Napolitano: U.S. and allies must improve info sharing on cyber threats

As cybersecurity grows in importance, the United States and its allies need to improve information-sharing and collaboration on cyber threats, Homeland Security Secretary Janet Napolitano said today. While the United States does share information about cyber threats with some allies via existing mechanisms such as the Five Eyes agreement, it does so on an ad ...

Wikimedia Commons
Wikimedia Commons
Wikimedia Commons

As cybersecurity grows in importance, the United States and its allies need to improve information-sharing and collaboration on cyber threats, Homeland Security Secretary Janet Napolitano said today.

While the United States does share information about cyber threats with some allies via existing mechanisms such as the Five Eyes agreement, it does so on an ad hoc basis. There is no specific structure for sharing cyber intelligence despite the fact that cyber threats and attacks crisscross international boundaries, said Napolitano after a speech on cybersecurity at the Center for Strategic and International Studies.

"Cybersecurity, first of all, it is inherently international, it respects no national boundaries," Napolitano said. "Second, there are no international protocols or frameworks on which to hang things. Thirdly, there is a wide disparity in technological capacity among different countries, so it's really an area that requires a lot of work, but the plain fact of the matter is we have to work internationally."

As cybersecurity grows in importance, the United States and its allies need to improve information-sharing and collaboration on cyber threats, Homeland Security Secretary Janet Napolitano said today.

While the United States does share information about cyber threats with some allies via existing mechanisms such as the Five Eyes agreement, it does so on an ad hoc basis. There is no specific structure for sharing cyber intelligence despite the fact that cyber threats and attacks crisscross international boundaries, said Napolitano after a speech on cybersecurity at the Center for Strategic and International Studies.

"Cybersecurity, first of all, it is inherently international, it respects no national boundaries," Napolitano said. "Second, there are no international protocols or frameworks on which to hang things. Thirdly, there is a wide disparity in technological capacity among different countries, so it’s really an area that requires a lot of work, but the plain fact of the matter is we have to work internationally."

As Killer Apps has reported previously, Pentagon officials have argued that rapid information-sharing between allies is badly needed to defeat cyber attacks since the cyber domain transcends national borders. Hackers in one country going after networks in another can often disguise their attacks to appear as if they are emanating from servers in a third nation. As Napolitano pointed out today, not all countries have the ability to detect cyber threats and attacks quickly. This means that a country whose servers are hijacked may not even know that it is hosting an attack.

"This is one area where there will needs to be a lot of work over the next, I will say months and years, it is not well developed yet," said Napolitano.

In addition to improving information-sharing with its allies, the United States is working to establish international "norms of behavior" in the cyber arena that are based on the law of armed conflict. These norms would define acts of cyber war, espionage, and crime and would establish what constitutes an appropriate response to such acts. However, these efforts are being held up by nations such as Russia and China, Pentagon officials say.

Here’s what Eric Rosenbach, deputy assistant secretary of defense for cyber policy, told Killer Apps about the matter last month:

"We look at cyber just like you would look at any other form of warfare or military operations," Rosenbach said. "So the law of armed conflict applies, and within that you can already interpret what would be acceptable in cyberspace. We don’t have a lot of case history to back up the customary aspect of it in international law, but we think that the framework is already there."

Russia and China are focused more on controlling citizens’ activities on the Internet rather than limiting attacks on nations’ critical infrastructure, he said.

"There are other countries, the Chinese and Russians in particular, that don’t think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."

Rosenbach went on to call this a "nonstarter."

"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn’t something we’re interested in at all," he said. "There are other areas — in particular, the theft of intellectual property — because that’s a major problem for the United States right now, where there are very different ideas about what’s acceptable and what’s not."

John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.

More from Foreign Policy

An illustration shows George Kennan, the father of Cold War containment strategy.
An illustration shows George Kennan, the father of Cold War containment strategy.

Is Cold War Inevitable?

A new biography of George Kennan, the father of containment, raises questions about whether the old Cold War—and the emerging one with China—could have been avoided.

U.S. President Joe Biden speaks on the DISCLOSE Act.
U.S. President Joe Biden speaks on the DISCLOSE Act.

So You Want to Buy an Ambassadorship

The United States is the only Western government that routinely rewards mega-donors with top diplomatic posts.

Chinese President Xi jinping  toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.
Chinese President Xi jinping toasts the guests during a banquet marking the 70th anniversary of the founding of the People's Republic of China on September 30, 2019 in Beijing, China.

Can China Pull Off Its Charm Offensive?

Why Beijing’s foreign-policy reset will—or won’t—work out.

Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.
Turkish Defense Minister Hulusi Akar chairs a meeting in Ankara, Turkey on Nov. 21, 2022.

Turkey’s Problem Isn’t Sweden. It’s the United States.

Erdogan has focused on Stockholm’s stance toward Kurdish exile groups, but Ankara’s real demand is the end of U.S. support for Kurds in Syria.