collaboration between various government agencies as well as coordination with the private sector. Cybersecurity is an ongoing, daily issue and so there is a need for a larger, expert cyber workforce and an attention to engineering cybersecurity into critical infrastructure. As Grant Schneider, Federal CISO and Sr. Director for Cybersecurity Policy on the National Security Council, stated, when it comes to cybersecurity, “everyone has a role to play.”

NTIA Administrator Fiona Alexander Joins Internet Governance Lab as Distinguished Fellow

7AFD4BA8-E483-4218-8175-A49D288FA094.jpeg

The Internet Governance Lab is pleased to announce that Fiona Alexander, a Presidential Rank Award winner for her leadership at the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA), will be joining the Lab as a Distinguished Fellow in Residence for 2019/20. In addition to her fellowship with the Internet Governance Lab, Ms. Alexander will also serve as Distinguished Policy Strategist in Residence in the School of International Service where she will engage with students and conduct research on a number of Internet governance and technology policy topics.

Before joining AU, Ms. Alexander was the Associate Administrator for International Affairs at NTIA where she was the principal official responsible for the analysis, development, and execution of international Internet, cyber, and communications policy within the Executive Branch of the United States government. In 2017 she became NTIA’s sole winner of the Presidential Rank Award for her leadership in the two-decade effort to privatize the Internet’s domain name system (DNS). 

Ms. Alexander is a member of the High-level Advisory Group for the Global Internet & Jurisdiction Policy Network and was appointed by the United Nations Secretary General to the Internet Governance Forum (IGF) Multistakeholder Advisory Group.  She also co-led the Department of Commerce Internet Policy Task Force in its efforts to develop policy, norms and tools for commercial data privacy, online copyright protection, cybersecurity, and the free flow of information.  In her 18 years at NTIA, Ms. Alexander designed and executed a strategy for the successful election of the first woman in the 153 year history of the International Telecommunication Union (ITU) and negotiated principles for Artificial Intelligence at the Organization for Economic Cooperation and Development (OECD).

"When I think of policy and thought leaders who have both shaped ethically and understood well the global practice of internet governance, the first to come to mind is our extraordinary alumna, Fiona Alexander,” explains Internet Governance Lab Co-Director Dr. Nanette Levinson.

A graduate of American University’s International Affairs master’s program, Ms. Alexander began her career as an intern at the U.S. Information Agency (now part of the Department of State) where she worked on statistical analysis related to NATO expansion, among other issues. After two years as a consultant with Booz Allen Hamilton, Ms. Alexander began as a Senior Telecommunications Policy Specialist at NTIA in 2000 where she would go on to serve as a the chief government official tasked with shepherding the privatization of the DNS, a process that would be completed on October 1, 2016 with the formal transition of the DNS functions to the global multistakeholder community. “When the DNS was privatized, that was the end effectively of my internship project at NTIA internship,” explains Alexander of her celebrated tenure at NTIA.

Having successfully steered NTIA through this long and winding transition, Ms. Alexander arrives at AU ready to lend her expertise toward investigating some of the most pressing and consequential questions around the future of Internet governance, including the role of governments and efforts to construct guardrails for an Internet that has morphed in fundamental ways over the past 20 years.

 

Internet Governance and Communication Beyond Borders ICA Preconference

We are honored to be hosting and sponsoring this year’s internet governance ICA preconference: Internet Governance and Communication Beyond Borders, along with our co-sponsors ICA and the Global Internet Governance Academic Network (Giganet). Our conference will explore the most pressing and exciting issues in the field currently, drawing on expertise from leading global scholars.