Cyberspace Cooperation

Before moving to EWI, he provided programmatic and policy leadership to the cybersecurity mission at the U.S. Department of Homeland Security. He became Deputy Under Secretary for Cybersecurity in 2013.

What reflections do you have on your most recent role in the public sector?

I guess I’d say three things. First, I found it to be a great honor to serve in the historic first term of the Obama administration and to be able to advance the objectives of the Department of Homeland Security, which were to create a safe, secure and resilient place where the American ways of life could thrive. Just the honor of being able to be part of that team was very good. The second piece was that it was fascinating because we were working on cyberspace, and we will talk some more about why cyberspace and cybersecurity are such fascinating areas. And the third piece is that it’s very challenging. Homeland Security is a new, young agency. It’s only ten years old. It is still finding its way on how to operate and to set down its corporate culture and that kind of thing. So that was challenging, to operate in a very fluid environment.

Who did you work for?

I worked with Secretary Janet Napolitano and her team. 

And what was she like?

She’s a great manager and a great administrator with a real sense for people and what makes them tick.  She will do well as the head of the University of California system.

What were some of the greatest challenges?

When I left Homeland Security, I was the Deputy Under Secretary for Cybersecurity, and one of the biggest challenges is that responsibility for cybersecurity has not really been allocated. In every other domain of our life, we know who is responsible for security. For example, in terms of my personal belongings, I am responsible for locking the door of my apartment, and the police are responsible for dealing with street crime. That’s obviously a division of responsibilities between citizens and the government. 

It’s not clear who is responsible for protecting assets in cyberspace. Is it companies? Where does that responsibility stop? Where does government come in? We are not, as a society, comfortable yet with a very active role of government in cyberspace because it deals with people’s personal information and their speech. So that makes it difficult to make progress. And, even within government, the role certainly is not clear. What is the role of the Defense Department? What is the role of Homeland Security? Getting things done can be difficult when you are also trying to figure out who is responsible for getting it done. 

How did that position and your previous ones prepare you for your work at EWI? 

My work history is about half time in government and half time in the private sector. EWI brings governments and the private sector together. I think my depth of experience in both those parts of society will help me understand the strengths and weaknesses of each—where they can be the most helpful to our goal of creating a safer and better world.

I also had—both in the private sector side and the government side—a fair amount of international experience. I ran the International Y2K Cooperation Center, which had about 120 countries. I ran my own company, McConnell International, which had an international set of clients. 

As EWI’s 4th Cybersecurity Summit is fast approaching, what are some of the key objectives?

I think this summit is like many of the things that we do at EWI. We convene, reframe and mobilize. We are convening people from all over the world, and we want to get them together to talk. But we are not just a “talk tank.”

Equally important is the reframing of some of the key issues that we are discussing in cybersecurity through the breakthrough sessions that are scheduled, to actually roll up our sleeves and get resolution on some of these tough policy issues. 

And finally, to mobilize the people who are present and their connections to go forth from the conference with some achievable action plans. We are going to continue to do work in fighting spam, in securing global telecommunications, and, hopefully, start moving to reduce the amount of malicious hacking. Those are some of the key areas.

Why is its location in Silicon Valley so important?

It’s related to what I was speaking to earlier—the roles of government and the roles of private-sector responsibilities are not clear when it comes to cybersecurity. One of the reasons is that in cyberspace  government doesn’t have a monopoly on power. Netizens have cyber power. And, of course, large IT companies like Microsoft and Google have power in cyberspace. Silicon Valley is the seat of that private sector cyber power. It’s also the global center of IT innovation. That’s why it’s very exciting that we are having the summit there.

How will EWI help foster public-private partnerships to achieve a safer and better cyberspace around the globe?

At the summit we are convening, reframing and mobilizing the public and private sector. The other thing we are going to do at the Summit is begin to socialize the transformation of EWI’s cyber efforts. 

We have had a focus over the past five years primarily on cybersecurity, but it has now become obvious that you can’t solve the problem of security in cyberspace without solving two other problems. The question of who runs cyberspace—governance, and the question of equity in terms of insuring that everybody in the world can benefit from the economic growth that cyberspace and cyber technology is creating. 

There is thus a development aspect of it with regard to the global South vis-à-vis Western dominance of cyberspace. At the summit we will start socializing the idea, that in 2014, EWI will be expanding its coverage of issues in cyberspace to recognize that you can’t deal with security by itself, you have to deal with these other issues—institution building in the governance area and equity in terms of the overall development of the Internet. 

M3AAWG has been fighting online abuse for the past decade with the development of industry best practices and by facilitating global collaboration, such as a continuing outreach program in India and past support of anti-spam best practices in China," said Chris Roosenraad, M3AAWG Co-Chairman.

"We thank EWI for recognizing the importance of groups like ours working within the international community to share the expert knowledge that will protect end-users worldwide," Roosenraad added.

The institute honored M3AAWG for its crucial role in protecting the viability of email and other messaging applications. EWI cited the organization and its members' invaluable support of the Fighting Spam to Build Trust policy report, which urged China-U.S. cooperation in reducing spam. A New York Times editorial praised the report and recommended it as important reading material for Presidents Barack Obama and Xi Jinping prior to their meeting this past spring.

With member companies from Asia, Europe, North America and South America, M3AAWG works against bots, malware, spam, viruses, denial-of-service attacks and other online exploitation. It represents more than one billion mailboxes from some of the largest network operators worldwide.

Karl Rauscher, EWI's distinguished fellow and chief technology officer, said: "It's very fitting that M3AAWG should receive EWI's Cybersecurity Award. Their groundbreaking work on making the web safer has impacted all of us around the globe." Rauscher also praised M3AAWG follow-up work on fighting spam in China and developing regions around the world.

M3AAWG members will be leading sessions at EWI's 4th Cybersecurity Summit in Silicon Valley on November 5-6. For more information on the summit and to register please visit: http://cybersummit.info.

Cai noted that the Internet is "a major driving force" in China's economic transformation, but that the country faces enormous cyber threats. "More than 80 percent of Chinese Internet users have fallen victim to cyber attacks," and more than 20,000 China-based websites were "modified by hackers," he said, causing severe damage to the economy.

Cai's proposals included using the framework of the United Nations to help define the rules of the road in cyberspace in a way that protects the interests of all parties; exploring "effective means to tackle urgent problems...such as cyber attacks, viruses and cyber terrorism;" and creating "communication channels to facilitate international cooperation."

"The United States and China are Internet giants," Cai said. "We share many common interests and there is enormous scope for cooperation." He pointed to the closing down of the biggest Chinese-language pornographic website, the Sunshine Entertainment Alliance, as the result of successful cooperation of the police forces of both countries.

But Cai rejected the notion that the national norms no longer apply in cyberspace. "The Internet is global, but at the same time it belongs to different countries," he said, calling for everyone "to show respect for national sovereignty in cyberspace."

In subsequent panels, top cyber experts pointed to encouraging signs of progress in international cyber cooperation, although pointing out that it is still far from adequate.

EWI Distinguished Fellow Latha Reddy, the former Deputy National Security Advisor of India, vowed: "India will enhance global cooperation" on cybersecurity. Christopher Painter, the U.S. State Department's Coordinator for Cyber Issues, hailed recent efforts to bring the policy and technical communities together in solving problems, and recent U.S.-Russia cooperative efforts. "No one wants a cyberspace that is a source of constant conflict," he said.

But conflict and tensions remain. Dirk Brengelmann, the Commissioner for International Cyber Policy of the German Foreign Ministry, pointed out that for Germans human rights are closely connected to "privacy'--alluding to the recent spying revelations.

Scott Charney, Corporate Vice President of Microsoft added: "There is so much rhetoric about about government-to-government cooperation, and at the same time they may be attacking each other."

In partnership with the Stanford Institute for Economic Policy Research at Stanford University and the IEEE Communications Society, EWI also sponsored "breakthrough" groups that built on the work of previous summits. Topics included: Optimizing Policy for Secure Cloud Enablement; International Critical Infrastructure Protection; Emergency Preparedness for the Financial Services Sector for International Crises in Cyberspace; and Acts of Aggression in Cyberspace. The first day of the conference also featured a special presentation on Measuring the Cybersecurity Problem, a just-released report by EWI.

Following the successes of the previous annual summits in New Delhi, London and Dallas, this conference brings together an international group of cyber experts, leaders and practitioners from both the private and public sectors. During this two-day event, participants have the opportunity to address critical security areas where international policy has failed to make progress and propose new solutions.

Other key speakers include Michael Chertoff, Chairman and Co-Founder of the Chertoff Group and former U.S. Secretary of Homeland Security; Steven Chu, Nobel Prize winner and former U.S Secretary of Energy; Joseph S. Nye Jr., Harvard University's Distinguished Service Professor; and former dean of the Kennedy School. Ellen Richey, Chief Enterprise Risk Officer, Visa; William J. Perry, Michael and Barbara Berberian Professor at the Freeman Spogli Institute for International Studies, Stanford University; George P. Shultz, Thomas W. and Susan B. Ford Distinguished Fellow, Hoover Institution, Stanford University; and John L. Hennessy, President, Stanford University.

In his opening remarks, EastWest Institute President John Mroz declared: "Our 4th summit is a place where honest frank discussion must take place to improve our global cybersecurity."

The recommendations of the Silicon Valley summit will be pursued over the course of the next year, forming the basis for discussions at the 5th Worldwide Cybersecurity Summit that will be held in Europe in 2014.

We are tweeting about the summit under #cybersummit2013. The full agenda and other information is available at www.cybersummit.info.

Click here to view the full transcript of Minister Cai's keynote address.

Click here for the Chinese transcript of Minister Cai's keynote address.

Following the successes of the previous annual summits in New Delhi, London and Dallas, this conference will bring together an international group of cyber experts, leaders and practitioners from both the private and public sectors, representing 40 countries. During the two-day event,participants will address critical security areas where international policy has failed to make progress and propose new solutions. A just released EWI report, Measuring the Cybersecurity Problem, exponentially for businesses and governments around the world. This will be a major topic of the summit.

Featured speakers include Michael Chertoff, Chairman and Co-Founder of the Chertoff Group and former U.S. Secretary of Homeland Security; Steven Chu, Nobel Prize winner and former U.S. Secretary of Energy; Joseph S. Nye Jr., Harvard University's Distinguished Service Professor and former dean of the Kennedy School; Kamlesh Bajaj, CEO, Data Security Council of India; Ellen Richey, Chief Enterprise Risk Officer, Visa; William J. Perry, Michael and Barbara Berberian Professor at the Freeman Spogli Institute for International Studies, Stanford University; George P. Shultz, Thomas W. and Susan B. Ford Distinguished Fellow, Hoover Institution, Stanford University; and John L. Hennessy, President, Stanford University.

In partnership with the Stanford Institute for Economic Policy Research at Stanford University and the IEEE Communications Society, EWI is sponsoring "breakthrough" groups that build on the work of previous summits. Topics include: Optimizing Policy for Secure Cloud Enablement; International Critical Infrastructure Protection; Emergency Preparedness for the Financial Services Sector for International Crises in Cyberspace; and Acts of Aggression in Cyberspace. The conference will also feature a special presentation on the findings of a joint China-U.S. paper on harmful hacking as well as an in-depth look on international cooperation in fighting cyber crime.

For the full summit agenda and other information, click here.

McConnell says that though Alexander was a "grounding-breaking visionary," shaping the future of cyberspace as a military and intelligence domain, "the policy and political implications of his vision have proven to be his major blind spot."

"Keith was the right choice for the the combined job," McConnell continues. "Now, the posts should be split. History teaches that the consolidation of authority across defense and intelligence lines can be dangerous, and this is particularly true in cyberspace."

Click here to read the full article in GovInfo Security. 

Co-authors Zhou Yonglin, director of the Internet Society of China, and Karl Rauscher, distinguished fellow and chief technology officer at EWI, stressed that the hacking issue is "a serious challenge for the future friendship and prosperity of China and the United States."

The co-authors also stated in the report that both countries "are so close in their integrated reliance on each other that each can easily do harm to the other-devastating harm." Based on a "Total Trust Management" system, the report proposes 10 actionable recommendations that, if implemented, will establish practical conversations and relationships that can gradually decrease tensions between the two countries.

This second report is the sequel to the co-authors' first bilateral report titled, Fighting Spam to Build Trust, which The New York Times editorial board referred to as recommended reading for Presidents Obama and Xi before their first meeting this past spring.

More than 300 participants from 40 countries are attending the EastWest Institute's 4th Worldwide Cyberspace Cooperation Summit in Silicon Valley.

Following the successes of the previous annual summits in New Delhi, London and Dallas, this conference has brought together an international group of cyber experts, leaders and practitioners from both the private and public sectors. During this two-day event, participants have the opportunity to address critical security areas where international policy has failed to make progress and propose new solutions.

The dinner that followed the first day's panels focused on "Future Cooperation in Cyberspace," providing attendees with a thought-provoking discussion with leading luminaries in the field. Chaired by former U.S. Secretary of State George Shultz, the panel also featured Steven Chu, former U.S. Secretary of Energy, and William Perry, former U.S. Secretary of Defense, and John L. Hennessy, President, Stanford University.

All of us must commit to a true dialogue so that we will avoid the arms races of the past. An arms race in cyberspace would be much worse and that's the last thing anyone wants," Chu said. "The technology is racing ahead and we don't know what to do about it."

"Arms races have the possibility of total destruction, whereas cyber attacks have the capability of total disruption," Perry stated.

Trying to end the lively discussion on a positive note, Shultz said, "We live in an age of advances and capabilities that no previous generations could have dared to imagine," But acknowledging the dangers coming from multiple sources, he added: "It is up to us reduce the incentive on the other side."

Final plenary sessions covered "International Cooperation in Fighting Cyber Crime" and "Success Stories and the Way Ahead."

Other key speakers throughout the two-day event included Latha Reddy, Former Deputy National Security Adviser of India; Michael Chertoff, Chairman and Co-Founder, Chertoff Group, former U.S. Secretary of Homeland Security; Shi Xiansheng, Vice President, Internet Society of China; Dirk Brengelmann, Commissioner for International Cyber Policy, Federal Foreign Office, Germany; Kamlesh Bajaj, CEO, Data Security Council of India (DSCI); John Hurley, Managing Partner, Cavalry Asset Management, Member, EWI Board of Directors; and Matt Bross, Chairman and CEO, IP Partners, Member, EWI Board of Directors.

_

Click here for the Final Version of the Authors and Experts Group. 

Click here for more information on the summit.

> Summit Media Coverage