Cyberstability Updates – March 2018

Cyberstability Updates – March 2018

March 31, 2018, Monthly update

Download Publication Download Document

The GCSC in the Media

Private sector over-investing against nation-state attacks

The article featuring the GCSC and authored by Aaron Tan was published on 23.03.2018 in Computer Weekly

Woodcock, who developed the anycast routing technique that protects the domain name system, sits on the Global Commission on the Stability of Cyberspace (GCSC), a 25-member group that hopes to stop state-sponsored attacks against critical internet infrastructure, following unsuccessful efforts by Russia in 1998 to push for a United Nations treaty to deter cyber aggression by nation states.

Read the full article here.

 Diplomats, ‘Net greybeards work to disarm USA, China and Russia’s cyber-weapons

The article based on an interview with the GCSC Commissioner Bill Woodcock and authored by Simon Sharwood was published on 22.03.2018 in The Register.

Black Hat Asia The USA, China and Russia are doing all that they can to avoid development of a treaty that would make it hard for them to conduct cyber-war, but an effort led by the governments of The Netherlands, France and Singapore, together with Microsoft and The Internet Society, is using diplomacy to find another way to stop state-sponsored online warfare.

The group making the diplomatic push is called the Global Commission on the Stability of Cyberspace (GCSC).

One of the group’s motivations is that state-sponsored attacks nearly always have commercial and/or human consequences well beyond their intended targets.

Read the full article here.

Commissioners in the Media

Strategist Six: Chris Painter

The interview with the GCSC Commissioner Chris Painter was published on 29.03.2018 in The Strategist

: As a top US cyber specialist, you’ve seen the internet shrink the world by allowing people to communicate over vast distances. It’s given us access to massive amounts of information and allowed oppressed people to unite and force change. But it’s also used by terrorists to encourage attacks and by nations to steal commercial and military secrets. Overall, has the net made the world a better or a more dangerous place?

Commissioner Chris Painter: Every new technology from the beginning of mankind has been seized upon by criminals and others who have tried to exploit it. For better or worse, the internet was never conceived as a secure platform. Instead it was designed to ensure communication, survive and be resilient. On balance, it’s been a tremendous force for good in terms of social interaction, global communication and economic growth. So even with the mounting threats, I would definitely say it has made the world a better place.

Read the full interview here.

Putin’s Pyrrhic Victory

The op-ed authored by the GCSC Special Representative Carl Bildt was published on 23.03.2018 in Project Syndicate.

Russian President Vladimir Putin’s foreign incursions and public displays of militant nationalism have proved effective in winning over large swathes of the Russian electorate. But they have also turned Russia into an economic lightweight, and left it increasingly isolated on the world stage.

Read the full interview here.

Information als Waffe im Cyberkrieg

The interview with the GCSC Director Alexander Klimburg was published on 23.03.2018 in the Wiener Zeitung

“Wiener Zeitung”: Welche Lehren ziehen Sie aus der sogenannten Cambridge Analytica/Facebook-Affäre – es ist bekannt geworden, dass die Firma Cambridge Analytica Daten von rund 50 Millionen Facebook-Usern abgeschöpft hat?

Alexander Klimburg: Für mich steht fest, dass man die Datenschutzregeln neu konzipieren muss. Wobei ich nicht im Camp jener super-strikten Datenschützer bin, die der Überzeugung sind, dass man Datenströme möglichst streng kontrollieren und regulieren muss. Denn das hätte zur Folge, dass man in Zukunft für Facebook, Twitter, Google und viele Gratis-Services bezahlen muss. Gleichzeitig bin ich aber auch nicht der Meinung, dass alle Daten völlig frei verfügbar sein sollen, so wie das einige in Silicon Valley gerne hätten.

Read the full interview here.

China could win the West’s stupid — and pointless — war over steel

The op-ed authored by the GCSC Special Representative Carl Bildt was published on 21.03.2018 in the Miami Herald.

Once upon a time, the politics of Europe was all about coal and steel.

The coal fields of England made the nation the world’s first industrial power. Rising Germany built its might in the steel furnaces of the Ruhr area. The symbol of Stalin’s Soviet Union was the steel town of Magnitogorsk. When Europeans came together after two devastating world wars, they set up the European Steel and Coal Community, the origin of today’s European Union.

But that was a long time ago. Magnitogorsk might have been built to rival and overtake Pittsburgh as a steel town, but Pittsburgh has moved on. It is now a center of knowledge, artificial intelligence and autonomous vehicles. Steel and coal have since long lost their hold on the geopolitics of Europe.

Read the full article here.

The Honorable Michael Chertoff Discusses the Future of Patient Care, Safety and Security at SXSW 2018

The article featuring the GCSC Co-Chair Michael Chertoff was published on 19.03.2018 in Cision PRWeb

Secretary Michael Chertoff, executive chairman and co-founder of The Chertoff Group, a premier global advisory firm that provides security risk management, business strategy and merchant banking advisory services, joined leading healthcare and cybersecurity experts at SXSW 2018 on a panel discussion titled, “Body Computing Security and Human Safety.” During the session, Chertoff, along with Leslie Saxon, executive director at the USC Center for Body Computing and Beau Woods, cyber innovation fellow at The Atlantic Council, provided insight on the future of healthcare and digital health as well as security considerations and concerns associated with the advancement of connected, medical devices.

Read the full article here.

Beware the Big Five

The article featuring the GCSC Director Alexander Klimburg‘s latest book “The Darkening Web” was published on 16.03.2018 in The New York Review of Books

Cyberwarfare can be waged in many different ways. There are DDoS (distributed denial of service) attacks, by which a system is flooded with superfluous traffic to disrupt its intended function. The largest DDoS attack to date was the work of the Mirai botnet (a botnet is created by hacking a system of interconnected devices so they can be controlled by a third party), which in October 2016 attacked a company called Dyn that manages a significant part of the Internet’s infrastructure. It temporarily brought down much of the Internet in the US. There are also hacks designed to steal and leak sensitive materials, such as the Sony hack attributed to North Korea or the hacking of the DNC’s e-mail servers during the 2016 election. And there are attacks that damage essential devices linked to the Internet, including computing systems for transportation, telecommunications, and power plants. This type of attack is increasingly being viewed as a grave threat to a country’s infrastructure.

The military once used the term “information warfare” to refer to any cyberattack or military operation that targeted a country’s information or telecommunications systems. But the phrase has come to have a more specific meaning: the exploitation of information technology for the purposes of propaganda, disinformation, and psychological operations. The US is just now beginning to confront its vulnerability to this potentially devastating kind of cyberattack.

This is the subject of Alexander Klimburg’s prescient and important book, The Darkening Web: The War for Cyberspace, written largely before the revelation of Russian interference in the 2016 election. With its unparalleled reach and targeting, Klimburg argues, the Internet has exacerbated the risks of information warfare. Algorithms employed by a few large companies determine the results of our web searches, the posts and news stories that are featured in our social media feeds, and the advertisements to which we are exposed with a frequency greater than in any previous form of media. When disinformation or misleading information is fed into this machinery, it may have vast intended and unintended effects.

Read the full article here.

Cyber Risk Forum Preview: Former Secretary Of Homeland Security Michael Chertoff

The interview with the GCSC Co-Chair Michael Chertoff was published on 15.03.2018 in the Chief Executive.

Former Secretary of the U.S. Department of Homeland Security Michael Chertoff will be speaking at the 2018 Cyber Risk Forum on April 16, 2018 in San Francisco. Hosted alongside RSA® Conference, Corporate Board Member and Chief Executive are presenting the 3rd annual Cyber Risk Forum to provide CEOs and board members with the opportunity to explore emerging trends, prevalent threats and strategic opportunities surrounding cybersecurity. Click here to register.

In part 1 of our 2-part interview, Chief Executive caught up with Chertoff to talk about cyber threats and what business leaders should be focusing on in cybersecurity.

Q: What are the cyber threats you’re seeing right now that CEOs and board directors should be aware of that they are likely not aware of? What’s worrying you that should be worrying them?

A: Among the growing list of cybersecurity threats to corporations and citizens is the worry that nation states could be compiling dossiers of Americans for intelligence purposes. A series of major thefts of personal data — not intellectual property — over recent years could suggest that a nation state is trying to build a database of all Americans. It’s one of the reasons that the scale of what people can do now with modern analytics allows them to make use of the kind of information that, 20 years ago, would have been valueless.

Read the full interview here.

 Chris Painter’s interview with the ABC News

The interview with the GCSC Commissioner Chris Painter was published on 09.03.2018 in the ABC News.

“Unlike regional things in the physical world, cyber is borderless,” Chris Painter, White House Senior Director for Cybersecurity Policy, says states need to be more active in identifying cyber criminals.

Access the full interview here.

 How Will New Cybersecurity Norms Develop?

The op-ed authored by the GCSC Commissioner Joseph Nye was published on 08.03.2018 in the Project Syndicate.

Norms can be suggested and developed by a variety of policy entrepreneurs. For example, the new non-governmental Global Commission on Stability in Cyberspace, chaired by former Estonian Foreign Minister Marina Kaljurand, has issued a call to protect the public core of the Internet (defined to include routing, the domain name system, certificates of trust, and critical infrastructure).

Meanwhile, the Chinese government, using its Wuzhen World Internet Conference series, has issued principles endorsed by the Shanghai Cooperation Organization calling for recognition of the right of sovereign states to control online content on their territory. But this need not contradict the call to protect the public core, which refers to connectivity rather than content.

Other norm entrepreneurs include Microsoft, which has issued a call for a new Geneva Convention on the Internet. Equally important is the development of norms regarding privacy and security regarding encryption, back doors, and the removal of child pornography, hate speech, disinformation, and terrorist threats.

As member states contemplate the next steps in the development of cyber norms, the answer may be to avoid putting too much of a burden on any one institution like the UNGGE. Progress may require the simultaneous use of multiple arenas. In some cases, development of principles and practices among like-minded states can lead to norms to which others may accede at a later point. For example, China and the US reached a bilateral agreement restricting cyber espionage for commercial purposes. In other cases, such as security norms for the Internet of Things, the private sector, insurance companies, and non-profit stakeholders might take the lead in developing codes of conduct.

What is certain is that the development of cybersecurity norms will be a long process. Progress in some areas need not wait for progress in others.

Read the full article here.

EWI Co-hosts Cybersecurity Roundtable at Munich Security Conference

The news item featuring the GCSC Chair Marina Kaljurand and the GCSC Co-Chair Michael Chertoff was published on 07.03.2018 by the EastWest Institute

Bruce McConnell, Global Vice President and head of EWI’s Global Cooperation in Cyberspace Initiative, moderated the discussion which was focused on “Deterrence in the Age of Cyber Geopolitics.” Participants examined the threat of state-sponsored cyber attacks and escalating arsenals of cyber weapons, looking for ways to increase international stability in cyberspace. One possible route to stability is the development of norms of responsible behavior for cyberspace for states, or codes of conduct for companies that could reduce the risk for conflict. In this vein, the roundtable featured remarks from Chair of the Global Commission on the Stability of Cyberspace Marina Kaljurand, and Co-chair Michael Chertoff.

Read the full article here.

 Video: Russia’s cyber war against democracy

The interview with the GCSC Commissioner Chris Painter was published on 05.03.2018 in ABC News.

Cyber security expert Chris Painter says the Russians have been involved in influencing operations and undermining democratic systems for a long time.

Access the full interview here.

 An Arms Race that only has Losers

The op-ed authored by the GCSC Commissioner Wolfgang Kleinwächter was published in German in the Frankfurter Allgemeine.

Instabilität im Cyberspace ist für die Zukunft der Menschheit ebenso gefährlich wie der Klimawandel. Vier Milliarden Menschen nutzen das Internet, rund vier Billionen Dollar ist der E-Commerce-Markt schwer, Tendenz steigend. Ein nicht funktionierendes Internet würde Gesellschaft, Politik und Wirtschaft ins Chaos stürzen. Auch die digitale Welt braucht Frieden, Vertrauen und Verständigung. Und dennoch wird digital von allen Seiten unter Hochdruck aufgerüstet, schreitet die Militarisierung des Cyberspace ungebremst voran. „Cyber“ ist wieder ein Top-Thema bei der Münchner Sicherheitskonferenz, die am Freitag beginnt. Taumeln wir in einen regelrechten Cyberkrieg? Oder können wir den Weg bahnen in eine neue „Cyberentspannung“?

Access the full op-ed here.

Norms in Cyberspace

Filling the gaps in international law is essential to making cyberspace a safer place

The article on cyberspace norms by Jenny Erie was published on 27.03.2018 in the Security Boulevard. 

A month ago, on the sidelines of the Munich Security Conference, Microsoft organized an expert workshop to discuss gaps in international law as it applies to cyberspace. We were fortunate enough to bring together twenty leading stakeholders, including international legal experts, United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE) delegates, diplomats, and non-governmental organizations (NGOs). Together, we looked at the current situation in cybersecurity norms and international law, and we discussed possible paths forward. What emerged was a significant consensus on both the need to restructure cybersecurity discussions globally and the necessity of implementing the 2015 UNGGE report.

Access the full article here.