Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

12/6/2017
02:30 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
100%
0%

Why Cybersecurity Must Be an International Effort

The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.

BLACK HAT EUROPE - London, UK - Government cybersecurity won't improve unless nations begin working together, and with their own technical security experts, to improve their understanding of security problems and the tools used to fix them.

"How many people think we're better off today than seventeen years ago?" Chris Painter, the former and first-appointed cyber coordinator for the US State Department asked in his keynote at Black Hat Europe, held this week in London. He didn't seem surprised at the response.

"Okay, that's nobody … not a single person," he noted as everyone in the packed room kept their hands lowered.

Painter then asked how many attendees believed governments were speaking with security experts to inform their policies with technical expertise. A few raised their hands in agreement.

It wasn't too long ago that high-level government officials didn’t want to care about, or understand, cybersecurity. "That has changed, I think, dramatically," Painter observed, as cyber issues more broadly threaten national security, human rights security, and foreign rights policy.

Governments have, in fact, begun to take cyber more seriously as threats carry greater consequences, he said. The Equifax breach, Sony hack, WannaCry, and Petya/not Petya are only a few recent attacks which have captured the international community. Many have begun to worry about attacks on their critical infrastructure, such as that in Ukraine in 2016.

Nations view technology as a threat to their overall stability, Painter said. He divided cyber threats into two categories: technical threats, and threats to policy. There has been greater emphasis on how we counter these problems both nationally and internationally, he explained, and governments have become more organized around cybersecurity.

He emphasized the need for countries to deal collectively with the threats they have in common. Security issues are usually bigger than one country, he said, noting that conflict arises when different nations have different perceptions of how technology should be used. Some countries leverage the Internet to monitor and control citizens, and suppress their freedom of expression, he added.

As countries strengthen their cyber capabilities, Painter explained, they need a stable environment so the beneficial parts of cyber aren't undermined by weak security. He said it's time for nations to discuss cyber policies through the United Nations and multi-government organizations instead of going solo. International law applies in cyberspace, he said; it isn't a "lawless space" where "anything goes."

It sounds simple on the surface but is complex in practice. According to Painter, international agreements must focus on how to prevent cyberattacks that don't necessarily qualify as cyber warfare; right now, policies don't address these types of threats. States shouldn't attack the critical infrastructure of other states, for example. They shouldn't attack one another's computer emergency response teams (CERTs), something Painter likened to "going after ambulances on the battlefield."

We have not done a good job of deterrence in cyberspace, he continued. Sure, there are rules telling actors not to violate other nations. But "those rules are worthless if there's no action taken if people violate them," he said, adding that lack of punishment establishes a norm that [an] activity is acceptable.

As part of this, Painter also called for more efficient attribution, which is necessary to take action on cybercrime. "We have to get to attribution quicker, so we can take action quicker, so we can have a deterring effect," he said. Attribution is "a political issue," he pointed out, and governments can't punish a threat actor unless they are sure he/she is responsible.

International security will only come with international acceptance of rules, Painter said: "We can't have progress if only a few countries agree."

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
tcritchley07
50%
50%
tcritchley07,
User Rank: Moderator
12/7/2017 | 11:48:18 AM
International Efforts in Cybersecurity
I've been banging on about an international effort for years and this was backed up by Brad Smith (Microsoft legal) at RSA2107 but, as Mark Twain said; 'everybody is talking about the weather, nobody is doing anything about it.' What do we have today? About 10 or more country initiatives (UK and US spring to mind), 25 years late,  with no cooperation whatsoever as far as I can see. This will result in a dog's breakfast.

There have been severe warning to US Presidents in official report after official report since 1992 and the bad guys are still winning.

Watch this space for a screw up of monumental proportions involving 7 billion mobile devices and 30 bn IoT devices as well as the usual servers.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...