October 27, 2022 • By Yasmine Nahdi
To kick off the eleventh year of the Center for Digital Transformation at the UCI Paul Merage School of Business, Vijay Gurbaxani, Director of the Center for Digital Transformation, invited guest speakers Nicole Perlroth and Adam Segal to discuss their report titled “Confronting Reality in Cyberspace Foreign Policy for a Fragmented Internet,” which delves into the implications of foreign policy in cyberspace.
Nicole Perlroth is a Cybersecurity Expert and Advisor to the Cybersecurity and Infrastructure Security Agency (CISA), a journalist for The New York Times, and the award-winning author of This is How They Tell Me the World Ends. Adam Segal is the Ira A. Lipman Chair in Emerging Technologies and National Security and the Director of the Digital and Cyberspace Policy Program Council on Foreign Relations (CFR). Both speakers have extensive experience in cybersecurity and a capacious interest in the connotations of foreign policy in cyberspace.
After Gurbaxani introduced the two guest speakers, Segal and Perlroth began to discuss their report for the Council of Foreign Relations regarding foreign policy in the digital age.
Aims of the Report
Segal, who authored the report, noted that a similar report was created approximately ten years ago in which there was high optimism about the internet and what the United States could potentially achieve in it.
He said, “The purpose of that first report was really to try and introduce many of the ideas about the foreign policy implications of cyberspace to the kind of traditional foreign policy thinkers who weren’t familiar with the challenges of the internet yet.”
The new report, however, takes a different approach. According to Segal, the newer report focuses on the negative aspects that have appeared in the last ten years. He said, “Over the last ten years, looking at all measures of internet freedom, data flows, and internet shutdowns, what we’ve seen is that the global platform has become increasingly fragmented that nation-states are asserting their sovereignty and their government authority over the internet.”
Another notion that Segal explored was the increasing nature of risks like cyber-attacks. On this, he said, “We’ve seen very few destructive attacks, but the potential for that is rising. We are seeing the rise of ransomware as a national security threat, but the U.S.’s strategy of trying to create norms of behavior in cyberspace for states, for calling out actors for attributing the attacks to China, North Korea, and Iran particularly, for indicting the individual hackers, really hasn’t worked.”
Perlroth, who entered the project later than Segal, was glad to join the project due to its emphasis on striving to facilitate suggestions for a foreign policy that is fit for the current digital reality. She said, “What this report does is say, listen. We can only nudge our adversaries so much; some of these ad hoc things that we have tried in the past like naming, shaming, and indictments of, say, Chinese PLA hackers and the occasional sanction haven’t really moved the needle much.”
She continued, “We are now at an inflection point, and it is critical that we basically regroup with allies to create a coalition of like-minded governments and that the right way to do this is not around some vague notion of democracy that some countries may disagree with or may call us hypocritical after some of the Snowden revelations, for instance.”
Perlroth then discussed how the report highlights the need to create new standards for cyberspace in order for it to be regulated. She said, “We need to sort of come together and formalize these efforts and that there are already organizations out there, like Interpol, that could provide some [of the] best practices.”
The End of the Global Internet Era
Gurbaxani asked the speakers how they arrived at the conclusion that the era of the global internet is over. He also acknowledged how data is a source of geopolitical power and competition and is central to economic and national security as well as how the United States has exited digital trade.
Segal stated that this conclusion was reached because the United States did not influence other countries’ internet regulations and data flow controls. He said, “We have reached a stage where we have to admit that that aspiration will never be achieved, and we have to figure out what it is we can achieve.” Perlroth added that there is a dark side to the aspiration that wasn’t recognized before.
Gurbaxani then asked what countries, such as China and Russia, have done to weaken the global internet. Perlroth answered that China aims to be the world’s innovator, not the world’s manufacturer, and has done so by stealing western intellectual property.
She continued, “The U.S. government declassified a report that said, in addition to everything they’ve been doing for cyber espionage for industrial trade benefit, we’ve also seen Chinese state-sponsored groups hack into pipeline networks, not for intellectual property theft, but to gain a foothold into these networks in case they might want to shut them down in the event of some larger geopolitical conflict, and we’ve seen the same from Russia.”
Segal then mentioned, “When Xi Jinping began to take power…the Chinese began to think that wasn’t enough just to keep information out. They also needed to shape the global internet, so we saw both domestic reforms and the need to move discussions about cyber security and cyberspace away from what’s called the multistakeholder model to a multilateral model.”
Gurbaxani then asked what a good reference frame is for people for what they are proposing through their report.
Segal believes that it depends on the issue. He said, “I don’t think we believe there’s going to be one organization or one alliance or one framework; I think NATO is not a bad model for the security side. NATO has acknowledged that a cyber attack could trigger what’s called the Article Five Agreement so that it could be a use of force that allies have to respond to.”
Perlroth added, “As part of this exercise of putting together this task force report, we interviewed several people in the industry and government, and one of the questions I had for a senior military official on background was what kind of cyber attack would trigger Article Five? The answer was whatever the commander-in-chief says it is. It’s clear that we want to maintain some level of flexibility when it comes to cyber-attacks and responding to cyber attacks that we might not have ingrained in NATO.”
Questions for the Speakers
Gurbaxani then took questions from the audience. One viewer asked, Do the speakers think that the policies governing digital trade or infrastructure should become similar to the policies governing traditional trade and physical infrastructure? Segal answered that there is no reason why the same structures can’t deal with digital trade or infrastructure the way they deal with other regulators. Gurbaxani noted that the technologies discussed can increase strategic instability, as touched on in the aforementioned report.
In response to a viewer’s comment on the importance of improving on defense rather than offense, Perlroth agreed and commented that despite the U.S. being number one in terms of cyber offense, it is among the most targeted nations in the world in terms of destructive cyber attacks. She said, “Once you start using these offensive capabilities, you leave yourself vulnerable.”
Another viewer asked, How is the cyber warfare facet of the Ukraine War lined up with the pre-conflict expectations and predictions? Is this typically analyzed alongside broader information warfare capabilities? Perlroth began by saying that, despite Russia making its way into the Ukrainian grid, they didn’t shut it down and installed wiper malware at many Ukrainian banks and government agencies. She then added that there is a theory that Russia designed a tool to hack pipelines called Pipe Dream, which consists of multiple critical infrastructure hacking tools. “We know that Russia has basically deployed some of the worst kinds of attacks that we’ve seen at least to date and that perhaps they have an additional capability.”
After the question and answer portion, Gurbaxani ended by asking Segal what he believes is the best outcome that he can hope for and what impact he would like their report to have. Segal said, “I think the biggest impact is most likely to be on the things we haven’t really talked that much about on the domestic side - in particular, the role that the state department and foreign service officers in the future are going to play in this space.”
Before thanking Segal and Perlroth for joining him, the Beall Family Foundation, and KPMG for their support, Gurbaxani concluded, “I think one of the things we spend a lot of time talking at the business school about is how the world is changing, and I think sometimes we forget the different kinds of competencies we need in many of these positions.”
You can listen to the entire conversation between Perlroth, Segal, and Gurbaxani here.