the Council of Councils initiative



Similar documents
The puzzle in the bits:

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Guiding principles for security in a networked society

Michael Yakushev PIR-Center, Moscow (Russia)

European Commission Per

Cyber Diplomacy A New Component of Foreign Policy 6

GLOBAL BUSINESS DIALOGUE ON ELECTRONIC COMMERCE CYBER SECURITY AND CYBER CRIME SEPTEMBER 26, CEO EDS Corporation

Honourable members of the National Parliaments of the EU member states and candidate countries,

Policies and Practices on Network Security of MIIT

working group on foreign policy and grand strategy

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

Cyber Security in the U.S.

MANAGING THE GLOBAL INTERNET ECONOMY: A NEW CHALLENGE FOR THE US AND JAPAN

Research Note Engaging in Cyber Warfare

TUSKEGEE CYBER SECURITY PATH FORWARD

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

Cyber Security Recommendations October 29, 2002

Cyber Security Strategy

Cybersecurity and the Romanian business environment in the regional and European context

Andrzej Kozłowski Research Fellow Casimir pulaski Foundation. The cyber strikes back the retaliation against the cyberattack

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

Confrontation or Collaboration?

Public Private Partnerships and National Input to International Cyber Security

Thank you for your very kind introduction.

National Security Agency

Viewpoint: Implementing Japan s New Cyber Security Strategy*

It's a MAD, MAD, MAD Cyber World

The main object of my research is :

EU Cybersecurity: Ensuring Trust in the European Digital Economy

THE CURRENT GLOBAL THREATS TO CYBERSPACE SECURITY

Australia s proposed accession to the Council of Europe Convention on Cybercrime

National Cyber Security Strategy of Afghanistan (NCSA)

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER

National Cyber Threat Information Sharing. System Strengthening Study

CYBER WARFARE AN ANALYSIS OF THE MEANS AND MOTIVATIONS OF SELECTED NATION STATES INSTITUTE FOR SECURITY TECHNOLOGY STUDIES AT DARTMOUTH COLLEGE

Does NATO s Article V Genuinely Protect Its Members?

Today s Global Cyber Security Status and Trustworthy Systems That Leverage Distrust Amongst Sovereigns

Kshetri, N. (2014). Japan s changing cyber security landscape, Computer, 47(1), doi: /MC

RUSSIA CHINA NEXUS IN CYBER SPACE

DOC NO: INFOSOC 53/15 DATE ISSUED: June Resolution on the open and neutral Internet

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

WRITTEN TESTIMONY OF

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

Cyber Security Strategy of Georgia

ITU National Cybersecurity/CIIP Self-Assessment Tool

The FBI Cyber Program. Bauer Advising Symposium //UNCLASSIFIED

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

Managing Web Security in an Increasingly Challenging Threat Landscape

CYBER BRIEF Improving Supply-Chain Policy for U.S. Government Procurement of Technology

A Reluctant Cyber Security Agreement between the US and China

Just Net Coalition statement on Internet governance

S. ll IN THE SENATE OF THE UNITED STATES

Cyber Security Strategy for Germany

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

Global Corporate Responsibility for Internet Freedom. Background paper

Cybercrimes: A Multidisciplinary Analysis

THE CRITICAL ROLE OF EDUCATION IN EVERY CYBER DEFENSE STRATEGY

DOC NO: INFOSOC 52/14 DATE ISSUED: June Resolution on the open and neutral Internet

資 通 安 全 產 品 研 發 與 驗 證 (I) ICT Security Overview. Prof.. Albert B. Jeng ( 鄭 博 仁 教 授 ) 景 文 科 技 大 學 資 訊 工 程 系

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

Harmful Interference into Satellite Telecommunications by Cyber Attack

The internet and digital technologies play an integral part

2 Gabi Siboni, 1 Senior Research Fellow and Director,

Some Perspectives On Cybersecurity. Shernon Osepa Manager Regional Affairs Latin America & Caribbean

Modernizing Mission Critical Business Apps

Cybersecurity. Considerations for the audit committee

Cloud Vendor Benchmark 2014 A Comparison of Software Vendors and Service Providers

Preservation of longstanding, roles and missions of civilian and intelligence agencies

PROPOSAL 20. Resolution 130 of Marrakesh on the role of ITU in information and communication network security

Cybersecurity & International Relations. Assist. Prof. D. ARIKAN AÇAR, Ph.D. Department of International Relations, Yaşar University, Turkey.

Civil Rights, Security and Consumer Protection in the EU

MOBILE MALWARE REPORT

Cybersecurity, Foreign Policy, and Business

Executive Suite Series An Akamai White Paper

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

Christos Douligeris cdoulig at unipi dot gr. Department of Informatics University of Piraeus

"Cyber War or Electronic Espionage - Active Defense or Hack Back" David Willson Attorney at Law, CISSP Assess & Protect Corporate Information

CYBERSPACE SECURITY CONTINUUM

STATE OF CYBER SECURITY IN ETHIOPIA

Cybersecurity: Legislation, Hearings, and Executive Branch Documents

CYBER SECURITY OF HARES, TORTOISES AND HEDGEHOGS

Declaration of Principles of the World Summit. Tunis in 2005 adopted by Heads of States and Governments stated that:

THE HUMAN FACTOR AT THE CORE OF FEDERAL CYBERSECURITY

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

POLICIES TO MITIGATE CYBER RISK

Cybercrime: risks, penalties and prevention

Internet Safety and Security: Strategies for Building an Internet Safety Wall

EFFECTIVE APPROACHES TO CYBERSECURITY FOR UTILITIES TERRY M. JARRETT HEALY & HEALY ATTORNEYS AT LAW, LLC OCTOBER 24, 2013

Cybersecurity and internal audit. August 15, 2014

CSIS/DOJ Active Cyber Defense Experts Roundtable March 10, 2015

Availability Digest. History s Largest DDoS Attack? April 2013

Second Cyber Security Summit, November 11, 2013 in Bonn Final communique

An Overview of Large US Military Cybersecurity Organizations

Government Surveillance, Hacking, and Network Security: What Can and Should Carriers Do? Kent Bressie PITA AGM, Tonga April 2015

Cyberterror. Cyberspace computer-mediated communication systems has become a battleground between states and terrorists, and among nation states.

2015 Michigan NASCIO Award Nomination. Cyber Security Initiatives: Michigan Cyber Disruption Response Strategy

Cyber Security Strategy

Transcription:

Author: Andrea Renda, Senior Research Fellow, Centre for European Policy Studies May 3, 2013 Editor's note: This brief is a feature of the Council of Councils initiative, gathering opinions from global experts on major international developments. Cybersecurity is now a leading concern for major economies. Reports indicate that hackers can target the U.S. Department of Justice or Iranian nuclear facilities just as easily as they can mine credit card data. Threats have risen as the Internet has become a critical infrastructure for the global economy, with thousands of operations migrating onto it. For example, the innocuous practice of bringyour-own-device to work presents mounting dangers due to malware attacks--software intended to corrupt computers. Between April and December 2012, the types of threats detected on the Google Android platform increased by more than thirty times from 11,000 to 350,000, and are expected to reach one million in 2003, according to security company Trend Micro (See Figure 1). Put simply, as the global economy relies more on the Internet, the latter becomes increasingly insidious. There is no doubt that the Internet is efficient. But it now needs a more concerted global effort to preserve its best aspects and guard against abuses.

Trend Micro (2013) Source: The rise of the digital cold war Cyber threats and cyberattacks also reveal an escalating digital cold war. For years the United States government has claimed that cyberattacks are mainly state-sponsored, initiated predominantly by China, Iran, and Russia. The penetration of the U.S. Internet technology market by corporations such as Huawei, subsidized by the Chinese government, has led to more fears that sensitive information is vulnerable. After an explicit exchange of views between President Barack Obama and President Xi Jinping in February 2013, the United States passed a new spending law that included a cyber espionage review process limiting U.S. government procurement of Chinese hardware. U.S. suspicions intensified when Mandiant, a private information security firm, released a report detailing cyber espionage by a covert Chinese military unit against 100 U.S. companies and organizations. In March 2013, the U.S. government announced the creation of thirteen new teams of computer experts capable to retaliate if the United States were hit by a major attack.

On the other hand, Chinese experts claim to be the primary target of state-sponsored attacks, largely originating from the United States. But in reality the situation is more complex. Table 1 shows that cyberattacks in March 2013 were most frequently launched from Russia and Germany, followed by Taiwan and the United States. Source: Deutsche Telekom Cyber initiative What is happening to the Internet? Created as a decentralized network, the Internet has been a difficult place for policymakers seeking to enforce the laws of the real world. Distributed Denial of Service (DDoS) attacks consisting of virus infected systems (Botnet) targeting a single website leading to a Denial of Service for the end user became a harsh reality by 2000, when companies such as Amazon, ebay, and Yahoo! had been affected. These costs stem from the direct financial damage caused by loss of revenue during an attack, disaster recovery costs associated with restoring a company's services, a loss of customers following an attack, and compensation payments to customers in the event of a violation of their service level

agreements. As the Internet permeates everyday life, the stakes are becoming even higher. In a few years, society could delegate every aspect of life to information technology imagine driverless cars, machineto-machine communications, and other trends that will lead to the interconnection of buildings to trains, and dishwashers to smartphones. This could open up these societies to previously unimaginable disruptive cyber events. What is as concerning is that in cyberspace, attacks seem to have a structural lead over defense capabilities: it can be prohibitively difficult to foresee where, how, and when attackers will strike. Confronted with this challenge, the global community faces a dilemma. The neutrality of the Internet has proven to be a formidable ally of democracy, but the cost of protecting users' freedom is skyrocketing. Critical services, such as e-commerce or e-health, might never develop if users are not able to operate in a more secure environment. Moreover, some governments simply do not like ideas to circulate freely. Besides the "giant cage" built by China to insulate its Internet users, countries like Pakistan have created national firewalls to monitor and filter the flow of information on the network. And even the Obama administration, which has most recently championed Internet freedom initiatives abroad, is said to be cooperating with private telecoms operators on Internet surveillance, and Congress is discussing a new law imposing information sharing between companies and government on end-user behavior, which violates user privacy. The question becomes more urgent every day: Should the Internet remain an end-to-end, neutral environment, or should we sacrifice Internet freedom on the altar of enhanced security? The answer requires a brief explanation of how the Internet is governed, and what might change. The end of the Web as we know it? Since its early days, the Internet has been largely unregulated by public authorities, becoming a matter for private self-regulation by engineers and experts, who for years have taken major decisions through unstructured procedures. No doubt, this has worked in the past. But as cyberspace started to expand, the stakes began to rise. Informal bodies such as the Internet Corporation for Assigned Names and Numbers (ICANN) a private, U.S.-based multi-stakeholder association that rules on domain names and other major aspects of the Internet have been increasingly put under the spotlight. Recent ICANN rulings have exacerbated the debate over the need for more government involvement in Internet governance, either through a

dedicated United Nations agency or through the International Telecommunications Union (ITU), an existing UN body that ensures international communication and facilitates deployment of telecom infrastructure. But many experts fear that if a multi-stakeholder model is abandoned, the World Wide Web would cease to exist as we know it. Last year's World Conference on International Telecommunications, held in Dubai, hosted a heated debate on the future of cyberspace. Every stakeholder was looking for a different outcome. The ITU looked to expand its authority over the Internet; European telecoms operators wanted to secure more revenues by changing the rules for exchanging information between networks; China, Russia, and India wanted stronger government control over the Internet; the United States and Europe stood to protect the multi-stakeholder model of ICANN; and a group of smaller countries sought to have Internet access declared a human right. When a new treaty was finally put to vote, unsurprisingly, as many as fifty-five countries (including the United States and many EU member states) decided not to sign. Since then, the question on how the Internet will be governed remains unresolved. Where do we go from here? The problems that affect cyberspace cannot be resolved easily. There are three aspects that deserve international cooperation: cybersecurity, Internet governance, and freedom of expression. Solutions exist in all three domains, but should be addressed separately. First, cybersecurity needs a global public-private partnership, which entails the following steps: Countries should formally commit to fighting botnets and refraining from governmentsponsored cyberattacks. Governments should set up Computer Emergency Readiness Teams that receive notification from private parties and secure network resilience either directly or through private network operators. Operators should agree on industry-wide codes of conduct at a regional, and possibly at a global, level to ensure that the flow of information between operators and public authorities is fast and reliable. Trust should be established between public and private operators through a dedicated platform, as is currently being adopted in Europe. A taxonomy and classification of major risks and available counterstrategies should be

developed. This would enable the development of a more mature insurance market for cybersecurity. Second, there is no credible alternative to the multi-stakeholder model for Internet governance. But the United States should realize that major Internet assets should not be controlled solely by domestic companies, especially as most Internet users are in Asia. More generally, ICANN should become more transparent, structured, accountable, and represent a multi-stakeholder framework if it wants to survive as a private regulator. Third, the global community should protect freedom of expression, possibly through the United Nations Educational Scientific and Cultural Organization. Even if traffic management and "toll lanes" are allowed on the Internet, universal access to a robust, neutral Internet should always be preserved as a guarantee for democracy. This will be heavily resisted since it could lead to easier anonymity for criminals, but any alternative would undermine Internet freedom.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information