The concept of cyber diplomacy is often associated with digital diplomacy, electronic diplomacy or computer diplomacy. Overlapping use of these concepts raises confusion over the relationship between diplomacy and the digital world.
Digital (Electronic or Computer) Diplomacy
Digital (Electronic or Computer) Diplomacy refers to the use of digital tools and techniques to advance diplomatic goals. Digital diplomacy is more of a tool than an end in itself. Digital diplomacy taxonomy looks at three aspects of the interplay between Internet and diplomacy: Internet driven-changes in the environment in which diplomacy is conducted (geo-politics, geo-economics, sovereignty, interdependence); the emergence of new topics on diplomatic agendas (Internet governance, cybersecurity, privacy, and more); and use of new Internet tools in the practice of diplomacy (social media, big data, and more). The taxonomy goes beyond the typical narrow focus on social media and public diplomacy to cover the overall interplay between Internet and diplomacy. This tool can be used by state and non-state actors. Governments, or non-state actors, have objectives they want to secure and develop a diplomatic strategy to secure them. This strategy will include a broad range of tools and techniques, including digital tools. Digital tools can enhance analysis, engagement with key stakeholders and influence key policy debates. They can also support consular diplomacy. Digital tools are not limited to social media (although these can have value, provided they are used strategically) but should also include web-sourced analysis, Big Data, data mining, digital platforms for scenario generation or conflict simulation and gamification (the use of game play for education and shaping policy environments). Major challenges for digital diplomacy include developing digital tools tailor made for the pursuit of diplomatic strategies (rather than depending on commercial off-the-shelf products), creating effective spaces where state and non-state actors can come together to shape key geopolitical debates, and the evolution of diplomacy itself to integrate the future digital natives generation of political leaders.
Cyber diplomacy is the use of diplomatic tools and diplomatic thinking to resolve issues arising in the cyberspace. The use of digital tools to promote broader diplomatic agendas and the use of diplomatic techniques and mentalities (or mental modes) to analyze and manage cyberspace problems are separate but linked activities. Cyber-diplomacy can be defined as diplomacy in the cyber domain or, in other words, the use of diplomatic resources and the performance of diplomatic functions to secure national interests with regard to the cyberspace. Such interests are generally identified in national cyberspace or cybersecurity strategies, which often include references to the diplomatic agenda. Predominant issues on the cyber-diplomacy agenda include cybersecurity, cybercrime, confidence-building, internet freedom and internet governance. Cyber-diplomacy is therefore conducted in all or in part by diplomats, meeting in bilateral formats (such as the US-China dialogue) or in multilateral fora (such as in the UN). Beyond the traditional remit of diplomacy, diplomats also interact with various non-state actors, such as leaders of internet companies (such as Facebook or Google), technology entrepreneurs or civil society organisations.
Cyber Diplomcy Involves:
- Building Strategic Partnerships and Engaging Multilaterally. Just as in other diplomatic endeavors, cyber diplomacy works by building strategic partnerships with other countries around the world to enhance collective action and cooperation against shared threats, assembling like-minded coalitions on vital policy issues, sharing information and national initiatives and confronting bad actors. Nearly every formal and informal multilateral and regional body is now, in some capacity, focusing on cyber issues. These include multiple parts of the United Nations (including the International Telecommunication Union and Office on Drugs and Crime), the Organization for Security and Cooperation in Europe, Asia-Pacific Economic Cooperation, the Association of Southeast Asian Nations, the Organization of American States, the Group of 7 and the G-20.
- Enhancing Cooperation, Collective Action, Incident Response and Capacity Building. Diplomacy plays an important role in directly responding to specific cyberthreats and laying the groundwork for better cooperation and action against future threats. Collective action, where each country uses its authorities and tools to help address a shared threat, is very effective in mitigating the malicious activity. Capacity building initiatives are important in enabling better cooperation and helping developing countries to enhance cybercrime-fighting capacity, create national cyber strategies and create institutional and other mechanisms to protect against cyberthreats. Given the global nature of cyberthreats, helping developing countries protect their own networks also increases the security of one’s own networks.
- Advancing Strategic Policy and Building a Consensus for Global Cyber Stability. Diplomacy must also be used to push back on flawed regulatory regimes or policies that serve to fragment the internet, undermining its social and economic potential. Diplomatic channels may be used to challenge forced data localization regimes, ill-conceived cyber regulatory approaches and market access restrictions. Diplomacy also plays a vital role in ensuring the long-term stability of cyberspace itself in the face of increasing threats from nation-states and others, so that everyone can enjoy the benefits of cyberspace and no state has an incentive to engage in disruptive behavior.
As countries around the globe are developing, and in some cases using, offensive and other cyber capabilities, the lack of any clear consensus on acceptable state behavior in cyberspace poses substantial risks. To address this, the United States has led the development and promotion of a strategic framework of cyber stability that includes: (1) global affirmation of the applicability of international law to state activity in cyberspace; (2) the development of voluntary, nonbinding peacetime norms of acceptable state behavior; and (3) the development and use of practical confidence-building measures (CBMs) that serve to reduce the risk of misperception and escalation in cyberspace. The United States has had great success in promoting and achieving acceptance of this framework in forums around the world, including in the United Nations Group of Governmental Experts (UN GGE) on international cyber security (a series of expert forums), the North Atlantic Treaty Organization and the Organization for Security and Cooperation in Europe.
In 2013 several countries, including the United States, China and Russia, reached a landmark consensus that international law, including the U.N. Charter, applies in cyberspace. This means that cyberspace is not a “free fire” zone where no rules apply; rather, it is grounded in the same rules as the physical world. In 2015 the UN GGE recommended non-binding, voluntary norms of responsible state behavior. Under these peacetime norms, no state should attack the critical infrastructure of another state or its computer security incident response teams. States should also cooperate with requests for assistance in certain cyberattacks. The United States and China reached agreement on a theft-of-trade-secret norm that was later adopted by the G-20 and by other country bilateral agreements with China. The United States also made substantial progress within the OSCE in taking forward and implementing cyber CBMs.
While all of this represents significant progress toward achieving global cyber stability, there is much more to be done, and the head winds are stiff. The 2016 UN GGE ended in a stalemate, with some authoritarian regimes aggressively promoting their own vision of cyberspace that restricts openness, while some regimes are resisting necessary efforts to assess exactly how international law applies to cyberspace. There is an urgent need to build a broader consensus among countries on norms of behavior; much work is required to implement such norms; and, in addition, there will be significant effort ahead to further articulate how international law applies to cyberspace.
Deterrence: The United States has made significant progress in building an international consensus on what constitutes responsible state behavior in cyberspace, but that work is largely irrelevant if there are no consequences for those who violate that consensus. We have not done a very good job of deterring malicious actors—particularly nation-state actors. There are many reasons for this, including difficulties with attribution, a limited stock of potential consequences, and difficulties sharing information among partner countries. Nevertheless, at the heart of deterrence is the threat of a credible and timely response to the transgressor. Failure to act in a credible or timely way signals to the adversary that their actions are acceptable—or at the very least cost-free. The lack of any clear consensus on acceptable state behavior in cyberspace poses substantial risks.
Diplomacy can and should play a vital role in this effort—it is one of the key tools in the tool kit of response options that also include law enforcement actions, economic sanctions and cyber and kinetic responses. We must continue to employ diplomacy effectively and work to enhance all of our existing response options. We must also work with like-minded partners and other stakeholders to develop creative new tools that can be used swiftly and later reversed to change an adversary’s behavior—expanding the tool set and communicating, as transparently as possible, the likely costs that will be imposed for bad behavior. And we must enhance collective action.
Although the United States reserves the option to act alone if it must, deterrence and legitimacy are better served when several countries band together against a bad actor. There is much diplomatic work to do in forming such an agile coalition of like-minded countries who can call out bad behavior and collectively impose costs on our adversaries. Such a coalition should be flexible and can involve different countries and different actions depending on the actor; but creating it, and solving information sharing and other issues, will require a significant diplomatic effort.
The Way Ahead
Diplomacy has and must continue to play a pivotal role— shaping the environment, building cooperation and working to build coalitions to respond to shared threats—and we must continue to lead the international community. Much needs to be done to advance stability and norms, bolster deterrence, respond to threats, build partnerships, uphold human rights online and advance fair economic access. Much more needs to be done, as well, to deal with existing and future hybrid threats— including combined cyber-enabled threats that attempt to undermine our democracy.
Cyber diplomacy is the quintessential 21st-century issue of our foreign policy, encompassing cutting-edge issues of human rights, security and economic policy. The United States virtually created this new field, and an ever-increasing number of countries have followed our lead. We should not stop now; instead we need to redouble our efforts. Too much time has already been lost.