Risk
2/19/2014
03:39 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

U.S. Running Out Of Allies On Cyber Battlefield

International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week

International cyber policy and enforcement and ownership over the Internet are all thorny topics, particularly since the Edward Snowden leaks. All of these subjects will be tackled at the RSA Conference next week in a panel discussion titled "Cyber Battle: The Future of Conflict."

RSA Conference 2014
Click here for more articles about the RSA Conference.

Outdated extradition treaties are not prepared to deal with the borderless realm of the Internet. Although there are rules about international airspace and international waters, there is no defined international cyberspace. Without discrete laws to be enforced, cybercrime investigations and prosecutions rely less upon a set of established directives and more upon an international spirit of cooperation.

Yet recent events have disturbed that spirit of cooperation. Dmitri Alperovitch, panel moderator and co-founder and CTO of CrowdStrike, says that while the U.S.'s traditional allies are publicly taking a stand against American spying, unofficially they're much more understanding and less surprised.

However, says Alperovitch, the Snowden scandal has increased the "lack of trust from the rest of the world in the continued U.S. leadership of the Internet."

Although there is no one "owner" of the Internet, most of the world's root DNS servers reside within the United States and ICANN is an American corporation that operates as part of the U.S. Department of Commerce.

Over recent years there has been a great deal of discussion over Internet governance, and movements to wrest the power away from the U.S. and place it in the hands of the United Nations, specifically the International Telecommunication Union. Thus far, these efforts have failed.

"All the energy and push is on the other side, [not the U.S.]," Alperovitch says, "particularly with countries that are fearful of a free Internet."

Alperovitch points out that even American allies do not all share the American stances on freedom of the press. He also referenced the U.S.'s efforts to push China to destroy the "Great Firewall of China" and support a free and open Internet.

"Since the Snowden revelation, the U.S. agenda on China has been completely derailed," he says.

While all this is happening, the number of malicious actors and government-approved spying on the Internet is expanding and the number of countries involved in the activity is increasing.

"You can pretty much assume that everyone is spying on everyone," he says. "How can we get back to a safer Internet that we've enjoyed that now seems just like a memory?"

Alperovitch's panel will take place next Thursday morning, Feb. 27. Panelists include Eric Rosenbach, Deputy Assistant Secretary for Cyber Policy of the Department of Defense, James Lewis, Program Director of the Center for Strategic and International Studies, Jason Healey, Director of Cyber Statecraft Initiative for the Atlantic Council, and Martin Libicki, Senior Scientist of RAND.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Sara Peters is contributing editor to Dark Reading and editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-1544
Published: 2014-07-23
Use-after-free vulnerability in the CERT_DestroyCertificate function in libnss3.so in Mozilla Network Security Services (NSS) 3.x, as used in Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7, allows remote attackers to execute arbitrary code via vectors that trigger cer...

CVE-2014-1547
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird before 24.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1548
Published: 2014-07-23
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2014-1549
Published: 2014-07-23
The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer function in Mozilla Firefox before 31.0 and Thunderbird before 31.0 does not properly allocate Web Audio buffer memory, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow and applica...

CVE-2014-1550
Published: 2014-07-23
Use-after-free vulnerability in the MediaInputPort class in Mozilla Firefox before 31.0 and Thunderbird before 31.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) by leveraging incorrect Web Audio control-message ordering.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.