INTERNATIONAL STRATEGY FOR CYBERSPACE: Prosperity, Security, and Openness in a Networked WorldPolicy Priorities -- The United States will continue to take action to help build and sustain open, interoperable, secure, and reliable networks at home and abroad, both for our citizens and others in the global community Our approach is guided by the fundamental principles, driven by the overarching goal, and sustained by the policies outlined in this document—together they form the basis of the United States’ international cyberspace strategy. To fully realize this future in which cyberspace lives up to its potential for all, the United States Government organizes its activities across seven interdependent areas of activity, each demanding collaboration within our government, with international partners, and with the private sector Taken as a whole, they form the action lines of our strategic framework. For the many departments and agencies of the United States Government already engaged in these activities, they provide reinforcement to the important work already underway For those developing implementation plans to carry out their specific responsibilities in cyberspace, they provide context and ensure unity of effort The policy priorities outlined here call for and guide those specific actions, highlighting areas of past, present and future emphasis that demand concerted attention and resources at the national level.President of the United StatesPOTUS_90e51e86-bcc3-40fb-9a48-6480d35f44aa... a future in which reliable access to the Internet is available from nearly any point on the globe, at a price that businesses and families can afford ..._4f9a9b22-83af-11e2-a812-7481b5585148The United States will work internationally to promote an open, interoperable, secure, and reliable information and communications infrastructure that supports international trade and commerce, strengthens international security, and fosters free expression and innovation To achieve that goal, we will build and sustain an environment in which norms of responsible behavior guide states’ actions, sustain partnerships, and support the rule of law in cyberspace _4f9a9ea6-83af-11e2-a812-7481b5585148Fundamental FreedomsOur commitment to freedom of expression and association is abiding, but does not come at the expense of public safety or the protection of our citizens Among these civil liberties, recognized internationally as “fundamental freedoms,” the ability to seek, receive and impart information and ideas through any medium and regardless of frontiers has never been more relevant As a nation, we are not blind to those Internet users with malevolent intentions, but recognize that exceptions to free speech in cyberspace must also be narrowly tailored For example, child pornography, inciting imminent violence, or organizing an act of terrorism have no place in any society, and thus, they have no place on the Internet Nonetheless, the United States will continue to combat them in a manner consistent with our core values—treating these issues specifically, and not as referenda on the Internet’s value to society.Privacy Our strategy marries our obligation to protect our citizens and interests with our commitment to privacy As citizens increasingly engage via the Internet in their public and private lives, they have expectations for privacy: individuals should be able to understand how their personal data may be used, and be confident that it will be handled fairly Likewise, they expect to be protected from fraud, theft, and threats to personal safety that lurk online—and expect law enforcement to use all the tools at their disposal, pursuant to law, to track and prosecute those who would use the Internet to exploit others The United States is committed to ensuring balance on both sides of this equation, by giving law enforcement appropriate investigative authorities it requires, while protecting individual rights through appropriate judicial review and oversight to ensure consistency with the rule of law Free Flow of Information States do not, and should not have to choose between the free flow of information and the security of their networks The best cybersecurity solutions are dynamic and adaptable, with minimal impact on network performance These tools secure systems without crippling innovation, suppressing freedom of expression or association, or impeding global interoperability In contrast, we see other approaches—such as national-level filters and firewalls—as providing only an illusion of security while hampering the effectiveness and growth of the Internet as an open, interoperable, secure, and reliable medium of exchange The same is true commercially; cyberspace must remain a level playing field that rewards innovation, entrepreneurship, and industriousness, not a venue where states arbitrarily disrupt the free flow of information to create unfair advantage The United States is committed to international initiatives and standards that enhance cybersecurity while safeguarding free trade and the broader free flow of information, recognizing our global responsibilities, as well as our national needs Too often, such principles are characterized as incompatible with effective law enforcement, anonymity, the protection of children and secure infrastructure In reality, good cybersecurity can enhance privacy, and effective law enforcement targeting widely-recognized illegal behavior can protect fundamental freedoms The rule of law—a civil order in which fidelity to laws safeguards people and interests; brings stability to global markets; and holds malevolent actors to account internationally—both supports our national security and advances our common values EconomyPromoting International Standards and Innovative, Open Markets_4f9a9fc8-83af-11e2-a812-7481b55851481To ensure that cyberspace continues to serve the needs of our economies and innovators, we will:Free Trade Sustain a free-trade environment that encourages technological innovation on accessible, globally linked networks. _4f9aa0ae-83af-11e2-a812-7481b55851481.1Just as the free flow of information is critical to the functioning of our networks, free trade helps support innovation and market growth in the information age The global embrace of the Internet can largely be traced to the spread of lower-cost and globally available computers and network technology Competition in these markets drives innovation, while a free-trade environment enables manufacturers to keep prices competitive and standards high Respecting the international standards of technology development and trade is an essential part of sustaining open markets, and enables leading-edge technology companies to rapidly deliver the benefits of their innovative products and services Over the next few decades, the globalization of technology manufacturing will only increase, with substantial benefits for our networks and consumers The United States will work to sustain that free-trade environment, particularly in support of the high-tech sector, to ensure future innovation.Intellectual PropertyProtect intellectual property, including commercial trade secrets, from theft. _4f9aa194-83af-11e2-a812-7481b55851481.2The same global networks that power innovation also open up new avenues for industrial espionage and the theft of intellectual property and commercial information Cyberspace can be used to steal an unprecedented volume of information from businesses, universities, and government agencies; such stolen information and technology can equal billions of dollars of lost value Individual incidents often go unreported or undetected Results can range from unfair competition to the bankrupting of entire firms, and the national impact may be orders of magnitude larger The persistent theft of intellectual property, whether by criminals, foreign firms, or state actors working on their behalf, can erode competitiveness in the global economy, and businesses’ opportunities to innovate The United States will take measures to identify and respond to such actions to help build an international environment that recognizes such acts as unlawful and impermissible, and hold such actors accountable.Technical StandardsEnsure the primacy of interoperable and secure technical standards, determined by technical experts. _4f9aa27a-83af-11e2-a812-7481b55851481.3Technical ExpertsDeveloping international, voluntary, consensus-based cybersecurity standards and deploying products, processes, and services based upon such standards are the basis of an interoperable, secure and resilient global infrastructure The public and private sectors must work together to develop, maintain, and implement these standards and support the development of international standards and conformity assessment schemes that prevent barriers to international trade and commerce International cybersecurity standardization, and its voluntary and consensus-based processes, serves collective interests They foster innovation; facilitate interoperability, security, and resiliency; improve trust in online transactions; and spur competition in global markets The United States will foster collaboration between the public and private sector to ensure the promulgation of international standards-based requirements for products and services.Protecting Our NetworksEnhancing Security, Reliability, and Resiliency_4f9aa360-83af-11e2-a812-7481b55851482Because strong cybersecurity is critical to national and economic security in the broadest sense, we will:Cyberspace CooperationPromote cyberspace cooperation, particularly on norms of behavior for states and cybersecurity, bilaterally and in a range of multilateral organizations and multinational partnerships. _4f9aa45a-83af-11e2-a812-7481b55851482.1Organization of American States (OAS)Association of Southeast Asian Nations (ASEAN) Regional Forum (ARF)Asia-Pacific Economic Cooperation Organization (APEC)Organization for Cooperation and Security in Europe (OSCE)African Union (AU)Organization for Economic Cooperation and Development (OECD)Group of Eight (G-8)European Union (EU)United Nations (UN)Council of EuropeAfricaMiddle EastAn increasing number of international organizations are taking up cybersecurity and other cyberspace issues, and the United States continues to promote this important work, building cyberspace into their range of work to meet the needs of their varied memberships We have worked to include relevant cyberspace issues on the agenda at the Organization of American States (OAS), the Association of Southeast Asian Nations (ASEAN) Regional Forum (ARF), the Asia-Pacific Economic Cooperation Organization (APEC), the Organization for Cooperation and Security in Europe (OSCE), the African Union (AU), the Organization for Economic Cooperation and Development (OECD), the Group of Eight (G-8), the European Union (EU), the United Nations (UN ), and the Council of Europe, and to ensure that work is supported by an effective institutional framework The United States will continue, in these and other fora, to consolidate regional and international consensus on key cyberspace activities, including norms We will also look to fora that enable multi-stakeholder collaboration and consensus building, to further elaborate the Internet policy principles outlined in this document We welcome the expansion of this work to geographic regions currently underrepresented in the dialogue—most notably Africa and the Middle East—to further our interest in building worldwide capacity.Intrusions & DisruptionsReduce intrusions into and disruptions of U.S. networks. _4f9aa55e-83af-11e2-a812-7481b55851482.2Unauthorized network intrusions threaten the integrity of economies and undermine national security Agencies across the United States Government are collaborating, together with the private sector, to protect innovation from industrial espionage, to protect Federal, state, and local government networks, to protect military operations from degraded operating environments, and to secure critical infrastructure against intrusions and attacks—particularly those on energy, transportation, or financial systems, and the defense industrial base The United States will pursue a broad international consensus of states that recognize the importance of respect for property and network stability, and will back up that conviction with our own and our partners’ willingness to defend our networks from acts that would compromise them.Incident Management, Resiliency & RecoveryEnsure robust incident management, resiliency, and recovery capabilities for information infrastructure. _4f9aa658-83af-11e2-a812-7481b55851482.3In an interconnected global environment, weak security in one nation’s systems compounds the risk to others No one nation can have full insight into the world’s networks; we have an obligation to share our insights about our own networks and collaborate with others when events might threaten us all As we continue to build and enhance our own response capabilities, we will work with other countries to expand the international networks that support greater global situational awareness and incident response—including between government and industry The United States Government actively participates in watch, warning, and incident response through exchanging information with trusted networks of international partners We will expand these capabilities through international collaboration to enhance overall resilience The United States will also work to engage international participation in cybersecurity exercises, to elevate and strengthen established operating procedures with our partners.High-Tech Supply ChainImprove the security of the high-tech supply chain, in consultation with industry._4f9aa77a-83af-11e2-a812-7481b55851482.4IndustryThe operation of critical networks and information infrastructures depends on the assured availability of trustworthy hardware and software Vulnerabilities in the supply chain can enable attacks on the integrity, availability, or confidentiality of networks and the data they contain Exploitation of these vulnerabilities impairs economic performance and national security The United States will work with industry and international partners to develop best practices for protecting the integrity of information systems and critical infrastructure In this way, we will greatly enhance the security of the globalized supply chains on which free and open trade depend.Law EnforcementExtending Collaboration and the Rule of Law_4f9aa888-83af-11e2-a812-7481b55851483To enhance confidence in cyberspace and pursue those who would exploit online systems, we will:Cybercrime PolicyParticipate fully in international cybercrime policy development. _4f9aa9a0-83af-11e2-a812-7481b55851483.1The United States is committed to participating actively in discussions about how international norms and measures on cybercrime are developed bilaterally and multilaterally, in fora with proven expertise and a history of promoting effective cybercrime policies These conversations will incorporate existing efforts, like how to extend the reach of institutions like the Budapest Convention The United States will build these efforts upon the successful partnerships between national law enforcement agencies and the productive policy dialogues that we currently enjoy, cultivating a sense of responsibility among states joining this effort.HarmonizationHarmonize cybercrime laws internationally by expanding accession to the Budapest Convention. _4f9aab30-83af-11e2-a812-7481b55851483.2The United States and our allies regularly depend upon cooperation and assistance from other countries when investigating and prosecuting cybercrime cases This cooperation is most effective and meaningful when the countries have common cybercrime laws, which facilitates evidence-sharing, extradition, and other types of coordination The Budapest Convention on Cybercrime provides countries with a model for drafting and updating their current laws, and it has proven to be an effective mechanism for enhancing international cooperation in cybercrime cases The United States will continue to encourage other countries to become parties to the Convention and will help current non-parties use the Convention as a basis for their own laws, easing bilateral cooperation in the short term, and preparing them for the possibility of accession to the Convention in the long term Illegal ActivitiesFocus cybercrime laws on combating illegal activities, not restricting access to the Internet. _4f9aac52-83af-11e2-a812-7481b55851483.3Criminal behavior in cyberspace should be met with effective law enforcement, not policies that restrict legitimate access to or content on the Internet To advance this goal, the United States Government works on a bilateral and multilateral basis to ensure that countries recognize that online crimes should be approached by focusing on preventing crime and catching and punishing offenders, rather than by broadly limiting access to the Internet, as a broad limitation of access would affect innocent Internet users as well As the United States and our partners engage in dialogue and help build capacity among law enforcement organizations worldwide, we will integrate this approach, uniting protection of privacy, fundamental freedoms, and innovation with collaboration to combat crimes in cyberspace Terrorists & CriminalsDeny terrorists and other criminals the ability to exploit the Internet for operational planning, financing, or attacks. _4f9aad7e-83af-11e2-a812-7481b55851483.4Financial Action Task ForceThe United States has a variety of international capacity-building and training programs on cybercrime, helping law enforcement and legislators develop effective legal frameworks and expertise to investigate and prosecute terrorist and other criminal misuse of the Internet Preventing terrorists from enhancing capabilities through “hackers for hire” and organized crime tools is an important priority for the international community, and demands effective cybercrime laws The United States is committed to tracking and disrupting terrorist and cybercrime finance networks through technical tools and international cooperation frameworks such as the Financial Action Task Force.MilitaryPreparing for 21st Century Security Challenges_4f9aaed2-83af-11e2-a812-7481b55851484Since our commitment to defend our citizens, allies, and interests extends to wherever they might be threatened, we will:Reliable & Secure NetworksRecognize and adapt to the military’s increasing need for reliable and secure networks. _4f9ab008-83af-11e2-a812-7481b55851484.1We recognize that our armed forces increasingly depend on the networks that support them, and we will work to ensure that our military remains fully equipped to operate even in an environment where others might seek to disrupt its systems, or other infrastructure vital to national defense Like all nations, the United States has a compelling interest in defending its vital national assets, as well as our core principles and values, and we are committed to defending against those who would attempt to impede our ability to do so Military AlliancesBuild and enhance existing military alliances to confront potential threats in cyberspace._4f9ab148-83af-11e2-a812-7481b55851484.2Cybersecurity cannot be achieved by any one nation alone, and greater levels of international cooperation are needed to confront those actors who would seek to disrupt or exploit our networks This effort begins by acknowledging that the interconnected nature of networked systems of our closest allies, such as those of NATO and its member states, creates opportunities and new risks Moving forward, the United States will continue to work with the militaries and civilian counterparts of our allies and partners to expand situational awareness and shared warning systems, enhance our ability to work together in times of peace and crisis, and develop the means and method of collective self-defense in cyberspace Such military alliances and partnerships will bolster our collective deterrence capabilities and strengthen our ability to defend the United States against state and non-state actors/Cyberspace CooperationExpand cyberspace cooperation with allies and partners to increase collective security._4f9ab2a6-83af-11e2-a812-7481b55851484.3The challenges of cyberspace also create opportunities to work in new ways with allied and partner militaries By developing a shared understanding of standard operating procedures, our armed forces can enhance security through coordination and greater information exchange; these engagements will diminish misperceptions about military activities and the potential for escalatory behavior Dialogues and best practice exchanges to enhance partner capabilities, such as digital forensics, work force development, and network penetration and resiliency testing will be important to this effort The United States will work in close partnership with like-minded states to leverage capabilities, reduce collective risk, and foster multi-stakeholder initiatives to deter malicious activities in cyberspace.Internet GovernancePromoting Effective and Inclusive Structures_4f9ab3f0-83af-11e2-a812-7481b55851485To promote Internet governance structures that effectively serve the needs of all Internet users, we will:Openness & InnovationPrioritize openness and innovation on the Internet. _4f9ab544-83af-11e2-a812-7481b55851485.1Intergovernmental OrganizationsNongovernmental OrganizationsThe ability to distribute information efficiently on the Internet is at the very core of modern consumer, business, political, scientific, and educational activity Governments around the globe recognize the value of the Internet; however, many of them place arbitrary restrictions on the free flow of information or use it to suppress dissent or opposition activities The method and enforcement of these restrictions vary widely across countries, as do their justification, but we should not allow the Internet’s governance or technical architecture to be reengineered to accommodate decisions that violate fundamental freedoms, or unnecessarily stifle innovation Effective, inclusive Internet governance can help ensure acts grossly outside international norms of acceptable network management are not compounded by a technical or governance structure that would enable them Preserving, enhancing, and increasing access to an open, global Internet is a clear policy priority The United States will continue to advance these goals through a variety of engagements, including outreach to appropriate multi-stakeholder institutions and organizations, and to relevant intergovernmental and nongovernmental organizations.Network Security & StabilityPreserve global network security and stability, including the domain name system (DNS)._4f9ab6c0-83af-11e2-a812-7481b55851485.2Given the Internet’s importance to the world’s economy, it is essential that this network of networks and its underlying infrastructure, the DNS, remain stable and secure To ensure this continued stability and security, it is imperative that we and the rest of the world continue to recognize the contributions of its full range of stakeholders, particularly those organizations and technical experts vital to the technical operation of the Internet The United States recognizes that the effective coordination of these resources has facilitated the Internet’s success, and will continue to support those effective, multi-stakeholder processes.Internet GovernancePromote and enhance multi-stakeholder venues for the discussion of Internet governance issues. _4f9ab81e-83af-11e2-a812-7481b55851485.3Internet Governance ForumThe very architecture of the Internet embodies a mode of social and technical organization which is decentralized, cooperative, and layered Each of these characteristics is fundamental to the benefits the Internet has brought That architecture fuels the freedom of innovation that enables economic growth It fuels the freedom of expression and association that enables social and political growth and the functioning of democratic societies worldwide The United States stands firm in our conviction that when the international community meets to discuss the range of Internet governance issues, these conversations must take place in a multi-stakeholder manner; we will continue to support successful venues like the Internet Governance Forum, which embodies the open and inclusive nature of the Internet itself by allowing nongovernment stakeholders to contribute to the discussion on equal footing with governments.International DevelopmentBuilding Capacity, Security, and Prosperity_4f9ab97c-83af-11e2-a812-7481b55851486To promote the benefits of networked technology globally, enhance the reliability of our shared networks, and build the community of responsible stakeholders in cyberspace, we will:Knowledge, Training & ResourcesProvide the necessary knowledge, training, and other resources to countries seeking to build technical and cybersecurity capacity. _4f9abb16-83af-11e2-a812-7481b55851486.1OASAPECUNThe benefits of an interconnected world should not be limited by national borders For over a decade the United States has helped bridge that gap, supporting a variety of programs to help other nations gain the resources and skills to build core capacities in technology and cybersecurity Our goal is to help other states learn from our experience, and in particular to build cybersecurity into their national technical development Because the needs are many and diverse, our programs range from supporting national capabilities for incident management; to building public/private partnerships; to enhancing control systems security; to drafting effective laws to investigate and prosecute cybercrime; to developing and implementing programs to raise cybersecurity awareness and build a national culture of cybersecurity Our work has taken place bilaterally, through foreign assistance, as well in partnership with innovative public-private initiatives like the United States Telecommunications Training Institute In recent years, we have helped make this work a priority at multilateral fora such as the OAS, APEC, and the UN The United States will expand these collaborations, work in-country to support private-sector investment in capacity, draw attention to this critical need, and work to build new collaborations in the coming years.Cybersecurity Best PracticesContinually develop and regularly share international cybersecurity best practices._4f9abc88-83af-11e2-a812-7481b55851486.2Today, nations no longer need to develop cybersecurity capacity exclusively through a process of trial and error We have worked with dozens of other states and with numerous multilateral organizations to develop and share best practices designed to help states make wiser investments and develop more effective policies The United States will continue to identify, develop, and refine best practices and technical standards in collaboration and close partnership with industry, and will expand our efforts to promote awareness of and access to them We will further promote collaborative science and technology research to enhance cybersecurity tools and capabilities.CapabilityEnhance states’ ability to fight cybercrime—including training for law enforcement, forensic specialists, jurists, and legislators. _4f9abe04-83af-11e2-a812-7481b55851486.3AfricaAPECASEANG-8OASLaw EnforcementForensic Specialists Jurists LegislatorsBecause criminal cases involving computer networks often involve evidence and targets located overseas, governments regularly rely on one another to provide often extensive technical and investigative assistance in matters relating to serious crime and national security Criminal threats can originate from any connected country, and many countries need substantial help in developing the investigative capacities required to collaborate in such investigations By providing training on these issues, we develop critical contacts and help promote law enforcement technical understanding This engagement will increase the prospects for effective law enforcement cooperation and reciprocal assistance The United States will continue to pursue this objective by providing training in numerous regions, continuing our work in Africa, and with APEC, ASEAN, G-8, and the OAS.Technical Capacity BuildingDevelop relationships with policymakers to enhance technical capacity building, providing regular and ongoing contact with experts and their United States Government counterparts. _4f9abfbc-83af-11e2-a812-7481b55851486.4PolicymakersOver the last few years, a growing international community of policymakers focusing on cyberspace issues has provided new avenues for dialogue, launched new development and security initiatives, and strengthened countless bilateral relations As we invest in developing countries’ long-term future through technical and cybersecurity capacity-building, the United States is committed to building those assistance relationships into closer partnerships on issues of mutual concern We have taken a lead role in convening fora, such as the Meridian Conference, which fosters collaboration on critical information infrastructure protection issues The United States welcomes more states entering into the dialogue as they become increasingly invested in the future of cyberspace, and will work to build enduring relationships among our experts and policymakers.Internet FreedomSupporting Fundamental Freedoms and Privacy_4f9ac142-83af-11e2-a812-7481b55851487To help secure fundamental freedoms as well as privacy in cyberspace, we will: Freedom of Expression & AssociationSupport civil society actors in achieving reliable, secure, and safe platforms for freedoms of expression and association. _4f9ac2d2-83af-11e2-a812-7481b55851487.1Civil Society ActorsWe encourage people all over the world to use digital media to express opinions, share information, monitor elections, expose corruption, and organize social and political movements, and denounce those who harass, unfairly arrest, threaten, or commit violent acts against the people who use these technologies Such cultures of fear discourage others in the community from using new technologies to report, organize, and exchange ideas The same protections must apply to Internet Service Providers and other providers of connectivity, who too often fall victim to legal regimes of intermediary liability that pass the role of censoring legitimate speech down to companies The United States will be a tireless advocate of fundamental freedoms of speech and association through cyberspace; will work to empower civil society actors, human rights advocates, and journalists in their use of digital media; and will work to encourage governments to address real cyberspace threats, rather than impose upon companies responsibilities of inappropriately limiting either freedom of expression or the free flow of information.IntrusionsCollaborate with civil society and nongovernment organizations to establish safeguards protecting their Internet activity from unlawful digital intrusions._4f9ac4a8-83af-11e2-a812-7481b55851487.2Promoting cybersecurity among civil society and nongovernmental organizations helps ensure that freedoms of speech and association are more widely enjoyed in the digital age Cybersecurity is particularly important for activists, advocates, and journalists on the front lines who may express unpopular ideas and opinions, and who are frequently the victims of disruptions and intrusions into their email accounts, websites, mobile phones, and data systems The United States supports efforts to empower these users to protect themselves, to help ensure their ability to exercise their free expression and association rights on the new technologies of the 21st century.Commercial Data PrivacyEncourage international cooperation for effective commercial data privacy protections. _4f9ac642-83af-11e2-a812-7481b55851487.3Protecting individual privacy is essential to maintaining the trust that sustains economic and social uses of the Internet The United States has a robust record of enforcement of its privacy laws, as well as encouraging multi-stakeholder policy development We are continuing to strengthen the U S commercial data privacy framework to keep pace with the rapid changes presented by networked technologies We recognize the role of applying general privacy principles in the commercial context while maintaining the flexibility necessary for innovation The United States will work toward building mutual recognition of laws that achieve the same objectives and enforcement cooperation to protect privacy and promote innovation.InteroperabilityEnsure the end-to-end interoperability of an Internet accessible to all._4f9ac7e6-83af-11e2-a812-7481b55851487.4Users should have confidence that the information they transmit over the Internet will be received as it was intended, anywhere in the world Equally important is the expectation that under normal circumstances, data will flow across borders without regard for its national origin or destination Ensuring the integrity of information as it flows over the Internet gives users confidence in the network and keeps the Internet open as a reliable platform for innovation that drives growth in the global economy and encourages the exchange of ideas among people around the world The United States will continue to make clear the benefits of an Internet that is global in nature, while opposing efforts to splinter this network into national intranets that deprive individuals of content from abroad.2011-06-312013-03-02http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdfOwenAmburOwen.Ambur@verizon.net