The Global Conference on Cyberspace: Putting Principles into Practice

Christopher Painter is the coordinator for cyber issues at the U.S. Department of State. 

Last week I traveled to The Hague for the Global Conference on Cyberspace, hosted by the Dutch government. This was the fourth in a series of conferences, sometimes called the London Process because the series started in London in 2011, aimed at promoting practical cooperation across the broad suite of cyber issues, from security to economic development.

The conference drew high-level participation from Ministers and leaders from the private sector and civil society to discuss how an open, interoperable, secure, and reliable cyberspace supports international trade and commerce, strengthens international security, and fosters free expression and innovation. I was pleased and impressed with the overall maturity and sophistication of the international conversation.

I participated on a focus session on international peace and security where we discussed the clear need for practical measures to promote international stability in cyberspace. We welcomed developments in 2013, when the UN Group of Governmental Experts (GGE)—a group that included representatives from China, Germany, India, Japan, Russia, and other cyber powers—agreed to a consensus report, which  included a clear affirmation that international law is applicable in cyberspace. The question now is what measures of self-restraint states should implement to promote international stability in cyberspace.

In addition to the policy discussions, the Dutch launched an important initiative called the Global Forum for Cyber Expertise (GFCE), designed to foster discussion and coordination of international cyber capacity building efforts. This forum is critical, because we need fully capable international partners across the range of diverse issues.

I’m proud that the United States is a founding member of the GFCE, along with over forty other governments, companies and international organizations. We have long prioritized capacity building efforts, and we’re excited that the GFCE will help us to better coordinate our efforts with other projects.

As part of the initiative, I’m pleased to announce that we have submitted several specific capacity building initiatives.

First, in partnership with the African Union Commission, we have a project to promote a culture of cybersecurity on the continent by developing the policies, legal frameworks and organizational structures necessary to improve cybersecurity due diligence and effectively combat cyber crime.

Second, in partnership with Japan and Australia, we have a project to enhance the capacity of Southeast Asian countries to prevent and respond to cyber crime in a holistic, sustainable manner.

Third, in partnership with Canada, we have a project to increase understanding of cyber threats worldwide and to empower all citizens to be safer and more secure online.

Finally, in partnership with the African Union Commission and Symantec, we announced the idea to produce a report that collects and presents detailed technical data on cybersecurity threats and trends in Africa. GFCE members are welcome to contribute to any report that is produced and to mutually benefit from the expertise and information shared.

This conference provided a good opportunity to affirm the principles that guide our cyberspace policies, such as openness and security. And we invite other countries and peoples to join us in realizing this vision. But our Dutch hosts advanced the conversation beyond principles, to focus on practical efforts to realize the goal of an open and secure Internet. The projects we, and the other GFCE founding members, have announced should provide tangible benefits.

We call on governments, the private sector, civil society, and end-users to reinforce these efforts through partnership, awareness, and action.