Risk
2/19/2014
03:39 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%
Repost This

U.S. Running Out Of Allies On Cyber Battlefield

International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week

International cyber policy and enforcement and ownership over the Internet are all thorny topics, particularly since the Edward Snowden leaks. All of these subjects will be tackled at the RSA Conference next week in a panel discussion titled "Cyber Battle: The Future of Conflict."

RSA Conference 2014
Click here for more articles about the RSA Conference.

Outdated extradition treaties are not prepared to deal with the borderless realm of the Internet. Although there are rules about international airspace and international waters, there is no defined international cyberspace. Without discrete laws to be enforced, cybercrime investigations and prosecutions rely less upon a set of established directives and more upon an international spirit of cooperation.

Yet recent events have disturbed that spirit of cooperation. Dmitri Alperovitch, panel moderator and co-founder and CTO of CrowdStrike, says that while the U.S.'s traditional allies are publicly taking a stand against American spying, unofficially they're much more understanding and less surprised.

However, says Alperovitch, the Snowden scandal has increased the "lack of trust from the rest of the world in the continued U.S. leadership of the Internet."

Although there is no one "owner" of the Internet, most of the world's root DNS servers reside within the United States and ICANN is an American corporation that operates as part of the U.S. Department of Commerce.

Over recent years there has been a great deal of discussion over Internet governance, and movements to wrest the power away from the U.S. and place it in the hands of the United Nations, specifically the International Telecommunication Union. Thus far, these efforts have failed.

"All the energy and push is on the other side, [not the U.S.]," Alperovitch says, "particularly with countries that are fearful of a free Internet."

Alperovitch points out that even American allies do not all share the American stances on freedom of the press. He also referenced the U.S.'s efforts to push China to destroy the "Great Firewall of China" and support a free and open Internet.

"Since the Snowden revelation, the U.S. agenda on China has been completely derailed," he says.

While all this is happening, the number of malicious actors and government-approved spying on the Internet is expanding and the number of countries involved in the activity is increasing.

"You can pretty much assume that everyone is spying on everyone," he says. "How can we get back to a safer Internet that we've enjoyed that now seems just like a memory?"

Alperovitch's panel will take place next Thursday morning, Feb. 27. Panelists include Eric Rosenbach, Deputy Assistant Secretary for Cyber Policy of the Department of Defense, James Lewis, Program Director of the Center for Strategic and International Studies, Jason Healey, Director of Cyber Statecraft Initiative for the Atlantic Council, and Martin Libicki, Senior Scientist of RAND.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Sara Peters is contributing editor to Dark Reading and editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web