Confronting Reality in Cyberspace

Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet
Updated July 2022

The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized. Today, the internet is less free, more fragmented, and less secure.

Executive Summary

The global internet—a vast matrix of telecommunications, fiber optics, and satellite networks—is in large part a creation of the United States. The technologies that underpin the internet grew out of federal research projects, and U.S. companies innovated, commercialized, and globalized the technology. The internet’s basic structure—a reliance on the private sector and the technical community, relatively light regulatory oversight, and the protection of speech and the promotion of the free flow of information—reflected American values.

Moreover, U.S. strategic, economic, political, and foreign policy interests were served by the global, open internet. Washington long believed that its vision of the internet would ultimately prevail and that other countries would be forced to adjust to or miss out on the benefits of a global and open internet.

The United States now confronts a starkly different reality. The utopian vision of an open, reliable, and secure global network has not been achieved and is unlikely ever to be realized. Today, the internet is less free, more fragmented, and less secure.

Countries around the world now exert a greater degree of control over the internet, localizing data, blocking and moderating content, and launching political influence campaigns. Nation-states conduct massive cyber campaigns, and the number of disruptive attacks is growing. Adversaries are making it more difficult for the United States to operate in cyberspace. Parts of the internet are dark marketplaces for vandalism, crime, theft, and extortion.

Malicious actors have exploited social media platforms, spread disinformation and misinformation, incited disparate forms of political participation that can sway elections, engendered fierce violence, and promoted toxic forms of civic division.

At the same time, the modern internet remains a backbone for critical civilian infrastructure around the world. It is the main artery of global digital trade. It has broken barriers for sharing information, supports grassroots organization and marginalized communities, and can still act as a means of dissent under repressive government regimes.

As the Internet of Things (IoT) expands in coming years, the next iteration of the network will connect tens of billions of devices, digitally binding every aspect of day-to-day life, from heart monitors and refrigerators to traffic lights and agricultural methane emissions.

The United States, however, cannot capture the gains of future innovation by continuing to pursue failed policies based on an unrealistic and dated vision of the internet.

The United States needs a new strategy that responds to what is now a fragmented and dangerous internet. The Task Force believes it is time for a new foreign policy for cyberspace.

The major findings of the Task Force are as follows:

  • The era of the global internet is over.
  • U.S. policies promoting an open, global internet have failed, and Washington will be unable to stop or reverse the trend toward fragmentation.
  • Data is a source of geopolitical power and competition and is seen as central to economic and national security.
  • The United States has taken itself out of the game on digital trade, and the continued failure to adopt comprehensive privacy and data protection rules at home undercuts Washington’s ability to lead abroad.
  • Increased digitization increases vulnerability, given that nearly every aspect of business and statecraft is exposed to disruption, theft, or manipulation.
  • Most cyberattacks that violate sovereignty remain below the threshold for the use of force or armed attack. These breaches are generally used for espionage, political advantage, and international statecraft, with the most damaging attacks undermining trust and confidence in social, political, and economic institutions.
  • Cybercrime is a national security risk, and ransomware attacks on hospitals, schools, businesses, and local governments should be seen as such.
  • The United States can no longer treat cyber and information operations as two separate domains.
  • Artificial intelligence (AI) and other new technologies will increase strategic instability.
  • The United States has failed to impose sufficient costs on attackers.
  • Norms are more useful in binding friends together than in constraining adversaries.
  • Indictments and sanctions have been ineffective in stopping state-backed hackers.

The Task Force proposes three pillars to a foreign policy that should guide Washington’s adaptation to today’s more complex, variegated, and dangerous cyber realm.

First, Washington should confront reality and consolidate a coalition of allies and friends around a vision of the internet that preserves—to the greatest degree possible—a trusted, protected international communication platform.

Second, the United States should balance more targeted diplomatic and economic pressure on adversaries, as well as more disruptive cyber operations, with clear statements about self-imposed restraint on specific types of targets agreed to among U.S. allies.

Third, the United States needs to put its own proverbial house in order. That requirement calls for Washington to link more cohesively its policy for digital competition with the broader enterprise of national security strategy.

The major recommendations of the Task Force are as follows:

  • Build a digital trade agreement among trusted partners.
  • Agree to and adopt a shared policy on digital privacy that is interoperable with Europe’s General Data Protection Regulation (GDPR).
  • Resolve outstanding issues on U.S.-European Union (EU) data transfers.
  • Create an international cybercrime center.
  • Launch a focused program for cyber aid and infrastructure development.
  • Work jointly across partners to retain technology superiority.
  • Declare norms against destructive attacks on election and financial systems.
  • Negotiate with adversaries to establish limits on cyber operations directed at nuclear command, control, and communications (NC3) systems.
  • Develop coalition-wide practices for the Vulnerabilities Equities Process (VEP).
  • Adopt greater transparency about defend forward actions.
  • Hold states accountable for malicious activity emanating from their territories.
  • Make digital competition a pillar of the national security strategy.
  • Clean up U.S. cyberspace by offering incentives for internet service providers (ISPs) and cloud providers to reduce malicious activity within their infrastructure.
  • Address the domestic intelligence gap.
  • Promote the exchange of and collaboration among talent from trusted partners.
  • Develop the expertise for cyber foreign policy.

A free, global, and open internet was a worthy aspiration that helped guide U.S. policymakers for the internet’s first thirty years. The internet as it exists today, however, demands a reconsideration of U.S. cyber and foreign policies to confront these new realities. The Task Force believes that U.S. goals moving forward will be more limited and thus more attainable, but the United States needs to act quickly to design strategies and tactics that can ameliorate an urgent threat.

At a Glance

Over the last decade, most cyber operations have been attacks that violate sovereignty but remain below the threshold for the use of force or armed attack. These breaches are used for political advantage, espionage, and international statecraft, with the most damaging attacks undermining trust and confidence in social, political, and economic institutions.

Order a Copy
report cover

Bookstores: To order bulk copies, please contact Ingram. Visit ipage.ingramcontent.com, call 800.937.8200, or email [email protected]. ISBN: 978-0-87609-451-8

Up next
Introduction

About the Task Force

The Council on Foreign Relations (CFR) sponsors Independent Task Forces to assess issues of critical importance to U.S. foreign policy. Task Force members endorse the general policy thrust and judgments reached by the group, though not necessarily every finding and recommendation. They participate in the Task Force in their individual, not institutional, capacities. Observers participate in Task Force discussions but are not asked to join the consensus.

 

Chairs
Photo of Nathaniel Fick

General Manager, Elastic

Authors
Photo of Adam Segal

Ira A. Lipman Chair in Emerging Technologies and National Security and Director of the Digital and Cyberspace Policy Program, CFR

Photo of Gordon Goldstein

Adjunct Senior Fellow, CFR

Photo of Anya Schmemann

Independent Task Force Program Director, CFR

Task Force Members

  • Photo of Nicholas Beim
    Nicholas F. Beim Venrock
  • Elizabeth Bodine-Baron
    Elizabeth Bodine-Baron RAND Corporation
  • Guillermo S. Christensen
    Guillermo S. Christensen Association of U.S. Cyber Forces (AUSCF)
  • Photo of Michael Dempsey
    Michael Dempsey Northrop Grumman
  • Photo of Nathaniel Fick
    Nathaniel Fick (co-chair) Elastic
  • Photo of Gordon Goldstein
    Gordon M. Goldstein (deputy director) Council on Foreign Relations
  • Photo of Vishaal Hariprasad
    Vishaal Hariprasad Resilience
  • Niloofar Razi Howe
    Niloofar Razi Howe Energy Impact Partners
  • Photo of Will Hurd
    Will Hurd Former Member of Congress
  • Photo of Richard H. Ledgett Jr.
    Richard H. Ledgett Jr. Hakluyt & Company
  • Photo of Shelley B. Leibowitz
    Shelley B. Leibowitz SL Advisory, LLC
  • Photo of Eric H. Loeb
    Eric H. Loeb Salesforce
  • Photo of Kimberly Marten
    Kimberly Marten Barnard College, Columbia University
  • Photo of Evan S. Medeiros
    Evan S. Medeiros Georgetown University
  • Photo of Jami Miscik
    Jami Miscik (co-chair) Kissinger Associates, Inc.
  • Photo of Joseph S. Nye Jr.
    Joseph S. Nye Jr. Harvard Kennedy School
  • Photo of Nicole Perlroth
    Nicole Perlroth Cybersecurity Author and Advisor
  • Photo of Neal A. Pollard
    Neal A. Pollard Ernst & Young
  • Photo of Samantha F. Ravich
    Samantha F. Ravich Foundation for Defense of Democracies
  • Photo of Ted Schlein
    Ted Schlein Kleiner Perkins
  • Photo of Adam Segal
    Adam Segal (director) Council on Foreign Relations
  • Camille A. Stewart
    Camille A. Stewart Google LLC
  • Photo of Philip J. Venables
    Philip J. Venables Google LLC
  • Photo of Zaid A. Zaid
    Zaid A. Zaid Cloudflare, Inc.
  • Photo of Amy Zegart
    Amy B. Zegart Stanford University

Observers

  • Photo of Thomas E. Graham
    Thomas E. Graham Council on Foreign Relations
  • Photo of Lauren Kahn
    Lauren Kahn Council on Foreign Relations
  • Photo of Rafi Martina
    Rafi Martina U.S. Senate Select Committee on Intelligence
  • Photo of Shannon K. O’Neil
    Shannon K. O’Neil Council on Foreign Relations
  • Photo of Stewart M. Patrick
    Stewart M. Patrick Council on Foreign Relations
  • Photo of James A. Ryans II
    James A. Ryans II Council on Foreign Relations
  • Photo of Anya Schmemann
    Anya Schmemann Council on Foreign Relations
  • Photo of Matthew C. Waxman
    Matthew C. Waxman Council on Foreign Relations
This site uses cookies to improve your user experience. By continuing to browse this site you accept the use of cookies as explained in our Privacy Policy.