Cybersecurity Deficits and International Norms by Derek S. Reveron

(June 6th, 2016) International security for the last 30 years has been characterized by security deficits, which I define as a government’s inability to meet its national security obligations without external support. (1)  In the terrestrial world, intra-state, transnational, and regional actors challenge governments’ ability to provide a secure environment for their citizens.




This means Iraq struggles against ISIS, the United States struggles against transnational organized crime, and Ukraine struggles against Russia. While these conflicts are isolated in particular places of the world, the effect of security deficits are felt throughout entire regions. G7 countries have been at the forefront of peace efforts to alleviate problems created by international crises like these. They also provide development and security assistance to weakened governments in an effort to improve stability, strengthen institutions, and protect vulnerable populations. The rationale to assist countries in overcoming their security deficits has been based on the assumption that instability breeds chaos, which would make it more likely that the international community would face pressure to intervene in the future, often at a higher cost in lives and resources.The same is true in the cyber world. Transnational organized criminal groups harness the power of the internet to steal identities and conduct financial crimes; terrorist organizations use cyberspace to recruit fighters and promote their destructive deeds; and countries employ cyber tools for espionage while laying the ground work for military operations in cyberspace. Cyber challenges like these cut across all dimensions where we live and are simultaneously political, economic, and social. More than ever, citizens, regardless of nationality, are exposed to risks created by cyber insecurity. Reinforced by intelligence assessments, polling in the United States places cyber insecurity as a pressing national security challenge.

With persistent vulnerabilities in the software we use and the relative impunity with which states, groups, and individuals operate in cyberspace, we will continue to experience data breaches leading to fraud and intellectual property theft undercutting innovation. Governments, organizations, companies, and individuals can be vermatched by malicious actors. Cybersecurity deficits undercut the benefits citizens derive from the technology we enjoy, and directly affect individuals in ways that past conflicts in distant parts of the world have not affected G7 countries.

At the same time, disclosures about governments’ roles in cyberspace undermine trust and challenge credibility. Information technology companies are pressured to enable governments special access to their products, all the while attempting to comply with different national regulations. Citizens are stuck in the middle feeling that the promises of an open, transparent, and secure cyberspace look bleak.

At the national security level, governments are concerned with Cybergeddon scenarios against critical public infrastructure disabling electricity, telecommunications, and financial services. While Cybergeddon is not inevitable (and represents a wake-up call about cyber insecurity rather than an existential threat), critical sectors have huge incentives to secure their infrastructure. However, as we have seen in other areas, security becomes a cat and mouse game where malicious actors improve rapidly, often outpacing governments abilities to adapt or defend against emerging threats.

This shared insecurity need not be paralyzing, but can be a basis for international cooperation in which G7 governments have important roles to play. Building on the norms that my colleague John Savage outlined, the next steps to improve cybersecurity include:

  1. Convening sub-regional summits to outline the scope of cybersecurity challenges andimprove multilateral efforts to promulgate norms.
  1. Establishing information sharing centers where governments can share threat information, coordinate cybersecurity policies, and implement best practices forgovernments, organizations, companies, and individuals.
  1. Assisting governments in developing countries to strengthen their government networks,improve protection of critical public infrastructure, and educate citizens to raise their security posture improving human capital. There are no borders in cyberspace, and our networks are only as strong as the weakest access point. By promoting cybersecurity norms, enabling cooperation among G7 countries, and assisting developing countries, we all become more secure from actors that place individuals at the forefront of the cybersecurity threat. When thinking about improving security in cyberspace, we should look at how international partners contribute to security in the terrestrial space through cooperative military operations, peacekeeping, and international assistance. These are important norms to replicate in cyberspace as there is a common responsibility to guarantee our citizens a minimal level of cybersecurity.

Since cyberspace is a reflection of G7 countries’ values and corporations in G7 countries dominate the information technology space, G7 countries are well placed to lead the world on establishing cyber norms to improve cybersecurity.

Derek S. Reveron (2)  May 9, 2016

U.S. Naval War College and Belfer Center for Science and International Affairs

(1) Derek S. Reveron, Exporting Security: International Engagement, Security Cooperation, and the Changing Face of the US Military, Second Edition (Washington, DC: Georgetown University Press, 2016).

(2) The views expressed here are the author’s alone and do not represent the official position of the Department of the Navy, the Department of Defense or the U.S. government.

Remark at the BGF-G7 Summit Initiative Conference – Tomomi Inada

Tomomi Inada, Chairman of  the Policy Research Council of Japan’s Liberal Democratic Party and  a Member of the Japanese House of Representatives, addressed The Boston Global Forum-G7 Summit Initiative Conference, held May 9 at the Harvard Faculty Club, in Cambridge, Mass.

In her remarks, she discussed the Asia/Pacific security environment to be discussed at the G7 Summit. She said that environment is worsening because of {in addition to North Korean threats} Chinese expansionism in the East and South China Seas and China’s rapid military buildup; its military budget, she said, is now “3.6 times’’ Japan’s.

But she said that Japan, in close collaboration with the United States, is “expanding its deterrent force’’ in the Asia/Pacific region.

She noted the importance of cybersecurity in Japan’s “national risk assessment’’ as “the threat of cyberattacks is increasing around the world.’’

“We need the rule of law in cyberbehavior,’’ Ms. Inada emphasized. We note that she is seen as a possible first woman prime minister of Japan.

At the conference, Gov. Michael Dukakis, its moderator and  the BGF’s chairman and a co-founder, presented to Tsutomo Himeno, the Japanese consul general for New England, the documents containing the final recommendations of the BGF-G7 Summit Initiative Committee, which mostly involved cybersecurity, the BGF’s focus this year. Mr. Himeno has forwarded them to the summit planners.

Remark at the BGF-G7 Summit Initiative Conference – Prof. Jose Barroso

Among the first remarks at the BGF-G7 Summit Initiative Conference were those of Prof. Jose Barroso, former President of  the European Commission; former Prime Minister of Portugal and Member of The BGF-G7 Summit Committee.

Referring to the BGF’s focus this year on cybersecurity, he said that growing cyberthreats called for “binding agreements based on international law’’  to establish acceptable cyberbehavior.

He added that other important matters to be taken up by the G7 Summit include “lack of investment confidence,’’ as well as “Muslim terrorism,’’ the refugee crisis affecting Europe and the related war in Syria and Russian attacks on Ukraine.


The BGF-G7 Summit Initiative: Ise-Shima Norms

The Boston Global Forum welcomes this opportunity to provide input to the agenda or the G7 Ise-Shima Summit. Global Economy and Trade, Development, and Quality Infrastructure Investment are three themes of this summit. Given the importance of the Internet in all three areas, we encourage you to address the following actions concerning cybersecurity at the summit. These actions have as their goal to raise the general level of security in cyberspace.

BG7I Cover

Download Ise-Shima Norms 

The BGF-G7 Summit Initiative gets rolling in Tokyo

(April 4th,2016) On March 28th,  Nguyen Anh Tuan,  The Boston Global Forum’s CEO and Editor-in-Chief, met with Japanese dignitaries at a conference in Tokyo that was part of the formal announcement in Japan of the BGF-G7 Summit Initiative, in which the BGF is making a group of recommendations for summit leaders  to  discuss, mostly focused on cybersecurity. The conference was organized and coordinated by Nobue Mita, The BGF Japan Representative. 


unnamed (1)


Among the distinguished speakers were :

Prof. Koichi Hamada, a special adviser to Prime Minister Shinzo Abe and “The Father of Abenomics’’;

Prof. Eisuke Sakakibara, known as ‘Mr. Yen’ for the influence of his pronouncements on Japan’s currency, he is the former professor from Keio University, and now he is a professor from Aoyama University;

Ambassadors Ichiro Fujisaki and Shunji Yanai;

Prof. Fumiaki Kubo, A. Barton Hepburn Professor of American Government and History, Graduate Schools for Law and Politics, University of Tokyo;

Prof. Fumio Ota, Former Professor, Defense Academy of Japan (2005-2013);

Mr. Akihiko Komase, Asgent, Inc. Consulting Department manager and Security Center Fellow;


unnamed (2)

Former UNESCO Director General Yoichiro Matsuura and Inada Tomomi, a member of the Japanese House of Representatives (the lower house of parliament) and Chairwoman  of the Policy Council of the ruling Liberal Democratic Party, also contributed valuable ideas at the meeting.

unnamed (3)