WIXLIB

-5cyber incident. As noted in the February 9 White House announcement of theCybersecurity National Action Plan, by this spring the Administration intends to“release a policy for national cyber incident coordination and an accompanyingseverity methodology for evaluating cyber incidents so that government agenciesand the private sector can communicate effectively and provide an appropriate andconsistent level of response.”Accomplishments: Worked with the National Institute of Standards and Technology to draft theFramework for Improving Critical Infrastructure Cybersecurity, which wasdeveloped in collaboration with the private sector and technical experts andincorporated international input, towards improving critical infrastructurecybersecurity through the use of voluntary security standards, guidelines, andpractices. Launched global CSIRT capacity building efforts, including partnering with theDepartment of Homeland Security and the Forum of Incident Response andSecurity Teams to draft a CSIRT development framework, and initiated aCSIRT capacity building program via Carnegie Mellon University’s SoftwareEngineering Institute, with an initial focus on sub-Saharan Africa. Promoted the development of comprehensive national cyber policies andstrategies globally, in close partnership with regional multilateral bodies, suchas the Organization of American States (OAS) and the African UnionCommission, and through a new capacity building initiative being developedfor the Department of State by MITRE Corporation. Promoted the “Stop. Think. Connect.” awareness campaign and NationalCybersecurity Awareness Month internationally to build awareness andunderstanding in civil society through public outreach by embassies andconsulates, in partnership with the Department of Homeland Security.Combating CybercrimeThe Department of State, in partnership with the Department of Justice andthe Department of Homeland Security, is a global leader in the campaign againsttransnational cybercrime. We actively partner with key allies and multilateralpartners to help countries effectively utilize existing legal tools; fund and supportU.S. law enforcement programs to develop modern legal frameworks; buildspecialized investigative, prosecutorial, judicial, and border and customscapabilities; provide training on cybercrime investigations to law enforcementofficers in partner countries; and improve international cooperation mechanisms to

-6more effectively combat modern, high-tech crime threats. We actively promotemembership in the Council of Europe Convention on Cybercrime (BudapestConvention), to which the United States and 47 other countries are parties, and arethe strongest supporter for the Group of Seven (G7) 24/7 Network, which providesinvestigators in 70 countries with dedicated points of contact who can provideurgent assistance with significant investigations involving electronic evidence.Accomplishments: Helped to expand Budapest Convention membership by 17 countries since2011, and to recruit another 10 countries that are actively working to becomeparties to the Convention. Promoted the Convention as a framework fornumerous other countries. Enlarged the G7 24/7 Network, in partnership with the Department of Justice,to 70 countries as of February. Offered up to a total of 7.75 million in rewards for information through theDepartment’s Transnational Organized Crime Program, leading to the arrest orconviction of five suspected leaders and members of transnational cybercrimeorganizations.Internet GovernanceThe Department of State, in partnership with the Department of Commerceand others, actively participates in global efforts to ensure the multistakeholdermodel of Internet governance prevails against attempts to create state-centricframeworks, which would undermine openness and freedom, hinder innovation,and jeopardize the functionality of the Internet. The multistakeholder model ischaracterized by transparent, bottom-up, consensus-driven processes whereby allgovernments, the private sector, civil society, academia, and the technicalcommunity participate on equal footing, and which has been the primary source forthe Internet’s phenomenal growth. We continue to cultivate new partners inadvancing this approach in various international fora.Accomplishments: Advanced and preserved the multistakeholder approach to Internet governance,enabling the deployment of new technologies and services and the promotion ofInternet openness and security in cyberspace at key international negotiations.These negotiations include the UN General Assembly’s High Level Meeting onthe Overall Review of the World Summit on the Information Society, which

-7continues efforts to build an inclusive, people-centered, development-orientedInformation Society (December 2015), as well as global engagements, such asthe ITU Plenipotentiary Conference in Busan, South Korea (2014),NETmundial Global Multistakeholder Meeting on the Future of InternetGovernance in São Paulo, Brazil (2014), the ITU World TelecommunicationPolicy Forum in Geneva, Switzerland (2013), and the World Conference onInternational Telecommunications in Dubai, United Arab Emirates (2012),among others. Worked with interagency counterparts in support of the Department ofCommerce’s announcement of its intent to transition the stewardship of keyInternet functions to the multistakeholder community (March 2014), andengaged in a global, multistakeholder effort toward the stewardship transitionand enhanced accountability of the Internet Corporation of Assigned Namesand Numbers. Supported the Internet Governance Forum, the premier venue for global,multistakeholder dialogue on Internet policy issues, through substantive andfinancial contributions, and successfully negotiated its continued mandate.Internet FreedomThe Department of State works tirelessly to ensure that the global Internet isan open platform on which to innovate, learn, organize, and express individualbeliefs, free from undue interference or censorship. We have worked with keyinternational partners to support successive UN Human Rights Council resolutionsaffirming that individuals have the same rights online as they do offline. We are aprimary supporter and founding member of the Freedom Online Coalition, whichhas grown to 29 like-minded countries that work to advance Internet freedomthrough diplomatic coordination, and work closely with private sector and civilsociety partners to promote rights-respecting policies. We also are the leadingglobal funder of Internet freedom programs to support anti-censorship and securecommunications technology, promote digital safety in repressive environments,empower advocates who advance Internet freedom in their home countries andabroad, and support widely cited research that monitors and analyzes the technicaland policy threats to Internet freedom. The Department of State works closelywith the Department of Commerce and other agencies to promote the free flow ofinformation and facilitate communications for people under repressive regimes,and engages closely with the private sector and civil society groups to ensuresuccessful implementation of these efforts.

-8Accomplishments: Launched the Freedom Online Coalition as one of 15 founding countries inDecember 2011, and helped it expand to 29 countries as of February. Worked with partners to secure passage of the 2012 UN Human Rights Councilresolution affirming that people have the same rights online as offline, and a2014 resolution reaffirming the same principle. Invested, with USAID, more than 145 million since 2008 in technologies,training, research, and advocacy efforts to promote Internet freedom worldwide. Worked closely with the interagency to issue General Licenses for PersonalCommunications for the citizens of Iran (2013) and Sudan (2015).International Development and Capacity BuildingThe Internet has proven to be a successful catalyst for economic and socialdevelopment around much of the world, in large part due to its open, interoperable,secure, and reliable structure and its multistakeholder governance. TheDepartment of State, in partnership with the interagency, utilizes an active,ongoing, and longstanding series of capacity building programs and consultationsto expand Internet access and build the capacity of foreign governments across arange of interconnected cyberspace policy issues to combat cybercrime, counterviolent extremism online, improve cooperation with global partners to addressshared threats, promote a culture of cybersecurity, develop cyber confidencebuilding measures, expand freedom online, and help developing countries improvedomestic market and regulatory conditions to catalyze private sector investment.The Department of State is working to expand Internet access through innovationand initiatives like Global Connect and the Alliance for an Affordable Internet.The Department is also actively involved in promoting donor cooperation,including bilateral and multilateral participation in joint cyber capacity buildinginitiatives.Accomplishments: Launched the Global Connect initiative that seeks to bring online by 20201.5 billion people who are currently without Internet access. Funded since 2011, in close coordination with interagency partners, regionalcybersecurity training workshops across sub-Saharan Africa to support lessdeveloped countries strengthen their laws, policies, and institutions inaccordance with the multistakeholder approach. Additional efforts have beenmade across other key regions, including Southeast Asia and Latin America, in

-9- donor partnerships with Japan and Australia, among others, and throughcontributions to efforts by multilateral organizations, such as the OAS, theCouncil of Europe, and the United Nations Office on Drugs and Crime.Provided, in partnership with the interagency, cybercrime and cybersecuritytraining to officials from 35 sub-Saharan African nations through a series ofsix Regional Economic Community-focused workshops, and also conductedcybercrime training for ASEAN countries, as well as countries within thePacific Islands.Joined the Netherlands in founding the Global Forum on Cyber Expertise in2015, a global platform for countries, international organizations, and theprivate sector to exchange best practices and expertise on cyber capacitybuilding; and partnered with Japan, Australia, Canada, the African UnionCommission, and Symantec on four cybersecurity and cybercrime capacitybuilding initiatives.Funded and promoted the creation and usage of a cybersecurity mobilelaboratory through the OAS Inter-American Committee Against Terrorism, aswell as other regional initiatives, to identify vulnerabilities, improvecybersecurity, and promote collaboration between the OAS and otherorganizations, such as the APEC and OSCE.Helped launch the Alliance for Affordable Internet in 2013, a public-privatepartnership working to catalyze policy change to drive down the cost ofbroadband and unlock rapid gains in Internet penetration rates around theworld.Worked with interagency counterparts and the United StatesTelecommunications Training Institute to launch the ICT Policymaking in aGlobal Environment and Cybersecurity Awareness Raising and CapacityBuilding seminar providing training to 162 officials from developing and leastdeveloped countries as of December 31, 2015.Implemented significant regulatory changes, together with the interagency, toenhance access by the citizens of Cuba to ICTs, following the President’s 2014announcement on Cuba policy changes.Negotiated the “Dubai Action Plan” through the ITU, which set a robustfour-year work plan to increase developing countries’ capacity to use ICTs foreconomic growth.Global, Cross-Cutting Cyber IssuesThe advent of cyberspace policy as a foreign policy imperative has led to thecreation of a broad range of new, cross-cutting bilateral and multilateral diplomaticengagements, as well as the integration of cyberspace issues into numerous

- 10 existing diplomatic processes and fora, including at the presidential/leaders level.Many other foreign countries have followed our lead by drafting national cyberstrategies, establishing cyber policy offices in their foreign ministries, establishinga cyber coordinator position within their foreign ministries, and elevating cyberpolicy to a top diplomatic priority. At the same time, cyber issues have gainedsignificant traction in virtually every regional and global venue, including theOrganization for Security and Cooperation in Europe, the Organization ofAmerican States, the ASEAN Regional Forum, and the United Nations. TheDepartment of State, in partnership with the interagency, has spearheaded thecreation of these new and emerging cyber policy circles, and actively works toadvance U.S. strategic interests, in coordination with like-minded partners.One of the Department of State’s high-priority, cross-cutting cyber issues isits effort to counter violent extremism (CVE) online. As highlighted in thePresident’s International Strategy, the United States counters terrorist narrativesonline by highlighting alternative viewpoints instead of suppressing speech,consistent with our core values, and we remain focused on criminal activities thatfacilitate terrorism, such as illicit financing and other crimes. The United Stateswill continue to build capacity of foreign governments and non-government actorsto credibly counter terrorist activities and narratives online through CVE programs.Accomplishments: Launched State Department-led, whole-of-government cyber policy dialogueson the full range of issues with the European Union, Germany, India, Japan, andthe Republic of Korea, among others, which complement the Department’songoing digital economy policy dialogues with those countries, awhole-of-government ICT and Internet Working Group with Brazil, and newdigital economy policy dialogues with Colombia and Taiwan, as well as adialogue partnership with ASEAN. The Department of State, working with theinteragency, regularly engages Australia, Canada, New Zealand, and theUnited Kingdom on cyber issues, and conducts regular bilateral discussions oncyber issues with numerous other countries around the world. The Departmentalso initiated two regional cyber consultations in Europe that focus oncooperation in the Baltic countries and coordination in the Nordic-Balticcountries respectively; integrated cyber policy into existing mechanisms, suchas the North American Leaders Summit and the Gulf Cooperation Council; andenhanced cyber-related dialogue with member states under the framework ofthe Organization of American States.

- 11 Collaborated with the United Kingdom to launch the Global Conference onCyberspace series in 2011, with the aim of expanding support for the visionarticulated in the International Strategy among a like-minded community ofgovernments, civil society groups, and private sector entities; and partneredwith the governments of Hungary, the Netherlands, and the Republic of Koreato ensure additional successful conferences in 2012, 2013, and 2015. Integrated cyber policy issues into numerous ongoing political-military,strategic security, and human rights dialogues, including in Presidential-levelbilateral discussions with Brazil, India, Japan, and the Republic of Korea. Utilized diplomatic channels, in conjunction with technical, law enforcement,and military engagements, when responding to serious cyber threats andincidents, such as the Sony Pictures incident in 2014 and the financial sectordenial-of-service attacks in 2012-2013. Secured bilateral cyber commitments from China, following several years ofhigh-level bilateral engagement, to: (1) develop constructive law enforcementcooperation on cyber-enabled crimes; (2) engage in high-level dialogue oncybercrime and network protection; (3) not conduct or knowingly supportcyber-enabled theft of intellectual property, including trade secrets or otherconfidential business information, with the intent of providing competitiveadvantages to companies or commercial sectors; and (4) make common effortwith the United States to further identify and promote appropriate norms ofstate behavior in cyberspace through an annual Senior Experts Group meetingled by the Department of State. Worked through the Global Counterterrorism Forum, which was established inSeptember 2011, to counter the use of the Internet for terrorist purposes bydeveloping and implementing international best practices regarding counteringterrorist financing, promoting rule of law, responding to foreign terroristfighters, countering violent extremism, and promoting violent extremistrehabilitation and reintegration. Sponsored and led the first-ever workshop on countering terrorist use of proxyactors in cyberspace in the ASEAN Regional Forum in 2012; sponsoredworkshops focused on countering online radicalization and recruitment toviolence in India and Malaysia in 2015; and funded multilateral efforts tocounter the use of the Internet for terrorist purposes in UN counterterrorismbodies, such as the UN Counter-Terrorism Committee, the Counter-TerrorismImplementation Task Force, and the UN Office on Drugs and Crime.

- 12 Mainstreaming Cyber Issues within the Department of StateThe Department of State has devoted significant effort and resources tomainstreaming cyberspace issues into our foreign diplomatic engagements, as wellas building the necessary internal capacity to formulate, coordinate, and implementcyber policy and execute our cyber diplomacy.Accomplishments: Developed robust, tailored, regional bureau cyber strategies in 2012, and thenfully revised them in 2014, to provide bureaus and U.S. Missions with a clearcyberspace policy game plan across each of the substantive pillars of theInternational Strategy, including capacity building. Integrated cyber issues into all core Department of State strategic planningdocuments, including the State and USAID Joint Strategic Plan (2014), theQuadrennial Diplomacy and Development Review (2010 and 2015), and themost recent Integrated Country Strategies; and launched a new “key issue” totrack cyber-focused foreign assistance programming. Trained more than 150 officers, from more than 120 embassies and posts, oncyberspace policy via State Department-led interagency regional workshops in2014 and 2015, and will train an additional 100 officers from embassies andposts in April 2016. Also trained more than 200 officers, from more than70 embassies and posts, on Internet and telecommunications policy through anannual course at the Foreign Service Institute since 2011 and through regionaltrainings in 2014 and 2015.Sec. 402(b)(2) – A plan of action to guide the diplomacy of the Secretary ofState, with regard to foreign countries, including conducting bilateral andmultilateral activities to develop the norms of responsible internationalbehavior in cyberspace, and status review of existing discussions inmultilateral fora to obtain agreements on international norms in cyberspace.The United States has developed and is promoting a strategic framework ofinternational cyber stability, designed to achieve and maintain a peacefulcyberspace environment where all states are able to fully realize its benefits, wherethere are advantages to cooperating against common threats and avoiding conflict,and where there is little incentive for states to engage in disruptive behavior orattack one another. There are three key elements to this framework: (1) globalaffirmation of the applicability of international law to state behavior in cyberspace;(2) the development of international consensus on additional norms and principles

- 13 of responsible state behavior in cyberspace that apply during peacetime; and(3) the development and implementation of practical CBMs, which can help ensurestability in cyberspace by reducing the risk of misperception and escalation. Wehave forged a growing international consensus on this framework, and willcontinue to promote a br

teams (CSIRTs), public-private partnerships, and public awareness campaigns. The Department of State is expanding bilateral cybersecurity cooperation with like-minded countries and supporting multilateral efforts to improve cooperation on network defense, information sharing, and incident management and recovery.