Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

5/16/2011
05:06 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

White House Sets Global Cybersecurity Strategy

Policy vision includes keeping the Internet secure, open, interoperable, and reliable worldwide

The Obama administration today made it clear that it sees the fight against cybercrime and cyberattacks as a global effort that requires international cooperation in defining the norms of online behavior and consistently enforcing unlawful activities.

National cybersecurity coordinator Howard Schmidt -- along with Homeland Security Adviser John Brennan, Secretary of State Hillary Clinton, Attorney General Eric Holder, Secretary of Commerce Gary Locke, Secretary of Homeland Security Janet Napolitano, and Deputy Secretary of Defense Bill Lynn -- today unveiled the U.S.'s first-ever international strategy for cybersecurity and cyberspace.

"The International Strategy is a historic policy document for the 21st Century -- one that explains, for audiences at home and abroad, what the U.S. stands for internationally in cyberspace, and how we plan to build prosperity, enhance security, and safeguard openness in our increasingly networked world," Schmidt said in a blog post announcing the document.

The new policy comes on the heels of the administration's proposed new cybersecurity legislation that would improve the protection of critical infrastructure, expand the sharing of security data, and impose national requirements for disclosing breaches.

President Obama's precedent-setting international cyberspace policy spells out the U.S.'s plan to reach out to other nations to help better secure and protect the Internet from cybercrime, cyberespionage, and cyberattacks, while maintaining the fundamental free flow of information and preserving user privacy.

The document "sets an agenda for partnering with other nations and peoples to achieve that vision," Schmidt blogged. "It begins by recognizing the successes networked technologies have brought us, in large part due to the spirit of freedom and innovation that has characterized the Internet from its early days as a research project. While the strategy is realistic about the challenges we face, it nonetheless emphasizes that our policies must continue to be grounded in our core principles of fundamental freedoms, privacy, and the free flow of information."

Jeff Moss, vice president and CSO of the Internet Corporation for Assigned Names and Numbers (ICANN), says the document represents a Magna Carta of sorts for the Internet. "This is what the U.S. believes in—the freedom to connect, and what it could mean," says Moss, who is also the founder of Black Hat. "In the last year, I've been saying we need the equivalent of a Magna Carta ... everyone can disagree or have different interpretations of it, but at least we can have a starting point for future discussions."

The "International Strategy For Cyberspace: Prosperity, Security, and Openness in a Networked World" policy document also makes it clear that, when necessary, the U.S. will defend itself from cyberattacks, including drawing on its military might.

"When warranted, the United States will respond to hostile acts in cyberspace as we would to any other threat to our country. All states possess an inherent right to self-defense, and we recognize that certain hostile acts conducted through cyberspace could compel actions under the commitments we have with our military treaty partners," the document says. "We reserve the right to use all necessary means—diplomatic, informational, military, and economic—as appropriate and consistent with applicable international law, in order to defend our Nation, our allies, our partners, and our interests.In so doing, we will exhaust all options before military force whenever we can; will carefully weigh the costs and risks of action against the costs of inaction; and will act in a way that reflects our values and strengthens our legitimacy, seeking broad international support whenever possible."

The document also calls out cyberespionage as an area where the U.S. would protect its interests.

"Cyberspace can be used to steal an unprecedented volume of information from businesses, universities, and government agencies; such stolen information and technology can equal billions of dollars of lost value … The persistent theft of intellectual property, whether by criminals, foreign firms, or state actors working on their behalf, can erode competitiveness in the global economy, and businesses' opportunities to innovate," the document says. "The United States will take measures to identify and respond to such actions to help build an international environment that recognizes such acts as unlawful and impermissible, and hold such actors accountable."

In addition, the White House called for law enforcement agencies worldwide to share information, team up where possible, and follow due process as outlined in the Budapest Convention on Cybercrime.

"When cybersecurity incidents demand government action, officials can detect those threats early and share data in real-time to mitigate the spread of malware or minimize the impact of a major disruption—all while preserving the broader free flow of information. When a crime is committed internationally, law enforcement agencies are able to collaborate to safeguard and share evidence and bring individuals to justice," the document says.

The document also calls for the international community to develop norms for how states interact in cyberspace in order to identify unacceptable behavior. "In other spheres of international relations, shared understandings about acceptable behavior have enhanced stability and provided a basis for international action when corrective measures are required.Adherence to such norms brings predictability to state conduct, helping prevent the misunderstandings that could lead to conflict," the document says.

Meanwhile, U.S. Senator Kirsten Gillibrand (D-NY) said in a statement today that she and other Senate members will introduce bipartisan legislation in support of the president's cybersecurity policy. "I am encouraged the Administration is taking the growing international cyber threat seriously. Now it is time for Congress to come together and pass bipartisan legislation to address this national security imperative, " Gillibrand said in a statement. “In order to safeguard our nation’s economy and high-tech infrastructure, we must be able to defend against cyber threats from around the world. This must be a top priority for our national security and our economy. We must go after cyber criminals wherever they are – and it must be an international effort.”

The White House policy paper is available here for download (PDF).

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8818
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore...
CVE-2020-8819
PUBLISHED: 2020-02-25
An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of origin authentication in the IPN callback processing function in cardgate/cardgate.php allows an attacker to remotely replace critical plugin settings (merchant ID, secret key, etc.) and therefore bypass ...
CVE-2020-9385
PUBLISHED: 2020-02-25
A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.
CVE-2020-9382
PUBLISHED: 2020-02-24
An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's } parser function.
CVE-2020-1938
PUBLISHED: 2020-02-24
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that ...