Rep. Jim Langevin, D-R.I., long a leading voice on cybersecurity policy and a member of the Cyberspace Solarium Commission, argued this week that the establishment of internationally accepted norms of behavior in cyberspace is one of the keys to improving the United States’ cybersecurity posture.
Establishing and enforcing those norms of behavior is one of the core recommendations in the Cyberspace Solarium Commission’s March report that suggests a wide range of steps to improve U.S. security.
Those include urging the Federal government to adopt a more robust deterrence policy against cyber adversaries, reducing jurisdictional conflicts in Congress on cybersecurity issues, strengthening the role of the Cybersecurity and Infrastructure Security Agency (CISA) as a national cybersecurity coordination hub, and establishing a Senate-confirmed National Cyber Director in the White House.
Speaking Oct. 28 at a virtual event organized by C4ISRNET, Rep. Langevin said that “international norms are really a critical component going forward of what we need to focus on” to improve U.S. and global cybersecurity, because they will “shape behavior” of other countries and show U.S. resolve.
“Norms will help us distinguish between acceptable and unacceptable behavior,” he said. And mechanisms to enforce them and create an expectation of retaliation for cyberattacks will “make our adversaries think twice” before engaging in cyber action against U.S. interests.”
“If we can deter adversaries’ bad actions before they happen, and get them to rethink what they are planning, and prevent it from happening … then we will have gone a long way to preventing bad actions in cyberspace,” said Rep. Langevin, who is co-chair of the Congressional Cybersecurity Caucus. The key, he said, is making adversaries believe that “the juice is not worth the squeeze.”
Establishment of norms, he said, is “a first step in leveraging our foreign policy” to work with partners and like-mind allies, with the goal of getting “our adversaries to think twice before they act against us.”
Rep. Langevin also endorsed U.S. action in recent years to indict malicious overseas cyber actors in U.S. courts, even though chances are low that foreign-based suspects will end up in U.S. courts. “Many of those people won’t see the inside of a U.S. court room,” but because of the need to avoid countries where the U.S. has extradition treaties, “their world just got a whole lot smaller,” he said.