Sen. John Kerry (D-MA) mentioned the need for "cyber diplomacy" during his confirmation hearing to be the next secretary of state today. No, Kerry wasn't talking about diplomats sending Someecards to one another when he dropped the term on his fellow senators.
He was discussing the need for the international community to develop a host of new standards, or norms of behavior in cyber space.
Kerry was responding for questions from Senate Majority Whip Dick Durbin (D-IL) who called for Kerry's thoughts on the secretary of state's role "in a world where cyber security is our greatest threat."
Kerry said Durbin's description of cyber as the world's greatest threat "hit the nail on the head."
"I guess I‘d call [cyber] the 21st-century nuclear weapons equivalent," said Kerry. "We are going to have to engage in cyber diplomacy and cyber negotiations and try to establish rules of the road that help us to be able to cope with this challenge."
"There are enormous difficulties ahead in that," he added, pointing out that some nations have very different views on what norms of behavior in the cyber world should look like -- a statement echoing those made by U.S. defense officials.
"I think most diplomacy is an extension of a particular nation's interests and in some cases it's an extension of their values," said Kerry. "Sometimes, you're more weighted toward interests than values ... this is one where we're going to find a way to address the interests with other states to somehow find common ground, if that makes sense to you, we're going to have to dig a lot deeper."
Those "interests" he was referring to may have been China's alleged widespread use of cyber espionage as a tool to steal Western business and defense secrets. Russia's -- and China's -- view that it's alright for countries to monitor their citizens Internet behavior and censor what they view online, Pentagon officials have told Killer Apps in the past.
He also called cyber security bills -- legislation that has so far failed to move forward in Congress despite years of attempts -- as a "very small step in trying to deal with this issue."
"Every day while we sit here, right now, certain countries are attacking our systems, they are trying to hack in to classified information, to various agencies of our government, to banking structures -- money has been stolen from accounts and moved in large sums," said Kerry. "There's a long list of grievances with respect to what this marvel of the Internet and the technology age has brought us."
"It's threatening to our power grid, it's threatening to our communications, it's threatening therefore to our capacity to respond and there are people out there who know it," said Kerry. "There are some countries who we are engaged with -- and all the senators know who they are -- who have a very good understanding of this power and who are pursuing it."
Here's what Killer Apps reported in September about U.S effort to establish cyber norms based on the laws of armed conflict and the resistance it's met, especially from Russia and China, according to Eric Rosenbach, deputy assistant secretary of defense for cyber policy.
"There are several countries right now that are very aggressive in cyberspace and are likely trying to create norms [of cyberspace behavior] that would be unstable for the international community because they are so aggressive," Rosenbach said. "It's still not completely clear what's acceptable and what's not acceptable and several nations different than the United States have very aggressive notions of what's acceptable."
Russia and China are focused more on controlling citizens' activities on the internet rather than limiting attacks on nations' critical infrastructure, he said.
"There are other countries, the Chinese and Russians in particular, that don't think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."
Rosenbach went on to call this a "nonstarter."
"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn't something we're interested in at all," he said. "There are other areas -- in particular, the theft of intellectual property -- because that's a major problem for the United States right now, where there are very different ideas about what's acceptable and what's not."