Nate Fick, confirmed last week to lead the State Department’s Bureau of Cyberspace and Digital Policy, was also the co-chair (along with Jami Miscik of Global Strategic Insights) of the Council on Foreign Relations (CFR) Independent Task Force on Cybersecurity.

In May, the CFR Task Force delivered their final report, Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet, which concluded “that, —among other things—the era of the global internet is over; Washington will be unable to stop further fragmentation; data is a source of geopolitical competition; the United States has taken itself out of the digital trade sphere (undercutting Washington’s ability to lead abroad); cybercrime is a pressing national security threat; and Washington and its allies have failed to impose sufficient consequences on attackers.” (1)

Background

Richard Haas, President of the CFR, in his foreword to the report, briefly encapsulates the U.S. role in a what has now proven to be a “utopian vision” of the internet which no longer matches the stark geopolitical reality of the global network:

“The United States has heavily influenced every step of the internet’s development. The technologies that undergird the internet were born out of U.S. federal research projects, while U.S. companies and technical experts made significant contributions. Similarly, the internet’s governance structures reflected American values, with a reliance on the private sector and technical community, light regulatory oversight, and the protection of speech and the promotion of the free flow of information.

For many years, this global internet served U.S. interests, and U.S. leaders often called for countries to embrace an open internet or risk being left behind. But this utopian vision became just that: a vision, not the reality. Instead, over time the internet became less free, more fragmented, and less secure. Authoritarian regimes have managed to limit its use by those who might weaken their hold and have learned how to use it to further repress would-be or actual opponents.”

Haas goes on to focus on the current global regulatory environment, or lack thereof, of the internet and growing cybersecurity threats:

“The lack of regulation around something so integral to modern economies, societies, political systems, and militaries has also become dangerous. This openness presents a tempting target for both states and non-state actors seeking to undermine democracy, promote terrorism, steal intellectual property, and cause extraordinary disruption. Even more dangerous is the vulnerability of critical infrastructure to cyber-attacks. Making the circumstances all the more difficult, figuring out who is behind a given attack remains challenging, allowing states and non-state actors to carry out cyber attacks with a high degree of deniability and avoid significant consequences. In addition, because most cyber-attacks occur well below the threshold of the use of force, the threat of retaliation is less credible.”

CFR Task Force on Cybersecurity:  Major Findings and Recommendations

Of the many think tanks and research projects concerned with analysis and policy recommendations for the future of the internet, this report by the CFR Task Force – complete with the proclamation that “the era of the global internet is over”  – is the definitive, seminal foreign policy analysis, a tipping point in the exploration of cyber international relations towards a new era of post-utopianism and a post-global vision of the international computer network:

“U.S. strategic, economic, political, and foreign policy interests were served by the global, open internet. Washington long believed that its vision of the internet would ultimately prevail and that other countries would be forced to adjust to or miss out on the benefits of a global and open internet.

The United States now confronts a starkly different reality. The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized.

The United States, however, cannot capture the gains of future innovation by continuing to pursue failed policies based on an unrealistic and dated vision of the internet.

The United States needs a new strategy that responds to what is now a fragmented and dangerous internet. The Task Force believes it is time for a new foreign policy for cyberspace.

Major Findings

The major findings of the Task Force are as follows:

• The era of the global internet is over.
• U.S. policies promoting an open, global internet have failed, and Washington will be unable to stop or reverse the trend toward fragmentation.
• Data is a source of geopolitical power and competition and is seen as central to economic and national security.
• The United States has taken itself out of the game on digital trade, and the continued failure to adopt comprehensive privacy and data protection rules at home undercuts Washington’s ability to lead abroad.
• Increased digitization increases vulnerability, given that nearly every aspect of business and statecraft is exposed to disruption, theft, or manipulation.
• Most cyber-attacks that violate sovereignty remain below the threshold for the use of force or armed attack. These breaches are generally used for espionage, political advantage, and international statecraft, with the most damaging attacks undermining trust and confidence in social, political, and economic institutions.
• Cybercrime is a national security risk, and ransomware attacks on hospitals, schools, businesses, and local governments should be seen as such.
• The United States can no longer treat cyber and information operations as two separate domains.
• Artificial intelligence (AI) and other new technologies will increase strategic instability.
• The United States has failed to impose sufficient costs on attackers.
• Norms are more useful in binding friends together than in constraining adversaries.
• Indictments and sanctions have been ineffective in stopping state-backed hackers. (2)

Major Recommendations

The major recommendations of the Task Force are as follows:

• Build a digital trade agreement among trusted partners.
• Agree to and adopt a shared policy on digital privacy that is interoperable with Europe’s General Data Protection Regulation (GDPR).
• Resolve outstanding issues on U.S.-European Union (EU) data transfers.
• Create an international cybercrime center.
• Launch a focused program for cyber aid and infrastructure development.
• Work jointly across partners to retain technology superiority.
• Declare norms against destructive attacks on election and financial systems.
• Negotiate with adversaries to establish limits on cyber operations directed at nuclear command, control, and communications (NC3) systems.
• Develop coalition-wide practices for the Vulnerabilities Equities Process (VEP).
• Adopt greater transparency about defend forward actions.
• Hold states accountable for malicious activity emanating from their territories.
• Make digital competition a pillar of the national security strategy.
• Clean up U.S. cyberspace by offering incentives for internet service providers (ISPs) and cloud providers to reduce malicious activity within their infrastructure.
• Address the domestic intelligence gap.
• Promote the exchange of and collaboration among talent from trusted partners.
• Develop the expertise for cyber foreign policy. (2)

What Next:  The Three Pillars of The Future of International Cyber Relations

According to the report, the Task Force proposes three pillars to a foreign policy that should guide Washington’s adaptation to today’s more complex, variegated, and dangerous cyber realm.

1. Washington should confront reality and consolidate a coalition of allies and friends around a vision of the internet that preserves—to the greatest degree possible—a trusted, protected international communication platform.
2. the United States should balance more targeted diplomatic and economic pressure on adversaries, as well as more disruptive cyber operations, with clear statements about self-imposed restraint on specific types of targets agreed to among U.S. allies; and
3. The United States needs to put its own proverbial house in order. That requirement calls for Washington to link more cohesively its policy for digital competition with the broader enterprise of national security strategy. (2)

The 116-page CFR Task Force Report on Cybersecurity is the second voluminous report we have summarized in the last few days and, not surprisingly, they are not without their parallels. Like the CFR report, the recent release of the 189-page report by the Special Competitive Studies Project (SCSP), Mid-Decade Challenges for National Competitiveness is also an inflection point in the policy discussion on the future role of the private sector in “Deep Tech” innovation and a clear articulation of a national technology strategy for global competitiveness, specifically in the great power competition with China.

Yes, both documents usually fall in the “TLDR” column.  But we recommend that the OODA Loop readership take the time for a thorough synthesis of the finding and recommendations of both documents, as they represent a clear, interconnected strategic path forward to which your organization can align decision-making processes, strategic awareness, and risk strategy.

The future of the internet, foreign policy, and innovation will be discussed (when we gather as the OODA Community in October at OODAcon 2022 – The Future of Exponential Innovation & Disruption) in the context of the following panels:

Tomorrowland: A Global Threat Brief

Bob Gourley, CTO of OODA LLC | Former CTO at Defense Intelligence Agency

Johnny Sawyer, Founder of the Sawyer Group | Former Chief of Staff at Defense Intelligence Agency

The Pandemic, Russian invasion of Ukraine, demographic inversions, and technological labor force disruption have combined to forever shift the global geo-strategic environment. This session will examine the new world economy, seeking actionable insights for practitioners who need a deeper understanding of new realities.  Impacts on individuals, investors, businesses, the military, and governments will be examined.

Swimming with Black Swans – Innovation in an Age of Rapid Disruption

Dawn Meyerriecks, Former Director of CIA Science and Technology Directorate

If Yogi Berra were to evaluate today’s pace of global change, he might simply define it as “the more things change, the more they change”. Are we living in an exponential loop of global change or have we achieved escape velocity into a “to be defined” global future? Experts share their thoughts on leading through unprecedented change and how we position ourselves to maintain organizational resiliency while simultaneously reaping the benefits of new technologies and global realities.

The Future Hasn’t Arrived – Identifying the Next Generation of Technology Requirements

Neal Pollard, Former Global CISO at UBS | Partner, E&Y

Bobbie Stempfley, Former CIO at DISA | Former Director at US CERT | Vice President at Dell

Bill Spalding, Associate Deputy Director of CIA for Digital Innovation

In an age when the cyber and analytics markets are driving hundreds of billions of dollars in investments and solutions is there still room for innovation? This panel brings together executives and investors to identify what gaps exist in their solution stacks and to define what technologies hold the most promise for the future.

Postponing the Apocalypse:  Funding the Next Generation of Innovation

Matt Ocko (invited), DCVC

What problem sets and global risks represent strategic investment opportunities that help reduce those risks, but also ensure future global competitiveness in key areas of national defense?  This session will provide insights from investors making key investments in these technologies and fostering future high-value innovation.

Open the Pod Bay Door – Resetting the Clock on Artificial Intelligence

Mike Capps, CEO at Diveplane | Former President at Epic Games
Sean Gourley, CEO and Founder at Primer.AI

Artificial intelligence is like a great basketball headfake. We look towards AI, but pass the ball to machine learning. But, that reality is quickly changing. This panel taps AI and machine learning experts to level-set our current capabilities in the field and define the roadmap over the next five years.

Further Resources

Nate Fick Confirmed to Lead State Department Bureau of Cyberspace and Digital Policy:  In April, The State Department launched a new cybersecurity bureau, designed to enhance digital diplomacy and online standards around the world.  Last week, the Senate confirmed Nate Fick as the first person to lead the new Bureau as the first State Department Ambassador-at-Large for Cyberspace and Digital Policy. Fick is familiar to the OODA Loop membership, as OODA CEO Matt Devost had an OODAcast conversation with Fick In March 2021 on Dynamic Leadership and Adapting to Change.

A Proactive National Technology Strategy in the Great Power Competition with China:  The co-authors of a recent article in Foreign Affairs, America Could Lose the Tech Contest With China, Eric Schmidt and Yll Bajraktari, are Chair and CEO of the Special Competitive Studies Project (SCSP), respectively. The SCSP “builds on the work of the National Security Commission on Artificial Intelligence (NSCAI), which ended its congressionally-mandated work in October 2021.  NSCAI made recommendations to the President and Congress to “advance the development of artificial intelligence, machine learning and associated technologies to comprehensively address the national security and defense needs of the United States.”

The author’s diagnosis of the root cause of the problem is aligned with the drivers behind the recent launch of America’s Frontier Fund and the Quad Investor Network (with which Eric Schmidt is also affiliated) and maps to many of the recent “Deep Tech” and “Valley of Death” discussions here at OODA Loop.

OODAcon 2022

To register for OODAcon, go to: OODAcon 2022 – The Future of Exponential Innovation & Disruption

Stay Informed

It should go without saying that tracking threats are critical to inform your actions. This includes reading our OODA Daily Pulse, which will give you insights into the nature of the threat and risks to business operations.

Related Reading:

Explore OODA Research and Analysis

Use OODA Loop to improve your decision-making in any competitive endeavor. Explore OODA Loop

Decision Intelligence

The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Strategies, Business Intelligence, and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence

Disruptive/Exponential Technology

We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, and Space Technology. Explore Disruptive/Exponential Tech

Security and Resiliency

Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation-state conflict, non-nation state conflict, global health, international crime, supply chain, and terrorism. Explore Security and Resiliency

Community

The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders, and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences, and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member-only video library. Explore The OODA Community.