Cybersecurity has moved from a niche technical concern to a central issue in global politics, and few people have seen that shift as closely as Chris Painter. Speaking at World Computer Day Davos 2026, the former US Coordinator for Cyber Issues reflected on how cyber diplomacy has evolved over the past three decades, and why international cooperation is becoming harder at the very moment it is most needed.
Painter, now a founding partner at The Cyber Policy Group, was joined in a fireside chat moderated by Tracy Trachsler, Head of Institutional Affairs at the DFINITY Foundation. Drawing on experience across the US Justice Department, FBI, White House National Security Council and State Department, Painter offered a candid look at how governments have struggled to treat cyberspace with the seriousness it demands.
He described the early years of cyber policy as a long campaign to convince political leaders that digital threats were not simply an IT issue. For a long time, he said, cyber professionals felt like they were “yelling in the wilderness”, with senior decision-makers often dismissing cyber risk as too technical or too abstract. That has changed, partly because cyber incidents have become impossible to ignore.
Painter pointed to ransomware as one of the clearest drivers of public awareness. When fuel supplies are disrupted, hospitals are affected, or basic services stop functioning, cyber risk becomes a political issue rather than an internal corporate cost. He argued that these disruptive attacks have forced both governments and businesses to recognise cybersecurity as part of national resilience.
The conversation also touched on nation-state cyber operations, particularly the large-scale theft of intellectual property attributed to China over many years. Painter recalled how the issue eventually rose to the level of direct diplomatic engagement, including high-level pressure during the Obama-Xi era. Agreements were reached around limiting commercial cyber theft, and while imperfect, they showed that geopolitical interests can sometimes create space for restraint.
Still, Painter stressed that the global environment has become more fragmented. Cyber operations now offer states a way to project power without deploying military forces, and accountability remains inconsistent. While international law applies in cyberspace, enforcement is uneven, and attacks on critical infrastructure continue despite agreed norms.
Painter discussed the UN-backed framework of voluntary cyber norms, including commitments not to target civilian infrastructure during peacetime. The challenge, he said, is that violations happen frequently, and consequences are often slow or unclear. Joint attribution by coalitions of countries can help build shared understanding, but it does not always deter repeat behaviour.
A recurring theme was escalation risk. Cyber tools can cause unintended spillover, as seen in attacks that spread beyond their intended targets and disrupted healthcare systems and global networks. Painter noted that governments still lack a clear shared understanding of escalation dynamics in cyberspace, making communication channels and confidence-building measures essential.
On emerging technologies, Painter identified AI as the most immediate challenge for cyber diplomacy. He argued that AI is no longer theoretical in offensive cyber operations, with states and criminal groups already using it to accelerate attacks and adapt tactics quickly. At the same time, AI is also being embedded into defence tools, creating a fast-moving contest between attackers and defenders.
Painter closed with a reminder that cybersecurity cannot be managed by governments alone. Effective cooperation requires meaningful engagement with the private sector, which often has deeper visibility into networks and threats. Trust, incentives, and real feedback loops will shape whether those partnerships work.
In a world where digital conflict is increasingly tied to geopolitics, Painter’s message was clear: cyber diplomacy is no longer optional, and building international trust may be the hardest task of all.
Dear Reader,
Ledger Life is an independent platform dedicated to covering the Internet Computer (ICP) ecosystem and beyond. We focus on real stories, builder updates, project launches, and the quiet innovations that often get missed.
We’re not backed by sponsors. We rely on readers like you.
If you find value in what we publish—whether it’s deep dives into dApps, explainers on decentralised tech, or just keeping track of what’s moving in Web3—please consider making a donation. It helps us cover costs, stay consistent, and remain truly independent.
Your support goes a long way.
🧠 ICP Principal: ins6i-d53ug-zxmgh-qvum3-r3pvl-ufcvu-bdyon-ovzdy-d26k3-lgq2v-3qe
🧾 ICP Address: f8deb966878f8b83204b251d5d799e0345ea72b8e62e8cf9da8d8830e1b3b05f
Every contribution helps keep the lights on, the stories flowing, and the crypto clutter out.
Thank you for reading, sharing, and being part of this experiment in decentralised media.
—Team Ledger Life
Community Discussion