Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/16/2011
05:06 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

White House Sets Global Cybersecurity Strategy

Policy vision includes keeping the Internet secure, open, interoperable, and reliable worldwide

The Obama administration today made it clear that it sees the fight against cybercrime and cyberattacks as a global effort that requires international cooperation in defining the norms of online behavior and consistently enforcing unlawful activities.

National cybersecurity coordinator Howard Schmidt -- along with Homeland Security Adviser John Brennan, Secretary of State Hillary Clinton, Attorney General Eric Holder, Secretary of Commerce Gary Locke, Secretary of Homeland Security Janet Napolitano, and Deputy Secretary of Defense Bill Lynn -- today unveiled the U.S.'s first-ever international strategy for cybersecurity and cyberspace.

"The International Strategy is a historic policy document for the 21st Century -- one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world," Schmidt said in a blog post announcing the document.

The new policy comes on the heels of the administration's proposed new cybersecurity legislation that would improve the protection of critical infrastructure, expand the sharing of security data, and impose national requirements for disclosing breaches.

President Obama's precedent-setting international cyberspace policy spells out the U.S.'s plan to reach out to other nations to help better secure and protect the Internet from cybercrime, cyberespionage, and cyberattacks, while maintaining the fundamental free flow of information and preserving user privacy.

The document "sets an agenda for partnering with other nations and peoples to achieve that vision," Schmidt blogged. "It begins by recognizing the successes networked technologies have brought us, in large part due to the spirit of freedom and innovation that has characterized the Internet from its early days as a research project. While the strategy is realistic about the challenges we face, it nonetheless emphasizes that our policies must continue to be grounded in our core principles of fundamental freedoms, privacy, and the free flow of information."

Jeff Moss, vice president and CSO of the Internet Corporation for Assigned Names and Numbers (ICANN), says the document represents a Magna Carta of sorts for the Internet. "This is what the U.S. believes in—the freedom to connect, and what it could mean," says Moss, who is also the founder of Black Hat. "In the last year, I've been saying we need the equivalent of a Magna Carta ... everyone can disagree or have different interpretations of it, but at least we can have a starting point for future discussions."

The "International Strategy For Cyberspace: Prosperity, Security, and Openness in a Networked World" policy document also makes it clear that, when necessary, the U.S. will defend itself from cyberattacks, including drawing on its military might.

"When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners," the document says. "We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible."

The document also calls out cyberespionage as an area where the U.S. would protect its interests.

"Cyberspace can be used to steal an unprecedented volume of information from businesses, universities, and government agencies; such stolen information and technology can equal billions of dollars of lost value … The persistent theft of intellectual property, whether by criminals, foreign firms, or state actors working on their behalf, can erode competitiveness in the global economy, and businesses' opportunities to innovate," the document says. "The United States will take measures to identify and respond to such actions to help build an international environment that recognizes such acts as unlawful and impermissible, and hold such actors accountable."

In addition, the White House called for law enforcement agencies worldwide to share information, team up where possible, and follow due process as outlined in the Budapest Convention on Cybercrime.

"When cybersecurity incidents demand government action, officials can detect those threats early and share data in real-time to mitigate the spread of malware or minimize the impact of a major disruption—all while preserving the broader free flow of information. When a crime is committed internationally, law enforcement agencies are able to collaborate to safeguard and share evidence and bring individuals to justice," the document says.

The document also calls for the international community to develop norms for how states interact in cyberspace in order to identify unacceptable behavior. "In other spheres of international relations, shared understandings about acceptable behavior have enhanced stability and provided a basis for international action when corrective measures are required.Adherence to such norms brings predictability to state conduct, helping prevent the misunderstandings that could lead to conflict," the document says.

Meanwhile, U.S. Senator Kirsten Gillibrand (D-NY) said in a statement today that she and other Senate members will introduce bipartisan legislation in support of the president's cybersecurity policy. "I am encouraged the Administration is taking the growing international cyber threat seriously. Now it is time for Congress to come together and pass bipartisan legislation to address this national security imperative, " Gillibrand said in a statement. “In order to safeguard our nation’s economy and high-tech infrastructure, we must be able to defend against cyber threats from around the world. This must be a top priority for our national security and our economy. We must go after cyber criminals wherever they are – and it must be an international effort.”

The White House policy paper is available here for download (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17593
PUBLISHED: 2019-10-14
JIZHICMS 1.5.1 allows admin.php/Admin/adminadd.html CSRF to add an administrator.
CVE-2019-17594
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-17595
PUBLISHED: 2019-10-14
There is a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library in ncurses before 6.1-20191012.
CVE-2019-14823
PUBLISHED: 2019-10-14
A flaw was found in the "Leaf and Chain" OCSP policy implementation in JSS' CryptoManager versions after 4.4.6, 4.5.3, 4.6.0, where it implicitly trusted the root certificate of a certificate chain. Applications using this policy may not properly verify the chain and could be vulnerable to...
CVE-2019-17592
PUBLISHED: 2019-10-14
The csv-parse module before 4.4.6 for Node.js is vulnerable to Regular Expression Denial of Service. The __isInt() function contains a malformed regular expression that processes large crafted input very slowly. This is triggered when using the cast option.