Global Cooperation in Cyberspace 2018-2019 Action Agenda

President’s Letter

ince 2009, the EastWest Institute (EWI) has been engaged in promoting security and safety in cyberspace. From its early origins fighting spam and improving the resilience of undersea Scables to present-day work on encryption policy and norms of responsible state behavior, EWI’s Global Cooperation in Cyberspace program has hosted productive collaboration among government, industry, civil society and academia globally.

The program builds on a reputation for trust forged over EWI’s long history. Since 1980, EWI has been an independent, non-partisan international institution. Our board spans the globe: 40 percent of its members are non-U.S. Our institutional viewpoint avoids ties to any particular national agenda. We are thus enabled to perform an increasingly necessary role—private diplomacy—to complement and supplement more traditional official conversations. Working with the major cyber powers, we are doing just that.

Cyber is at the nexus of the greatest security threats the world faces. The cyber program is a crown jewel in EWI’s portfolio in terms of long- Cyber is at the nexus term importance and impact. Yet, the very innovation that creates so of the greatest security many efficiencies and connections is also a source of risk. Unproven technology contains vulnerabilities that malicious actors exploit. Roles threats the world faces. and capabilities for maintaining security and protecting freedom are muddied. The structure of the global economy is shifting on its axis. The cyber program is Social media connects us with our loved ones and provides platforms a crown jewel in EWI’s for disruptive disinformation. Cyber weapons destabilize longstanding international security arrangements. The divide among digital haves portfolio in terms of and have-nots remains significant; billions of users are expected long-term importance to connect to cyberspace over the next several years, creating new opportunities as well as societal vulnerabilities and risk, particularly in and impact. the Global South.

EWI’s international cyber team, led by Global Vice President Bruce McConnell, understands the scope and seriousness of these challenges. It recognizes that no single actor can bring about security and peace in cyberspace. It takes a concerted and collaborative effort to introduce the kinds of changes that the world urgently needs. Our team has set a course of leadership and partnership on that journey.

As EWI’s Chairman, Ross Perot, Jr. has stated, “The EWI Board will continue to strongly support the EWI Cyber program. It is a cornerstone program for the EastWest Institute.” Our external sponsors and partners are equally important. I invite all of you to join us, and to help us take the actions and achieve the goals described in this Action Agenda.

Cameron Munter, CEO and President

3 2018-2019 Action Agenda

Global Cooperation in Cyberspace: An Overview

The Global Cooperation in Cyberspace program seeks to reduce conflict, crime and other disruptions in cyberspace and promote stability, innovation and inclusion.

nsecurity and conflict in cyberspace persist. • Proliferation: Malicious code produced for The risk of major economic disruption, or a specific purpose escapes or is released Iof a violent geopolitical conflict escalating, into the wild and shuts down systems because of the use of cyber and information across the planet. weapons is high and has increased significantly • Devices: Millions of new consumer and in the past year. Many factors have led us into industrial devices, from toasters to traffic this predicament: lights, connect to the network transmitting their data unencrypted and without the • Attacks: States and their proxies, criminal ability for security patches to be applied. cartels, business competitors and • Automation: The ability to do things malicious insiders attempt, sometimes in manually is disappearing, and we risk concert, to get inside critical government, becoming hostage to platforms we cannot business and social media systems to control. collect information, compromise or steal identities or intellectual property, disrupt At the same time, innovation is accelerating, or destroy commercial and industrial bringing many benefits. Blockchain promises to processes, sow confusion and doubt, and transform multiple industries where trust in the deposit code for future malicious use. security of a transaction and its data is critical, • Complexity: Poorly-understood or including real estate, finance and law. Artificial -protected interconnections among intelligence and machine learning will free many systems produce unpredictable and from drudgery, although the new kinds of jobs unwelcome changes to data and for humans and the skills needed to do them processes, reducing confidence and trust are not yet evident. Remote video communica- in systems and in large institutions. tions will continue to support human connec- • Militarization: The militarization of tion and collaboration across time zones. cyberspace and the fragmentation of the Internet for the purpose of national security Yet, public and private organizations, and and domestic surveillance threaten to turn individuals, struggle to secure stored and pro- the most private and beneficial places in cessed information—in the cloud or locally—on cyberspace into war zones. extremely complex hardware and software 4 5 platforms riddled with vulnerabilities. National and our ability to forge trusted relationships and international governmental institutions can with adversaries and competitors. Our hardly keep up with technological change and interlocutors tell us that our efforts keep critical the disruptions it brings to the established order communications channels open, increase and to their own legitimacy. New governance understanding and reduce tension. approaches are needed—ways that use the smart, collaborative tools industry is provid- Similarly, our sponsors and partners—the ing—to make better decisions faster and with corporations, foundations, universities and more popular support. Rising major powers like nonprofit organizations listed at the end of this China and India, coupled with an Internet awash report—find our work valuable. Their contribu- in false news, influence operations, terrorist tions, both financial and substantive, sustain activity and hate content challenge the liberal our work and make it relevant. We are deeply consensus that has held sway and kept relative grateful for their continuing collaboration in peace since World War II. our collective efforts to improve the state of cyberspace. The EastWest Institute finds itself well-posi- tioned inside this mael- Workplan “Countering cyber strom. We are riding threats is a global the storm and making During 2018-19, EWI’s cyberspace program will headway – helping focus on reducing the risk of miscalculation imperative, requiring move the system to and escalation among major cyber powers by more solid ground with promoting improved defenses, limits on offense collective input and more stability, predict- and enhanced operational collaboration. We coordination. The onus ability and trust. EWI’s will use our time-tested “Convene, Reframe, specialty—building Mobilize” methodology to make progress. lies on the international collaborative trust community to establish networks—is ideally Improved Defenses suited to the task. We an inclusive mechanism reduce and prevent In cyberspace, offense remains an to regulate cyberspace conflict in cyberspace overwhelming advantage. The role of the cyber and other domains by defender is to reduce the likelihood of major and to ensure building trust among attacks, accidents or other incidents affecting cooperation among all diverse stakeholders, an organization’s most critical systems. with whom we work to Stronger defenses, including resilience in the parties involved.” develop and advocate face of inevitable disruptions, act as deterrents for practical middle- by increasing the costs and reducing or even road solutions often denying the rewards of attacking. John Hurley missing in other work. Managing Partner, Calvary Asset This involves working EWI’s work to improve defense focuses on four Management; Member, Board of directly with current areas: Directors, EastWest Institute and former government officials, business • Securing smart cities by helping senior city executives and civil officials address cyber-related risks when society leaders around deploying new networked technologies. the world, continually fostering durable connec- • Improving procurement policies to enable tions that are a force multiplier for our work and governments to evaluate objectively and the work of others. confidently the security implications of using ICT products and services. The public results of these collaborations are • Reducing cyber causes of nuclear highlighted later in this report. Our private instability by alleviating the effects of work among major cyber powers receives artificial intelligence and machine learning less publicity but is equally important. EWI is on nuclear command and control systems. well-respected by governments, companies • Strengthening cyber insurance as a risk and policy officials in China, Europe, India, mitigation tool by ensuring adequate Russia and the U.S. They eagerly interact with capacity in the marketplace. us in public and private settings because of the reliability of our independent analysis 6 Limits on Offense Enhanced Operational Collaboration

Cyber weapons have many benefits for Many relationships in cyberspace reflect attackers. They are cost-effective to use, hard underlying adversarial dynamics among parties. to detect and attribute, and can be launched Antagonistic relations are not limited to state- from great distances. For targets, they have on-state conflicts. Cyberspace exposes and had a history of being disruptive but generally exacerbates other fault lines in human society, non-lethal—although this may change. The well beyond national borders. downside for both parties outweighs these advantages as they create instability in four EWI’s approach is to promote cooperation ways: across borders and other societal divisions in order to ensure cyberspace can deliver more of 1. Stealth and non-lethality make them suit- its many benefits to everyone. able for disruptive use while staying below the threshold of use-of-force as outlined in EWI’s work to promote cooperation among international law. adversaries focuses on two areas: 2. The time it takes today to definitively attribute the original source of an attack is incon- • Working with governments, companies sistent with the need to respond promptly and human rights advocates to promote to security provocations from an adversary, balanced encryption management policies leading to potential miscalculation or unwar- that narrowly provide lawful government ranted escalation in a conflict. access to encrypted data while mitigating 3. Low barriers to entry in cyber warfare have the risk of unauthorized access and breach encouraged over 30 countries to build mili- of confidentiality. tary cyber commands, creating a prolifera- • Working with major cyber powers—both tion crisis that can make preemptive strikes publicly and privately—to develop plans attractive to smaller cyber powers. for an international cyber incident hub 4. Cyber weapons can be lost or stolen, em- to enable operational collaboration to powering malicious or irresponsible actors evaluate potentially significant incidents with the possibility of creating global havoc. before they lead to escalation.

Mankind has always reached agreements on More details on these efforts can be found on limiting the uses of new weapons. While those the pages ahead. agreements can be difficult to enforce, they create a normative baseline that increases stability and predictability through pressure from the global community of states to adhere to these norms. We need those limits in We convene discreet cyberspace today. The industry has recognized conversations across governments this challenge. Microsoft has proposed a Digital Geneva Convention, and Siemens’ Charter of and private institutions who might Trust has also proposed ten principles that are otherwise not meet. We help fundamental to secure the digital world. them reframe difficult questions EWI’s work to encourage limits on offense and devise win-win approaches. focuses on two efforts: We then mobilize support for the • Proposing and advocating for norms and processes for responsible behavior and results to make change happen, restraint through the Global Commission working through our extensive on the Stability of Cyberspace (see box on page 13). networks of key individuals • Identifying a set of balanced approaches in capitals and corporate that describe practicable, actionable measures to combat fake news and headquarters around the world. content restrictions within democratic, open societies.

7 Breakthrough Groups: Areas of Work Ubiquitous Secure, Resilient Systemic Risk and Encryption and Cities and the Cyber Insurance Lawful Government Internet of Things Access

Encryption is essential to The interconnected Internet Cyber insurance is a way Context, protect digital data and com- of Things affects all sectors for firms to transfer cyber Premise, munications. Yet it poses a of urban living—from public risk and to promote minimal Scope challenge to law enforcement safety to transportation and security baselines. However, investigation and prosecu- the electric grid. Designing increasing cyber dependency tion of crime and terrorism. cities with cyber resilience in and interconnection creates Middle-ground, risk-informed mind is key to withstanding the possibility of cascading, approaches are needed to disruption and ICT failure. systemic failure. Understand- narrowly provide lawful gov- Going forward, senior city ing these interactions is key ernment access to encrypted officials will own, and must to using insurance to mitigate data while mitigating the risk address, cyber-related risks cyber risk. of unauthorized access and when deploying new tech- breach of confidentiality. nologies.

2017 C R C C Accomplishments Released EWI report Encryp- Organized roundtables for Convened roundtables with tion Policy in Democratic ICT industry and city officials ICT and insurance experts Regimes: Finding Convergent to discuss cyber challenges to explore the insurance Paths and Balanced Solu- for smart cities and identified industry’s capacity to tackle tions and convened public solutions. Conducted expert systemic cyber risk. Assessed and private discussions with interviews and engaged in lessons from financial crises key government, civil society national and international and natural catastrophes and industry representatives forums to raise awareness regarding system stability and to promote constructive dia- about security and policy interdependency. logue and balanced solutions. challenges.

2018-2019 M R M R M Goals Conduct international out- Launch “Smart City Man- Conduct a working roundta- reach in capitals, civil society agers Guide” to provide ble to expand scope to more forums and corporate head- guidance and raise aware- international stakeholders. quarters in forms of talks and ness about security, privacy Recommend private sector workshops to disseminate and resilience in major world and government actions to and advocate for key findings cities. Anticipate emerging address policy and regulatory of the report, in particular, the international security impacts challenges of systemic risk recommendations and the of the rapid adoption of smart, through cyber insurance. CONVENE C EWI Delphi methodology. connected cities. Identify key technologies suitable for R REFRAME risk-reduction. Collaborate with partners to foster urban M MOBILIZE IoT security and resilience internationally. 8 Promoting Norms Increasing the Global Strategic Stability Balanced Approaches of Responsible Availability and Use of and Nuclear Risk to Fighting Fake Behavior in Secure ICT Products in the Age of News and Terrorist Cyberspace and Services Machine Learning Content

Destabilizing behavior by state Buyers of ICT must be able Artificial intelligence and Increasingly, terrorist content, and non-state actors in cy- to evaluate objectively and machine learning have the “fake” news, deception and berspace is accelerating, with confidently the security impli- potential to disrupt strategic influence operations have be- consequences and damages cations of using ICT products stability by undermining nu- come a critical disturbance in inside and outside of cyber- and services for their orga- clear command and control electoral processes. Enabled space. EWI, together with The nizational risk profiles. The systems. The consequences by social media platforms, Hague Centre for Strategic global ICT marketplace thrives need to be understood and adversaries have successfully Studies, is promoting norms on technological innovation mitigation measures put into exploited weaknesses in open and processes for responsible from sources worldwide. place. systems and societies, tar- behavior and restraint through Thus, objective risk-based geted core societal values and the Global Commission on standards must be adopted sowed uncertainty in societies the Stability of Cyberspace, a to safeguard innovation while and their governing institu- multi-stakeholder forum. enhancing cybersecurity. tions. Strengthening these processes and institutions New in 2018 by carefully designing limited C R M C R M measures and restrictions to The Global Commission Promoted EWI’s ICT Buy- counter these threats must developed and promoted a ers Guide in numerous be pursued in close collabora- call to state and non-state ac- international forums to raise tion with social media and tors to protect and avoid any awareness of global ICT Internet service providers. activities that would interfere supply chain risk. Advocated with the proper functioning of for principles for open, fair New in 2018 the public core of the Internet. markets and objective, trans- parent procurement requirements based on international security standards.

C R M C R M C R C R Design a new international Build on the EWI ICT Buy- Collaborate with an interna- Establish an international security policy architecture ers Guide to close the gap tional think tank (the Stock- multi-stakeholder work- for cyberspace and develop between existing technical holm International Peace Re- ing group. Identify a set of consensus norms to reduce standards and frame- search Institute) to conduct a balanced approaches that the danger from technical vul- works and government ICT series of exchanges between describe practicable, action- nerabilities in information and procurement requirements a group of international cyber able measures to combat fake communications technology, for cybersecurity. Identify and nuclear experts. Identify news and content restrictions protect electoral systems, action points for like-minded key challenges and mitiga- within open societies. Use EWI prevent the takeover of civilian global ICT vendors. Conduct a tion measures from both cyber dialogues to test and consumer devices for offen- working roundtable to discuss domestic and international exchange ideas. sive purposes, and discourage innovation and cybersecu- perspectives. offensive cyber activity by rity benefits from leveraging private sector entities. global supply networks while addressing national security considerations. 9 2018-2019 Action Agenda

Reports and Breakthroughs

EWI’s approach is to promote cooperation across borders and other societal divisions in order to ensure cyberspace can deliver more of its many benefits to everyone.

Advocating for Balanced Encryption Policy

n February 2018, the EWI Breakthrough Group on Ubiquitous Encryption and Lawful Government Access published a report, Encryption Policy in Demo- Icratic Regimes: Finding Convergent Paths and Balanced Solutions. The report issues recommendations on encryption policy designed to help find a balance between the legitimate needs of law enforcement and strong protections for digital information.

The report provides nine normative recommendations to ensure balanced encryption policy solutions that take into account the interests of law enforcement, privacy and human rights, commerce, and cybersecurity. In the report, EWI describes two sample policy regimes designed to enable authorized law enforcement access to the plaintext of encrypted data in limited circumstances, within a clear legal framework that is embedded with human rights standards, while mitigating the risk that third parties could gain unauthorized access to encrypted data. The regimes were formulated to highlight a key choice: enhancing law enforcement’s ability to access data through lawful hacking, or requiring companies to design their systems to anticipate requests for lawful access.

The report reflects the contributions of a wide range of international industry stakeholders, technologists, privacy advocates, law enforcement officials and others from Europe, India and the U.S. In 2018, EWI will focus on advocating for the principles in the report, to encourage policymakers to engage in grounded discussions to find realistic, balanced policy solutions.

Learn more at www.eastwest.ngo/encryption.

10 11 Embedding and maintain resilience in this developers to consider and address new, interconnected environment. critical challenges that come with Resilience with Billions of devices will be connected smart, connected cities and IoT. EWI to the Internet by 2020, and cities held two workshops and engaged Digitally-Connected connecting critical management in consultation with international Urban Environments systems—transportation, energy, experts and city officials respon- environment and public safety sible for cyber resilience and smart he EWI Breakthrough Group among others—to the Internet and city initiatives to gather insights and on Secure, Resilient Cities to each other, are part of this trend. feedback on what issues need to be and the Internet of Things is addressed in a useful resource for T This breakthrough group has been decision-makers. examining the potential benefits and risks posed by the integration working to develop a framework of the Internet of Things (IoT) into for city managers, city planners, Learn more at https://www. urban environments, and how to regional and national planners, poli- eastwest.ngo/info/secure-resilient- increase cities’ ability to create cymakers, builders, and real estate cities-and-internet-things. 12 Protecting the Public Core of the Internet

s part of its work to increase Africa and the U.S. The Com- in addition to the first meeting in the stability of cyberspace, mission also maintains a broad Munich. The work program for Athe EastWest Institute, spectrum of supporters includ- the GCSC’s first year focused on along with The Hague Centre for ing the Netherlands, Singapore, the topics of the public core of Strategic Studies, serves as the France, Estonia, Microsoft and the the Internet and the protection of secretariat of the Global Commis- Internet Society. critical infrastructures, culminat- sion on the Stability of Cyber- ing in the release of the “Call to space (GCSC). The Commission The Commission is supported by Protect the Public Core of the was launched at the 2017 Munich two constituent bodies: the Re- Internet.” The Call urges all state Security Conference by Dutch search Advisory Group (RAG) and and non-state actors to avoid Foreign Minister Bert Koenders as the Government Advisory Board. activity that would “intention- an international, multi-stakehold- The RAG links the GCSC with the ally or substantially damage the er forum to evaluate and propose wider research community and general availability or integrity of norms for state and non-state carries out research on critical the public core of the Internet, behavior in cyberspace. Its work areas pertinent to the Commis- and therefore the stability of aims to build on previous efforts sioners’ deliberations. To that end, cyberspace.” Incidents affect- to develop cyber norms and it is divided into four sections: 1) ing the Internet domain name complement the work of existing International Peace and Security system, certificates and trust, forums. of Cyberspace, 2) Internet Gov- Internet routing or communica- ernance, 3) Law, and 4) Technical tions cables could be examples The GCSC is chaired by former and Information Security. of activities to be avoided. The Estonian Foreign Minister Marina Commissioners began 2018 with Kaljurand and co-chaired by for- Since its inaugural meeting at a commitment to further develop mer U.S. Secretary of Homeland the Munich Security Conference this and other norms, including Security Michael Chertoff and in 2017, the Commission has reducing threats resulting from former Deputy National Security hosted four meetings. These technical vulnerabilities, prevent- Adviser of India Latha Reddy. The meetings usually take place on ing the use of consumer devices Commission emphasizes the im- the side of international cyber for offensive purposes, discourag- portance of a multi-stakeholder policy conferences which provide ing private sector use of offensive approach by engaging non-state opportunities for the Commis- cyber capabilities and protecting Above, experts in the creation of cyber sioners to seek engagement from election systems. from left: norms. The Commission consists outside experts as well as present Marina of 28 Commissioners who bring their work to the international Learn more at https://www.east- Kaljurand, Bill a wealth of government, industry, community through active par- west.ngo/norms, and on the Woodcock, technical, academic and civil ticipation in these forums. In 2017 GCSC website at Frédérick Douzet, Jeff society experience and perspec- the Commission met alongside https://cyberstability.org. Moss, Latha tives from Brazil, China, Europe, CyCon in Tallinn, Black Hat USA in Reddy and India, Israel, Japan, Malaysia, Las Vegas and the Global Confer- Samir Saran. Nigeria, Russia, Singapore, South ence on CyberSpace in New Delhi

13 2018-2019 Action Agenda

2017 Events

We reduce and prevent conflict in cyberspace and other domains by building trust among diverse stakeholders, with whom we work to develop and advocate for practical middle-road solutions often missing in other work.

Global Cyberspace best way to drive trust to solve global problems is for nations to reduce their adversarial posi- Cooperation Summit tions, regardless of their geographic location or economic status. The EastWest Institute, in partnership with the University of California, Berkeley Center for Unisys’ CEO Peter Altabef discussed how Long-Term Cybersecurity, hosted its seventh technologies not only facilitated urbanization Global Cyberspace Cooperation Summit in but also provided the opportunity to reinvent Berkeley from March 14-16, 2017. how cities approach public services. He envi- sioned the next step in this evolution as a move The summit brought together global leaders to from “smart” to “smart and safe” cities, where 1 2 define and address the obstacles and unique steps need to be taken to ensure the safety of challenges that must be overcome to foster co- digital assets and communities. This requires 7 8 3 operation in cyberspace. In keynote speeches, a balance between four factors: cybersecurity, 6 5 4 plenary panel discussions and breakthrough personal safety, health and infrastructure safety. group meetings, over 200 government officials, Critical to this endeavor is the consistent col- (1) Frédérick industry leaders, academics and civil society laboration between enterprises, institutions and Douzet and experts from more than 30 countries debated a governments. Katherine Getao, wealth of topics that make up the ever-evolving (2) Bruce W. ecosystem of cyberspace. The focus of the summit was on advancing McConnell, practical solutions in five key areas spear- (3) Latha Reddy, Katherine Getao, ICT Secretary at the Ministry headed by the respective breakthrough group (4) Francis Fukuyama, of Information Communications and Technolo- leadership in a series of workshops: securing (5) Samir Saran, gy of Kenya, opened the summit with a keynote the Internet of Things, balancing encryption (6) Peter A. Alta- address reflecting a view from the Global South, and lawful access to data, developing norms of bef, (7) Admiral where there remains a persistent divide as to behavior, improving the security of information (ret.) William A. how developing nations fit in the context of the and communications technology, strengthen- Owens, (8) Betsy cybersecurity dialogue. She noted a trust gap ing the resilience of critical infrastructure and Cooper. in three areas: supply chain integrity; “political fostering methods to mitigate systemic cyber engineering” or the use of social media to influ- risk. The first day of the event consisted of ence the citizen mindset; and the use of devel- workshops designed to promote detailed sub- oping nations as proxies in cyber attacks. The stantive exchange among international experts 14 15 16 on these five topics, expose a wide variety of perspectives and to discern where EWI can make a difference in promoting policy solutions. These conversations fed into the sessions on the second and third day, which involved a larger audience and aimed to test out some of the ideas generated in the workshops.

The summit thrived on the support and leadership provided by the program’s supporters—Microsoft, Huawei Technologies, Unisys, Sonus Networks, Palo Alto Networks, Qihoo 360, NXP Semiconductors, Cen- turyLink, VEON, The Hague Centre for Strategic Stud- ies and the William and Flora Hewlett Foundation—as well as by its partners—IEEE Communications Society, Munich Security Conference, The Open Group, Fudan University, University of New South Wales and the Center for Long-Term Cybersecurity, University of California, Berkeley.

Summit participants convened to further the work of five breakthrough groups:

• Ubiquitous Encryption and Lawful Government Access • Resilient Cities and the Internet of Things • Increasing the Global Availability and Secure Use of ICT Products and Services • Systemic Risk and Cyber Insurance • Promoting Norms of Responsible Behavior in Cyberspace 1 2 Plenary panel sessions included: 3 4 11 12 13 5 How to Cooperate in Cyberspace? 10 9 8 7 6 Experts from Cambodia, Germany, the Netherlands, Russia and the U.S. agreed that to foster collaboration, (1) Anatoly cyber dialogues need to be part of global diplomacy Streltsov, (2) between nations since no one actor can ensure the Marina Kaljurand, security of the cyber environment alone. (3) Andy Purdy, (4) John Hurley, Young Cyber Leaders Look Ahead (5) Hao Yeli, (6) Eli Sugarman, (7) Dimitri Voge- Five young professionals and academics outlined laar, (8) Aaron and shared their thoughts on a range of issues facing Clark-Ginsberg, cyberspace today and in the future. (9) Robert N. Campbell, Breakthrough Group Outcomes and (10) Jonah Force Hill, Kamlesh Next Steps Bajaj and Scott Charney, Breakthrough group representatives reported on (11) Maria Sme- results from workshop sessions, focusing on proposed kalova, (12) Paul next steps. A distinguished panel then posed ques- Nicholas, (13) tions and shared its insights to help refine the direc- Sally Long. tion of each breakthrough group. Further information on the 2018-2019 work plan can be found on page 8.

17 Tech+People: Securing the to encrypted data. The roundtable Future Connection also featured a series of short talks on unique aspects of cyberspace including Industry leaders explored how devel- telling stories about cyber, a concept of opments in technology and security “home ownership” in cyberspace and would impact people, processes and the hacker mindset. business models in the next five years. The panelists emphasized increased security through innovative thinking. Bilateral and With authentication measures that tie Multilateral Dialogues devices to people, more secure devices and business models will be possible. In 2017, the EastWest Institute contin- ued its longstanding engagement on Special Session on Election Russia-U.S. relations by hosting a meet- Systems Security ing of Russian and American officials, academics and industry representa- Following a contentious election in the tives to discuss ways to cooperate on U.S., journalists and researchers dis- cyberspace related issues and ease cussed cyber threats to electoral pro- growing tensions. This Russia-U.S. cesses and suggested potential ways High-Level Dialogue on Cyberspace governments and private companies Cooperation met in October in Brus- might work together to address them. sels, and examined three critical issues: Discussants concluded that both politi- norms of state behavior in cyberspace, cians and journalists bore responsibility cyber crime investigation and preven- to combat the many threats—from tion, and terrorist use of the Internet. cyber attacks on voting infrastructure EWI remains committed to finding to domestic and foreign disinformation new and innovative ways these two campaigns—facing elections. countries can work together, even in the face of the mistrust that is currently pervasive in their relationship. Palo Alto Progress 1 3 In November 2017, EWI, in partnership 2 Roundtable 11 4 with the Vivekananda International Foundation and the China Institute 10 12 13 5 Building upon the successful discussion at the Berkeley summit, the cyberspace for International Strategic Studies, 9 8 7 6 program hosted its annual strategic co-hosted the Joint China-India-U.S. Trilateral on Cyberspace Cooperation (1) Zhang Bei, review at a working roundtable in Palo Alto in September 2017 at the William in New Delhi. This first-ever trilateral (2) Liesyl I. Franz, dialogue on cyberspace between the (3) Davis Hake, and Flora Hewlett Foundation. During (4) Jeff Moss, this meeting, 40 members of EWI’s world’s three largest Internet popula- (5) Karsten Geier, international network of fellows, corpo- tions assembled a diverse group of (6) Lea Kaspar, rate leaders, technologists, academics cyber experts, business leaders and (7) Udo Helmbrecht, and civil society advocates reviewed the government officials to discuss the (8) Ray Dolan, breakthrough group work to ensure it most immediate common concerns (9) Robert Holley- between the countries. Over the man, (10) Sami continues to accelerate global action on cyberspace issues. course of two days, this group exam- Nassar, (11) Shen Yi, ined ways to cooperate when tackling (12) Kan Channmeta, (13) Bill Woodcock. The roundtable reviewed the core cyber crime and other cyber incidents, work of the breakthrough groups and promote strategic stability and develop offered an opportunity for the program norms of behavior in cyberspace. The to receive external input on each work group produced actionable recommen- area. City officials provided insight on dations, including multilateral mecha- addressing security and safety in IoT- nisms for public-private cooperation, connected cities, and experts engaged increased use of regional forums, in an in-depth workshop on balancing CERT-to-CERT cooperation and pro- cybersecurity, civil liberties and the motion of already accepted norms of need of law enforcement for access cyberspace behavior. 18 19 2018-2019 Action Agenda

How Can You Participate

Join a High-Level Community of Cyberspace Cooperation Leaders and Make Change Happen

he EastWest Institute welcomes select corporations and other Who Can Benefit Torganizations to join the Global Cooperation in Cyberspace program, where they can influence the global conversation and shape actionable Companies and organizations recommendations at the leading responsible for the creation, opera- edge of this rapidly changing field. tion and expansion of the Internet and the development and operation We offer a range of benefits to our of ICT products and services—manu- partners in the cyberspace commu- facturing, logistics, finance and critical nity—tapping into a global network of infrastructure organizations—are cyber experts, technologists, legal and invited to sponsor our work. Benefits regulatory experts, and developing and to your company include: shaping key policy developments, taking part in private cyber dialogues and Sitting at the table with the policy and in international networking opportuni- business decision-makers shaping the ties to showcase thought leadership. global future of the Internet. Gaining up-to-the minute market and policy intelligence. “I think that in a lot of these instances, our governments Taking advantage of high-level networking and new business opportunities. are not going to solve these issues. The impetus, the imperative, Raising your company’s profile and enhancing its reputation. is on responsible companies in the world to collaborate The summit and ongoing breakthrough group dialogues enable you to showcase and figure this out.” your thought leadership with speaking platforms and white papers. —Admiral (ret.) William A. Owens CO-FOUNDER, RED BISON ADVISORY GROUP LLC; CHAIRMAN, BOARD OF DIRECTORS, CENTURYLINK; Key civil society organizations and MEMBER, BOARD OF DIRECTORS, academics can offer their thought EASTWEST INSTITUTE leadership and broaden their networks and perspectives. 20 Events Calendar

Systemic Risk and Cyber Insurance Washington, D.C. Why EastWest Working Roundtable January 2018 Institute Global Commission on the While other organizations contribute Stability of Cyberspace Lille to the field through publication and Co-hosted by The Hague January 2018 research, EWI advances thought Centre for Strategic Studies leadership into action. To increase security and stability in cyberspace, Munich Security Conference Munich perspectives from government, cor- February 2018 porations and civil society beyond the Cybersecurity Roundtable West must come to the table, including China, India, Russia, East Asia Global Commission on the and the Middle East. EWI is uniquely Stability of Cyberspace Bratislava effective because it does not take the Co-hosted by The Hague May 2018 position of any government or com- Centre for Strategic Studies pany. Instead, the institute develops and advocates for practical measures that reflect the knowledge of Joint China-India-U.S. Beijing engaged experts from the world’s Trilateral on Cyberspace major cyber powers. Cooperation June 2018

Learn More Global Cooperation Palo Alto in Cyberspace September 2018 EastWest Global Vice President Bruce Progress Roundtable McConnell is available to answer your questions at +1 212 824 4138 or [email protected]. Global Commission on the Stability of Cyberspace Singapore Upon request, current sponsors and Co-hosted by The Hague September 2018 other participants will provide their per- Centre for Strategic Studies spective on how they have benefitted. Global Commission on the EastWest has offices in New York, Stability of Cyberspace Fall 2018 Brussels, Moscow and San Francisco. Co-hosted by The Hague Our board of directors and network Centre for Strategic Studies of engaged fellows and experts spans over 50 countries, including China, Russia-U.S. High Level Dialogue Fall 2018 India, Japan, Korea, Pakistan, Russia, on Cyberspace Cooperation the U.S. and much of the Middle East and the EU. 21 Board of Directors

OFFICE OF THE CHAIRMAN Matt Bross (U.S.) Anurag Jain (U.S.) Chairman and CEO Chairman Ross Perot, Jr. (U.S.) Compass-EOS Access Healthcare Chairman EastWest Institute Robert N. Campbell III (U.S.) Gen. (ret) James L. Jones (U.S.) Chairman Founder and CEO Former U.S. National Security Advisor Hillwood Development Co. LLC Campbell Global Services LLC Former Supreme Allied Commander Europe R. William Ide III (U.S.) Maria Livanos Cattaui Former Commandant of the Marine Corps Counsel and Secretary (Switzerland) Chair of the Executive Committee Former Secretary-General George Kadifa (U.S.) EastWest Institute International Chamber of Commerce Managing Director Partner Sumeru Equity Partners Dentons US LLP Michael Chertoff (U.S.) Executive Chairman and Co-Founder Haifa al Kaylani Amb. Cameron Munter (U.S.) The Chertoff Group (Lebanon/Jordan) CEO and President Former Secretary of the U.S. Department Founder and Chairperson EastWest Institute of Homeland Security Arab International Women’s Forum Former Ambassador Embassy of the United States to Pakistan David Cohen (Israel) Sezgin Baran Korkmaz (Turkey) Chairman CEO F&C REIT Property Management SBK Holding CO-FOUNDERS Joel H. Cowan (U.S.) Zuhal Kurt (Turkey) John Edwin Mroz† (U.S.) Professor Chairman of the Board Former President and CEO Georgia Institute of Technology Kurt Group EastWest Institute Addison Fischer (U.S.) Gen. (ret) T. Michael Moseley (U.S.) Ira D. Wallach† (U.S.) Chairman and Co-Founder President and CEO Former Chairman Planet Heritage Foundation Moseley and Associates, LLC Central National-Gottesman Inc. Former Chief of Staff Stephen B. Heintz (U.S.) United States Air Force President MEMBERS Rockefeller Brothers Fund Karen Linehan Mroz (U.S.) President Peter A. Altabef (U.S.) Hon. Steven S. Honigman (U.S.) Roscommon Group Associates Chairman and CEO Counselor Unisys Information and Infrastructure F. Francis Najafi (U.S.) Technologies, Inc. CEO Hamid Ansari (U.S.) Pivotal Group President and Co-Founder Dr. Hu Yuandong (China) Prodea Systems, Inc. Chief Representative Amb. Tsuneo Nishida (Japan) UNIDO ITPO-China Professor Tewodros Ashenafi (Ethiopia) The Institute for Peace Science at Chairman and CEO John Hurley (U.S.) Hiroshima University Southwest Energy (HK) Ltd. Managing Partner Former Permanent Representative of Cavalry Asset Management Japan to the United Nations Mary McInnis Boies (U.S.) Counsel Amb. Wolfgang Ischinger Admiral (ret) Boies, Schiller & Flexner LLP (Germany) William A. Owens (U.S.) Chairman Chairman Sir Peter Bonfield (UK) Munich Security Conference Red Bison Advisory Group LLC Chairman Chairman of the Board of Directors NXP Semiconductors Ralph Isham (U.S.) CenturyLink Managing Director GH Venture Partners LLC

22 Sarah Perot (U.S.) Ivan T. Berend (Hungary) Amb. Maria-Pia Kothbauer Director and Co-Chair for Development Professor (Liechtenstein) Dallas Center for Performing Arts University of California, Los Angeles Ambassador of Liechtenstein to Austria, the OSCE and the United Nations in Vienna Laurent M. Roux (U.S.) Francis Finlay (UK) Founder and President Former Chairman William E. Murray† (U.S.) Gallatin Wealth Management, LLC Clay Finlay LLC Former Chairman The Samuel Freeman Trust Mike Sarimsakci (Turkey) Hans-Dietrich Genscher† (Germany) Founder and President Partner Former Vice Chancellor and Minister of John J. Roberts (U.S.) Alterra International, LLC Foreign Affairs of Germany Senior Advisor American International Group (AIG) Ikram ul-Majeed Sehgal Donald M. Kendall (U.S.) (Pakistan) Former Chairman and CEO Daniel Rose (U.S.) Chairman PepsiCo Inc. Chairman Security & Management Services Ltd. Rose Associates Inc. Whitney MacMillan (U.S.) Amb. Kanwal Sibal (India) Former Chairman and CEO H.E. Dr. Armen Sarkissian (Armenia) Former Foreign Secretary of India Cargill Inc. President Republic of Armenia Kevin Taweel (U.S.) Mark Maletz (U.S.) Founding President Chairman Former Chairman, Executive Committee Eurasia House International Asurion EastWest Institute Former Ambassador of Armenia to Senior Fellow the United Kingdom Alexander Voloshin (Russia) Harvard Business School Former Prime Minister of Armenia Chairman of the Board JSC Freight One (PGK) George F. Russell, Jr. (U.S.) Leo Schenker (U.S.) Non-Executive Director Former Chairman Former Senior Executive Vice President Yandex Company EastWest Institute Central National-Gottesman Inc. Chairman Emeritus Amb. Zhou Wenzhong (China) Russell Investment Group Mitchell I. Sonkin (U.S.) Secretary-General Founder Managing Director Boao Forum for Asia Russell 20-20 MBIA Insurance Corporation

Thorvald Stoltenberg (Norway) NON-BOARD COMMITTEE DIRECTORS EMERITI President MEMBERS Norwegian Red Cross Jan Krzysztof Bielecki (Poland) Hilton Smith, Jr. (U.S.) CEO Liener Temerlin (U.S.) President and CEO Bank Polska Kasa Opieki S.A. Chairman East Bay Co., LTD Former Prime Minister of Poland Temerlin Consulting

Emil Constantinescu (Romania) John C. Whitehead† (U.S.) CHAIRMEN EMERITI President Former Co-Chairman Institute for Regional Cooperation and Goldman Sachs Martti Ahtisaari (Finland) Conflict Prevention (INCOR) Former U.S. Deputy Former Chairman Former President of Romania Secretary of State EastWest Institute 2008 Nobel Peace Prize Laureate William D. Dearstyne (U.S.) Former President of Finland Former Company Group Chairman Johnson & Johnson Berthold Beitz† (Germany) President John W. Kluge† (U.S.) Alfried Krupp von Bohlen und Former Chairman of the Board Halbach-Stiftung Metromedia International Group † Deceased 23

Voices of the EWI Network

“A Safe City is a balance and combination of four “The developed and factors: Cybersecurity, developing worlds maintain personal safety, health stark differences in security, and infrastructure resources, power capacity security.” and cultural influences. This —Peter A. Altabef “If you want to be both is a reality that sometimes CHAIRMAN AND CEO, UNISYS; efficient and successful in creates a trust gap, even MEMBER, BOARD OF DIRECTORS, EASTWEST INSTITUTE addressing cybersecurity on issues pertaining to you have to employ cybersecurity.” a multi-stakeholder —Katherine Getao “When you look at approach that emphasizes ICT SECRETARY, MINISTRY OF the future it is super active cooperation INFORMATION COMMUNICATIONS AND TECHNOLOGY OF KENYA exciting. But we’re also between governments and entering a new phase the private sector.” where private sector —Marina Kaljurand “The planet is shrinking, companies are increasingly CHAIR, GLOBAL COMMISSION ON old institutions are dying THE STABILITY OF CYBERSPACE; on the front lines of cyber FORMER MINISTER OF FOREIGN and elites are being conflict.” AFFAIRS OF ESTONIA challenged. We must find —Paul Nicholas new ways to cooperate SENIOR DIRECTOR, TRUSTWORTHY and collaborate across our COMPUTING, MICROSOFT “India is a very special differences. East West, case. We both have the North South, developed second-largest connected and developing.” “Models that exist outside community in the world of the government but and the largest number —Bruce W. McConnell GLOBAL VICE PRESIDENT, leverage multi-government of unconnected people EASTWEST INSTITUTE resources are exactly the anywhere.” types of new structures —Latha Reddy and frameworks that DISTINGUISHED FELLOW, EASTWEST “Territorial boundaries are EWI has helped to create INSTITUTE; FORMER DEPUTY set by the international NATIONAL SECURITY and build.” ADVISOR OF INDIA; CO-CHAIR, agreements. There are no GLOBAL COMMISSION ON THE agreements that would —Davis Hake STABILITY OF CYBERSPACE SENIOR FELLOW, set the boundaries in EASTWEST INSTITUTE cyberspace.” —Anatoly Streltsov DEPUTY DIRECTOR, INSTITUTE OF INFORMATION SECURITY ISSUES, MOSCOW STATE UNIVERSITY 24

“This summit is truly remarkable not only for the “Both the public and fact that it has gathered private sectors should be so many specialists and raising public awareness experts with diverse about risks in the data backgrounds representing connected world.” “It’s both the polarization different corners of the —Kamlesh Bajaj that uses technology to world, but also for the DISTINGUISHED FELLOW, undermine trust, and the variety of sessions offered EASTWEST INSTITUTE fact that technology has and depth of debate been working the other providing for viable results.” direction, to polarize “The sheer number —Maria Smekalova, people.” COORDINATOR, RUSSIA-U.S. DIALOGUE of entities, individuals, ON CYBERSECURITY PROJECT, components and services —Francis Fukuyama RUSSIAN INTERNATIONAL AFFAIRS OLIVIER NOMELLINI SENIOR FELLOW, COUNCIL (RIAC) that go into making ICTs FREEMAN SPOGLI INSTITUTE FOR is mind-boggling, and INTERNATIONAL STUDIES; MOSBACHER with that comes a huge DIRECTOR, CENTER ON DEMOCRACY, DEVELOPMENT AND THE RULE OF “The building of increase in supply chain LAW, STANFORD UNIVERSITY cyber-qualified human and cybersecurity risks.” resources is still the main —Sally Long challenge for Cambodia. “How do we ensure that FORMER DIRECTOR, It is our main pillar.” THE OPEN GROUP TRUSTED the gains we’ve made TECHNOLOGY FORUM through the proliferation —Kan Channmeta SECRETARY OF STATE, MINISTRY OF of this inclusive and useful POSTS AND TELECOMMUNICATIONS “We are helping to build a medium – the Internet OF CAMBODIA community of knowledge. – are not lost due to We want to investigate the growing salience of “We need a security foundational questions native politics across the architecture that is about things that seem world, which is targeting appropriate for the very concrete and physical not just global trade technology as well as (ICT things) but which have and integration, but also the current and future deeply social, political, and undermining our capacity risk environment. legal sub-structures.” to undertake collective action?” International standards —Greg Austin and independent PROFESSORIAL FELLOW, —Samir Saran conformance mechanisms EASTWEST INSTITUTE SENIOR FELLOW AND VICE PRESIDENT, OBSERVER RESEARCH FOUNDATION; are essential to building COMMISSIONER, GLOBAL COMMISSION ON THE STABILITY OF CYBERSPACE a strong foundation of trustworthiness and defense.” —Andy Purdy CHIEF SECURITY OFFICER, HUAWEI TECHNOLOGIES USA 25 Copyright © 2018 EastWest Institute Photos: Marie A. Rodriguez, EWI

The EastWest Institute works to reduce international conflict, addressing seemingly intractable problems that threaten world security and stability. We forge new connections and build trust among global leaders and influencers, help create practical new ideas, and take action through our network of global decision-makers. Independent and nonprofit since our founding in 1980, we have offices in New York, Brussels, Moscow and San Francisco.

The EastWest Institute 708 Third Avenue Suite 1105 New York, NY 10017 U.S.A. +1 (212) 824-4100

[email protected] www.eastwest.ngo

Global Cooperation in Cyberspace

SUPPORTERS:

Microsoft Huawei Technologies Unisys Qihoo 360 NXP Semiconductors CenturyLink JPMorgan Chase Marsh & McLennan The Hague Centre for Strategic Studies William and Flora Hewlett Foundation

PARTNERS:

IEEE Communications Society Global Forum on Cyber Expertise Munich Security Conference M3AAWG The Open Group Fudan University University of New South Wales Center for Long-Term Cybersecurity, University of California, Berkeley