Yesterday, I participated in the opening remarks at this year’s GLOBSEC Bratislava Global Security Forum, one of the largest foreign policy and security conferences in Europe. In my remarks I noted that at this year’s conference, much of the online world was included in traditional security topics such as global power shifts, military capabilities, and economic concerns.
The increased focus on cybersecurity is not a surprise, as countries today are increasingly dependent on technology for the core functions of their economy, defense, safety, and public healthcare. As a result, governments are under more pressure to develop and maintain capabilities for defense in cyberspace and reduce the risk to critical infrastructure. In the past year, we have seen an unprecedented number of countries, big and small, try to address those concerns by developing national cybersecurity strategies, proposing legislation to try and secure their core assets, and increase their spending in cyber warfare – for the first time investment in offensive capabilities has been openly talked about.
While it is encouraging that countries are paying more attention to cybersecurity, the increased militarization of the online world is a concerning trend, in particular because we lack “rules of the road” to guide nation state behavior in cyberspace. Left unchecked, these actions have the potential to drive military competition; fuel distrust over increasing cyber espionage; increase chances for conflict; and curb technical innovation.
A positive outcome of conferences such as GLOBSEC is that the informal dialogue on cybersecurity continues, and increasingly involves the private sector. While development of some of the norms on country behavior in cyberspace needs to be led by government, it is sometimes forgotten that many policies and the confidence-building measures that can enable effective cybersecurity practices are highly dependent upon the private sector. Global ICT companies, technical, and academic experts have long established technical best practices around cyber defense, often across competitive boundaries to support broader cyberspace security goals.
We have been on record for a long time in calling for improved international cybersecurity policies. For example, last year at the Seoul Conference on Cyberspace 2013, we outlined in a white paper, Five Principles for Shaping Cybersecurity Norms that should be incorporated in norms development. These principles include a call for cybersecurity laws, policies, and standards to be harmonized to promote greater understanding and collaboration across borders; greater transparency in government approaches to cybersecurity; an increased focus on collaboration across sectors and borders; common understanding of what constitutes proportionate responses in cyberspace; and a joint commitment to improving the security of the online ecosystem.
It is time for governments to begin work on a global, multi-stakeholder norms development process, and Microsoft stands ready to participate.
Senior Director, Global Security Strategy