Robert Strayer: So we're talking to a number of countries about how very important it is that we consider security and adopting a risk-based security framework, as telecom operators in their countries implement 5G infrastructure. And in particular, we've asked them to focus on the supply chain security issue as well as part of that overall risk-based assessment of the infrastructure. We're particularly focused to and talking about how we have a concern about the ability of a government to influence vendors within a country to either disrupt communications to alter the integrity of the data or to conduct espionage through the 5G infrastructure if it's not made secure and done with the truly trustworthy vendors.
Dave Bittner: And specifically, we're talking about Huawei here and the efforts to keep some of Huawei's equipment out of the build-outs for 5G around the world.
Robert Strayer: Right. Well, I would say that, you know, our focus is on a sort of country-agnostic framework that we say - you know, that relationship between a government and the companies within that country, if it's governed by a relationship where there's not strong rule-of-law presence and companies are subject to extrajudicial mandates, where they cannot go to court and say that, we are governed by a statute and laws that require us to protect citizens' rights to operate in ways that are above board, then we think there are substantial concerns potentially with the vendor. Huawei, currently in the legal regime in China, would fit that categorization, in our view. That is correct.
Dave Bittner: And so why the concern over the 5G build-out, specifically?
Robert Strayer: As part of our discussions about the need to have security-related 5G, unlike 4G where most of the focus has been on just the availability of communications and availability of being able to use applications largely through our smartphones, you know, 5G will be completely transformative in the amount of and types of applications that will be made available through the 5G infrastructure, with its very high throughput rates and very low latency. So of course that includes telemedicine, automated manufacturing and all of the "internet of things" world that we know will be empowered.
Robert Strayer: So the stakes that - related to 5G couldn't be higher, in the sense of all the sort of vital applications that we will be relying on it for become that much more critical and would put all of us and our sort of collective security interests at risk and our collective economic interests much more at risk, if they could be disrupted or the data that's flowing over those systems disrupted through a cyber means.
Dave Bittner: And how successful are you, as you travel around the globe, getting other nations on board?
Robert Strayer: You know, if you looked a year ago, we had, I think, a very nascent understanding of what 5G was going to be about, what 5G is going to develop into, and certainly, there was not an appreciation of the potential security risks related to the availability of the applications to the integrity of the data and to potential espionage related - that could occur through 5G networks. So as we've done a vigorous campaign around the world to talk to governments about our concerns, as well as to talking to the private sector. I've not heard a country or - and see within a country not acknowledge that there is a 5G security concern that they're now focused on. So I think we've had a great success in raising that awareness.
Dave Bittner: And where does the U.S. stand in terms of its ability to lead right now when it comes to the global conversation on cybersecurity?
Robert Strayer: I think we're in a great position. Our secretary of state, Secretary Pompeo, has been very engaged in raising this issue with his counterparts around the globe. We have a number of ambassadors that are talking to their host governments about the issue. We've got diplomats in posts around the world who are articulate about the digital economy and cybersecurity portfolios that they have. They sort of amplify the work that we're doing here in Washington on a continuous basis with the host governments.
Robert Strayer: And you know, in the last few weeks, we've seen announcements by Germany talking about - announcing they're going to have stronger standards for 5G security. We've seen the European Union both through a resolution in their Parliament and then a council decision that resulted in a recommendation by the European Union Commission just this week on improving supply chain security related to 5G, and the European Union in fact said that they need to look at the legal system of that - of third countries where the vendors are located.
Dave Bittner: And as you look forward, what are the biggest challenges that you see the State Department facing when it comes to cybersecurity?
Robert Strayer: You know, there's a constant need for us to be able to articulate our vision for a stable cyberspace, which includes the importance of the applicability of international law to cyberspace, that it applies in cyberactivities just as it does in the physical world, and that countries should not be able to act in ways that undermine independence of other countries or what we call violate the principle of non-intervention, which would be obviously implicated when you interfere with the elections of another country. It's also important we just keep talking about these norms of responsible state behavior and what they mean.
Robert Strayer: There's a reality that some countries are going to see it in their interest to act in ways that use cyber as an asymmetric tool that advance their interests but of course violate these norms of responsible state behavior. So we need to educate other countries about the importance of these norms and how we need to work together to hold accountable those states that would act contrary to those norms. There's tremendous legitimacy, when we act together, to attribute and eventually bring consequences to bear against nations that act contrary to those norms of responsible state behavior.
Dave Bittner: That's Rob Strayer, deputy assistant secretary at the U.S. State Department for Cyber and International Communications Policy.