The US General Accounting Office has released a new report which provides an overview of US government involvement and the challenges it faces in global Internet security and policy. Submitted to Rep. Bennie Thompson, a Mississippi Democrat who chairs the House Committee on Homeland Security, Rep. Yvette Clarke of New York and Senator Kirstin Gillibrand of New York, the report is intended to inform debate over the proposed law S. 1438: Fostering a Global Response to Cyber Attacks Act, which was referred to the Committee on Foreign Relations in July.
Cataloging the breadth and scope of departmental and agency efforts to engage in multiple issues and institutions (including identifying ICANN, IGF, IETF among others as important), it paints a picture of a government struggling to identify a cohesive strategic approach to Internet governance.
Particularly interesting are:
– A conclusion stating an almost critical need to increase coordination among agencies in response to global security incidents, yet “several agencies stated a single authoritative…response organization would not be appropriate” (36) The USG obviously hasn't completely come to grips with the paradox of distributed governance in a global network.
– A recognition that mandatory standards to improve the security of USG systems may risk creating cybersecurity-related trade barriers. (35) A poster child for this issue going forward is the mandating of DNSSEC and potentially securing Internet routing, and the response it engenders from other parts of the world, e.g., pressure to integrate competing crypto algorithms.
– The recognition of the importance of defining norms (38), although the report fails to identify basic human rights (privacy, freedom of expression), multi-stakeholder participation, or institutional accountability as the emerging predominant frames in fora like the IGF and ICANN – instead focusing on discussion about the appropriateness of “use of force” in response to cyber attacks.