Security Think Tank: Biden has a chance to renew cyber alliances
This article was first published in Computer Weekly
As President Joe Biden sets out his agenda for the next four years, we consider the opportunities for renewed international collaboration on cyber security, what aspects of cyber Biden should focus on, and ask how the industry can make its voice heard?
President Biden has outlined his objective to “work with our allies and friends to ensure the cyber rules of the road are made by democracies” and has a clear opportunity to drive renewed international collaboration on cyber security.
A turbulent period in international relations, recent nation state cyber threats including the SolarWinds attacks, and Covid-19’s demonstration of our dependency on digital infrastructure, all show the need for that international collaboration.
The new US administration faces a world of increasing cyber dependency but also the risk of increasingly divergent national approaches.
Other international players such as the EU are driving their own standards and restrictions which may differ or conflict with US approaches, creating the risk of a fragmented western cyber security response and infrastructure.
As the US is a dominant player in the digital economy, it should take the following steps to support cyber collaboration that strengthens the resilience and openness of global digital trade.
Continuing to work across global alliances
Presidential transitions always see tired old expressions about the “special relationship” being dusted off. Sadly, there is often much more expectation about the relationship on this side of the Atlantic than theirs. That said, the US and British authorities have always cooperated closely, with mutual respect.
Cyber attacks do not recognise the traditional geographical borders and therefore the US administration should continue, along with the UK, to work in the excellent bilateral collaboration we already have, to work across the Five Eyes’ community (which includes Australia, Canada, New Zealand, UK and US) and Nato to the benefit of all.
Collaborating with allies on joint responses
When the US works with allies, we see more effective upholding of the cyber “rules of the road” than when it acts alone. The administration should continue to drive the use of joint attributions on cyber activity, such as jointly holding rogue nations responsible for inappropriate conduct in cyber space, for example.
A joint attribution carries a lot more weight because it shows more than one country is prepared to call out another, and helps build the case for other partners to join in. The UK and US have an important role in continuing to work together to ensure that offending nations are held to account.
Driving an international approach on data transfers and privacy
2020 saw a global acceleration in national limitations and restrictions on cross-border personal data transfers, limitations which will increasingly affect private and public sector data links with the US.
The most well-known was the striking down of the EU-US Privacy Shield following the Schrems II ruling, but other national restrictions in Brazil, China, Turkey and others, have the potential to increasingly restrict the international flow and processing of personal data in the US.
International collaboration with allies to find an acceptable way to manage the cyber and privacy risks of cross-border transfers, in particular a replacement for the Privacy Shield, will allow these to continue and are clearly in the commercial and public interest of the US.
Leading the legislative agenda for emerging technologies
The public is increasingly aware of the risks. From bias challenges, to new cyber security threats and the benefits from greater efficiencies and automation of artificial intelligence (AI).
Internationally we have already seen publications from the European Commission on Ethics Guidelines and a proposed Data Governance Act which would regulate data use in these areas.
The US needs to act early at a federal level if it wants to drive the conversation and international standards, otherwise, as with data privacy, the US risks the standards being set by others.
Post-Covid-19 investment in innovation and cyber skills
Even before the pandemic, the West was facing an alarming digital skills gap, which has only been exacerbated by this crisis. Millions of people and a significant number of businesses lack the essential digital skills they need, which risks widening social divides and already has an estimated £63bn annual impact on the UK’s competitiveness.
The same can be said for the US and a joint focus on research and development (R&D) and innovation in cyber technologies could provide an important boost for both economies.
Supporting international capabilities to combat and reduce cyber threats
Cyber security is increasingly important to the effective running of business and the economy with the proliferation of cyber fraud and ransomware attacks. The US should continue to play a leading role in supporting firms in combating and preventing these threats, helping to build the support and skills nationally and internationally to reduce a global threat.
As with many criminal activities, action to respond to threats early will increase domestic security against them as they are likely to travel across borders.
The cyber industry already works to support these actions and can increase these efforts through collaborative bodies such as NIST and public-private engagement. Further international collaboration from the Biden administration will be in the interests of all players, including the US.