Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:37 PM
Connect Directly

Not All Nations A Slam Dunk For U.S. Global Internet Cybersecurity Policy

Fighting cybercrime and cyberattacks at home isn't easy for countries that lack the necessary legal power and resources

The U.S. and China were able to find common ground on antispam efforts, but don't expect them to do the same when it comes to the complex cat-and-mouse game that is cyberespionage. And that's just one of the challenges the White House faces in implementing its new global cybersecurity policy, which calls for international cooperation among nations in defining the norms of online behavior and consistently enforcing unlawful activities.

The White House on Monday published its historic policy document, which drew a line in the sand for how the U.S. envisions keeping the Internet secure, open, interoperable, and reliable worldwide. The "International Strategy For Cyberspace: Prosperity, Security, and Openness in a Networked World" policy document also makes it clear that, when necessary, the U.S. will defend itself from cyberattacks, including drawing on its military might.

A cornerstone of the policy is the U.S.'s plan to reach out to other nations in an effort to keep the Internet safe, secure, and open, and to better protect it from cybercriminals, cyberattacks, and cyberespionage. The policy has been applauded by security experts.

While traditional U.S. allies, such as Western Europe, are likely to follow suit with their own policy documents that echo some of the same themes, experts say, it won't be so easy to get those nations on board that traditionally have been home for cybercrime and cyberespionage, or have turned a blind eye to that activity in their countries.

Jeff Moss, vice president and CSO of the Internet Corporation for Assigned Names and Numbers (ICANN) and founder of Black Hat, says there are a couple of security issues that most countries can agree on. "I don't think you're going to find any government standing up for spam. [Most] agree that botnets and spam are bad. So those are two good starting points," Moss says. Those two issues could initially be identified as international "norms" of misbehavior on the Internet, he says.

China and the U.S. recently formed a bilateral arrangement to quell spam between the two countries, but the news came with little fanfare. At the time of the announcement, Karl Frederick Rauscher, CTO of think tank EastWest Institute, who brokered the bilateral arrangement along with Yonglin Zhou, director of the network security committee of the Internet Society of China, said that the antispam efforts were part of a larger initiative between the two cyberpowers.

While the think tank considers this a first step in talks between the two nations on cybercrime issues, moving beyond antispam efforts is a much taller order. Chinese hackers have been implicated in so-called targeted, advanced persistent threat (APT)-type attacks against U.S. government agencies for years and, most recently, against U.S. businesses, such as Google, Intel, Adobe, and others.

It's too soon to tell whether the U.S.'s new global policy will at all meaningfully pressure Eastern Europe to crack down on cybercrime, or get China to acknowledge or make changes to its worst-kept secret of hackers within its borders, who have been stealing intellectual property from U.S. government agencies and companies, for instance.

Eric Rosenbach, principal and lead for the cybersecurity practice at Good Harbor Consulting, says even if a particular country is interested in fighting cybercrime within its borders, for example, it may not have the legal infrastructure do so. "But it's a great idea to start at it and keep grinding away, and hope that it bears fruit," he says. "But no one in the administration is naive" to believe that this global initiative will kill cyberespionage," for example, he says.

The bottom line is that setting a policy is a big step. "It's very important and has been lacking until now. It's extremely significant that this strategy was unveiled [together] by five cabinet secretaries," Rosenbach says.

ICANN's Moss expects the U.S. policy to spur more of a global debate on cybersecurity and Internet openness issues. "The U.K., France, The Netherlands, and Australia, [for instance], will want to respond" with their own written policies, he says.

There have been some successes in multinational efforts in the past year, including botnet takedowns that relied, in part, on cooperation from across the pond. Attorney General Eric Holder pointed to those efforts at the rollout of the U.S. International Strategy for Cyberspace.

"In recent months, the Justice Department has announced takedowns of significant criminal groups operating from Romania, Egypt, and elsewhere that had been victimizing American businesses and citizens -- including children. We’ve also brought multiple criminal conspirators to justice for their roles in coordinated cybercrimes that, according to court documents, netted nearly 1.5 million dollars from U.S. victims," Holder said. "And, just a few weeks ago, we announced an operation to disable an international criminal network that had infected more than 2 million computers worldwide with malicious software. Until we stepped in -- with the help of industry and security experts, as well as key international partners -- this malware was allowing criminals to capture bank account numbers, user names, and other sensitive and financial information online."

But Holder said it's time to take the global fight to "to the next level." The U.S. policy basically reiterates support for the so-called Budapest Convention initiative to create a rule of law on the Internet, he said.

Another loose end is the U.S. Defense Department's policy on defending cyberspace. "The DoD will be coming forward in a month with its updated vision based on [the White House policy document]. That will attempt to help clarify their thinking as well as align with this," ICANN's Moss says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
State of SMB Insecurity by the Numbers
Ericka Chickowski, Contributing Writer,  10/17/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-10-22
A stack-based buffer overflow in the processPrivilage() function in IOS/process-general.c in nipper-ng 0.11.10 allows remote attackers (serving firewall configuration files) to achieve Remote Code Execution or Denial Of Service via a crafted file.
PUBLISHED: 2019-10-21
Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the openemr database via a non-parameterized INSERT INTO statement, as demonstrated by the providerID parameter.
PUBLISHED: 2019-10-21
The unoconv package before 0.9 mishandles untrusted pathnames, leading to SSRF and local file inclusion.
PUBLISHED: 2019-10-21
In libssh2 v1.9.0 and earlier versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a ...
PUBLISHED: 2019-10-21
In FusionPBX up to 4.5.7, the file app\fifo_list\fifo_interactive.php uses an unsanitized "c" variable coming from the URL, which is reflected in HTML, leading to XSS.