The United States, being the world’s top cyber superpower, has recently established a Bureau of Cyberspace and Digital Policy (CDP). The mission of this initiative is to “encourage responsible state behavior in cyberspace and advance policies that protect the integrity and security of the infrastructure of the Internet, serve U.S. interests, promote competitiveness, and uphold democratic values”. Its roots lie in efforts by the previous U.S. administrations who have given paramount importance to the cyber domain. In 2011, the Obama administration announced the establishment of the Office of the Coordinator for Cyber Issues, which specifically focused on security issues in cyberspace, and was subsequently succeeded by the Trump administration’s Cyberspace Security and Emerging Technology Bureau, with a similar narrow mandate.
The establishment of the CDP was meant to create a new body with a broader mandate, covering not just security in cyberspace, but also the economic and humanitarian implications of participation in cyberspace, to be complemented by the work of a new special envoy for critical and emerging technologies. Through its International Cyberspace Security, International Information and Communications Policy, and Digital Freedom policy units, the CDP aims to tackle the development of stability in cyberspace, improvement of the digital economy, promotion of digital freedom, and advancement of global cyber capacities. The CDP’s formation was generally received positively, with discussions revolving around its role in topics such as the increase in ransomware attacks during COVID-19, and the potential role it can play in mitigating online consumer fraud.
The CDP begins its operations amid a critical time for the U.S. presence in cyberspace, with the Department of State’s modernization mandate in place, increases in cyberattacks against the U.S. critical infrastructure, the Russia-Ukraine conflict, and the leadership of the United Nations International Telecommunications Union in play next year. The U.S. aims to utilize this new bureau to shape and coordinate its digital and cyber policies, and strengthen its role in leading global discussions about cybersecurity and digital diplomacy. Through this initiative, the US also aims at preserving its technological competitiveness and comparative advantages in a “technology race” with other nations strategically investing in technologies e.g., AI , 5G, Blockchain, Quantum Computing, IoT, Cloud computing, etc.
More crucially, the formation of the CDP comes as a reminder for the global community to revisit sidelined discussions about cyber norm creation and setting expectations around responsible state behavior in cyberspace. Although great steps have been taken by the international community, with the adoption of a new set of norms by the United Nations Group of Governmental Experts on Advancing Responsible State Behavior in Cyberspace in the Context of International Security (which has concluded its work in 2015), and the United Nations Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security (which submitted its final report in 2021), adherence to the norms has been largely questioned or ignored. No consensus has been reached about what exactly constitutes cyberspace, or what the discussions about responsible state behavior in cyberspace are expected to achieve. Attribution for attacks in cyberspace continues to be a challenging and daunting task. On the other hand, cyber capacity-building is not emphasized and practiced enough in global discussions. Furthermore, distrust and conflicting priorities by different countries have hindered any notable progress cyber policy discussions could have achieved. Consequently, cyber incidents continue to inflict considerable damage to the global community.
Cooperation for trust- and capacity-building in cyberspace is essential, especially in the light of nascent issues plaguing virtually all states in cyberspace, such as increasing ransomware incidents and detrimental attacks against critical infrastructure. The creation of national mechanisms dedicated to the development of cyber policy similar to the U.S. CDP initiative can push nation states to align their cyber policies domestically first. By solidifying their stance on cyber policy issues, states can more effectively foster cyber diplomacy, engage in more fruitful discussions with other states, and strengthen their position in dialogues pertinent to cyber strategy. Moreover, with domestic mechanisms and cyber policies already in place, the work of international bodies, such as the newly-established United Nations Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies (2021-2025), or bilateral and multilateral engagements between countries will be more informed and more practical. Accordingly, efforts by nation states can be better coordinated to advance domestic and cross-border capacity-building, and ultimately create an open, safe, and resilient cyberspace.