As Joe Biden vows to reclaim the US’s place on the world stage, the general forecast is that international relations are sailing into calmer waters. However, it is difficult to predict the specific direction that cyber security will take.
On the one hand, a more stable influence at the helm in the US potentially facilitates far greater levels of international cooperation and therefore a more integrated approach than has been evident over the past four years; but on the other hand, with a significant volume of internal issues to handle, the new administration may seek to put its own house in order first.
It should also be noted that while cyber security will undoubtedly be high on the agenda, of the $700bn allowed for national defence spending, only $9bn has been allocated to cyber defence, despite the plausible argument that the depth of feeling unleashed by Donald Trump arguably significantly increased the likelihood of an attack.
The pledge made by the new US government is widely welcomed, but there is much work to be done. Federal government figures suggest that only three in 1,000 cyber crimes are prosecuted, and cyber attacks are widely acknowledged to be the way in which nation states increasingly attack one another. State-sponsored actors may target a country’s infrastructure directly, causing power outages through attacking power companies, for example, or they may attempt broader, economic attacks on key businesses to depress markets, or exert their influence through striking at private companies.
Cyber crime is a global threat – controlling it effectively requires international pressure in order to hold nations accountable where necessary (countries that are unwilling to cooperate create safe havens for cyber criminals). This calls for greater collaboration on a global scale so that criminal activity can be investigated and prosecuted, hence the importance of the Biden administration’s commitment to investing in repairing international relationships.
Ideally, this will see renewed intelligence-sharing between the countries of the world. This activity broke down somewhat during president Trump’s term of office over fears that information shared would not be handled appropriately from a security perspective or, alternatively, might be used against the nations providing it at a later date. In fact, this lack of trust in the US using data “appropriately” dates back more than four years – for example, the Safe Harbour framework, introduced to dispel fears of data sovereignty in the wake of the US 2001 Patriot Act, was ruled invalid by the European Court of Justice in 2015.
In our increasingly data-driven economies, collaboration is also critical when it comes to protecting this data, and sharing it securely. Both activities depend on standards being applied consistently across international borders, and a more globally focused US will play a key role in enabling this and the legislative capability required to reinforce it.
The power currently exerted by Silicon Valley, and in particular GAFA (Google, Amazon, Facebook and Apple), is ringing ever-louder alarm bells.
Although the US has strong cyber defence capabilities, its own intelligence agencies have long declared that one of the country’s biggest threats is bad actors manipulating the general population through social media to create mistrust and unrest. This would appear to have been borne out by events in the final weeks of the Trump presidency – activities that, unchecked, also pose a global threat.
This will not be an easy problem to solve, but identifying the culprits and working with the social media companies to remove, block, and “unpromote” the content they produce will start to reduce the level of mistrust. It does, however, raise significant concerns around censorship and once more calls into question the editorial responsibilities that these corporations must assume.
The past four years saw the Trump administration maintain an aggressive anti-China rhetoric. The “US-China high-level joint dialogue on cyber crime” created by the Obama presidency in 2015 came to a halt while still in its infancy, closing the door on collaboration and improved transparency between the two giants.
The joint dialogue aimed to improve bilateral cooperation in order to bring greater efficiency and quality to requests for information and assistance when investigating cyber crime and other malicious cyber activities. Its wide-ranging remit included child exploitation, network protection, fraud and misuse of technology, and it represented an important step towards accountability for international cyber crimes.
It seems unlikely that Biden will bring China in from the cold immediately, but re-establishing the joint dialogue is an important step to ensure hostile activities can be tackled and is crucial for renewed international alliance.
The industry’s role
In tackling the global issue of cyber security, governments around the world are aided by initiatives undertaken in various areas of the public and private sectors where risk management standards and online forums have been developed. For example:
- The International Telecommunication Union created the Global Cyber Security Agenda, a global framework that aims to tackle growing cyber security challenges through dialogue and cooperation that enables an international response.
- The World Economic Forum’s Centre for Cybersecurity is an independent and impartial global platform created to foster international dialogue and community between the private and public sectors.
These highlight the role of the global cyber security industry, whose expertise provides it with the opportunity to make its voice heard. Organisations need to continue to promote the sector’s importance in safeguarding everyone, from individuals up to whole countries. Cyber crime needs to be reported to the masses and explained in a straightforward way, and every opportunity taken to help everyone understand the part they play in tackling the issue in a technology-driven world.
The areas discussed are wide-ranging, but the overall theme is that Biden needs to focus on rebuilding the bridges that may have been set on fire by his predecessor. Whether that is appealing to industry to build on the existing alliances, rejoining the conventions from international allies with joint policies, or reaching out to de-escalate international tensions with non-allies, it will set the tone to reduce the overall threat level.
Although this will not solve the cyber crime problem, having an outlook that is both global and more moderate will reduce the urgency and thus allow other measures to be deployed where they can be most effective.