“How can cyber threats from states and governments be combated?”, asked one journalist from West Africa to Chris Inglis (the first US National Cyber Director and advisor to President Biden on cybersecurity) and Kemba Walden (principal deputy national cyber director, who previously served as assistant general counsel in Microsoft’s Digital Crimes Unit), who sit in the West Wing of the White House, in Washington, DC. It was on Monday at the kick-start of a Virtual Reporting Tour, “A Shared Responsibility: Prioritizing Public-Private Partnerships in Cybersecurity.” L’express was invited by the Washington Foreign Press Center to participate in the insightful on-therecord discussions. 

According to Inglis and Walden, the central point of cybersecurity is that “no one person, no one organization, no one nation can defend itself alone in a space that is uniformly shared by a collection of nations.” (This reminds us of the consortium that owns the SAFE cables at Baie-du-Jacotet). 

For obvious reasons, Cyberspace typically does not respect the boundaries that physical geography and nation states have set up so far, and therefore humanity needs to ensure that we’re building resilience across those cyber boundaries and defending the resilience of that digital infrastructure. People care about a secure digital infrastructure not for its own sake but because it delivers functions that we care about as individuals, as businesses, as societies, as governments or multilateral organizations. If we care about cyber for those reasons, then we need to stand back and appreciate what actually makes it up. Cyber has, of course, got a lot of technology in it. It’s the visible part. But people are also a part of cyberspace. “The choices that we as individuals make kind of dictate whether cyber is going to work out one way or the way. If we essentially exercise some diligence, we essentially attend to our roles to make proper use of cyberspace, we generally have good outcomes. If we’re complacent, if we’re not careful, if we perhaps become the weak link of cyberspace, it takes another course altogether.” 

And what if a breach happens? How does the global coordination work and how do you share information? How does information flow across the private sector critical infrastructures and within governments? 

*** 

Among the salient points of discussion, many pointed out that as the digital asset becomes more popular, so is the use of cryptocurrency to finance and facilitate cybercrime. More consumers, businesses, and governments are finding new ways to use cryptocurrency and recent cyber incidents have highlighted security risks and shortcomings. Participants discussed how digital assets can relate to national security threats, and how countries are working – or not working – with agencies, partners and allies to mitigate risks and improve international frameworks, capabilities, and partnerships to align and respond to risks. 

Ms Walden described how they operate at the Office of the National Cyber Director in Wahington, DC. “Cyber is, in fact, subordinate to trying to make effective and efficient use of the internet. Cybersecurity enables that process. But to get there, to make sure that we’re aligned with technology, people, and doctrine in filling those vulnerabilities, we have four principal outcomes that our office focuses on.” 1) The first is federal/national cohesion. 2) Ensure current and future resilience by design. “It is unlikely that anyone will get to zero risk in any context, so we need to make sure that we’re resilient and think forward…” 3) Align resources to aspirations to make sure that we are able to execute those actions that we are taking on in order to buy down cybersecurity risk. 4) Maintain active, effective publicprivate collaboration. “This is something slightly more than information-sharing. We know that the private sector, non-federal entities, academic sector – they all have a role to play.”

End notes: when we talk about cyberspace, we must insist on collective defence. By collective defence, we mean a call for active participation in the defence of critical networks, an operating model where we can bring our unique capabilities and expertise to make contributions to the defence of all. “Cyber is the gray space, always with an emerging threat from the adversary.” Next discussion : effective Cyber Diplomacy, Engagement in International Cyberspace and Security Cooperation. More to come...