Risk
2/19/2014
03:39 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

U.S. Running Out Of Allies On Cyber Battlefield

International cyber policy and enforcement, and ownership over the Internet are thorny topics that will be tackled at the 2014 RSA Conference next week

International cyber policy and enforcement and ownership over the Internet are all thorny topics, particularly since the Edward Snowden leaks. All of these subjects will be tackled at the RSA Conference next week in a panel discussion titled "Cyber Battle: The Future of Conflict."

RSA Conference 2014
Click here for more articles about the RSA Conference.

Outdated extradition treaties are not prepared to deal with the borderless realm of the Internet. Although there are rules about international airspace and international waters, there is no defined international cyberspace. Without discrete laws to be enforced, cybercrime investigations and prosecutions rely less upon a set of established directives and more upon an international spirit of cooperation.

Yet recent events have disturbed that spirit of cooperation. Dmitri Alperovitch, panel moderator and co-founder and CTO of CrowdStrike, says that while the U.S.'s traditional allies are publicly taking a stand against American spying, unofficially they're much more understanding and less surprised.

However, says Alperovitch, the Snowden scandal has increased the "lack of trust from the rest of the world in the continued U.S. leadership of the Internet."

Although there is no one "owner" of the Internet, most of the world's root DNS servers reside within the United States and ICANN is an American corporation that operates as part of the U.S. Department of Commerce.

Over recent years there has been a great deal of discussion over Internet governance, and movements to wrest the power away from the U.S. and place it in the hands of the United Nations, specifically the International Telecommunication Union. Thus far, these efforts have failed.

"All the energy and push is on the other side, [not the U.S.]," Alperovitch says, "particularly with countries that are fearful of a free Internet."

Alperovitch points out that even American allies do not all share the American stances on freedom of the press. He also referenced the U.S.'s efforts to push China to destroy the "Great Firewall of China" and support a free and open Internet.

"Since the Snowden revelation, the U.S. agenda on China has been completely derailed," he says.

While all this is happening, the number of malicious actors and government-approved spying on the Internet is expanding and the number of countries involved in the activity is increasing.

"You can pretty much assume that everyone is spying on everyone," he says. "How can we get back to a safer Internet that we've enjoyed that now seems just like a memory?"

Alperovitch's panel will take place next Thursday morning, Feb. 27. Panelists include Eric Rosenbach, Deputy Assistant Secretary for Cyber Policy of the Department of Defense, James Lewis, Program Director of the Center for Strategic and International Studies, Jason Healey, Director of Cyber Statecraft Initiative for the Atlantic Council, and Martin Libicki, Senior Scientist of RAND.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad ... View Full Bio

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5395
Published: 2014-11-21
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the authentication of users ...

CVE-2014-7137
Published: 2014-11-21
Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before 3.6.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) contactid parameter in an addcontact action, (2) ligne parameter in a swapstatut action, or (3) project_ref parameter to projet/tasks/contact.php; (4...

CVE-2014-7871
Published: 2014-11-21
SQL injection vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev36 and 7.6.x before 7.6.0-rev23 allows remote authenticated users to execute arbitrary SQL commands via a crafted jslob API call.

CVE-2014-8090
Published: 2014-11-21
The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nes...

CVE-2014-8469
Published: 2014-11-21
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?