Threat Intelligence

7/5/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Global Commission on the Stability of Cyberspace Holds First Full Commission Meeting

THE HAGUE, NETHERLANDS - The Global Commission on the Stability of Cyberspace (GCSC) convened in Tallinn, Estonia on June 2-3. Marina Kaljurand, GCSC Chair and former Foreign Minister of Estonia, presided over the meeting, together with the two co-chairs, Michael Chertoff, former Secretary of the U.S. Department of Homeland Security, and Latha Reddy, former Deputy National Security Adviser of India. The meeting was hosted by the Ministry of Foreign Affairs of Estonia and coincided with the 9th iteration of CyCon. The Chairs, several Commissioners, and other GCSC members, spoke at CyCon at the invitation of the NATO Cooperative Cyber Defence Centre of Excellence.

"The Tallinn meeting was the first full Commission gathering, marking a critical step towards confirming the GCSC’s approach and direction over the next years of its three-year mandate," said Marina Kaljurand, GCSC Chair. "Based on extensive deliberation, the Commissioners confirmed the group’s core themes to be addressed, operating agenda, research capacity and timelines."

The meetings began on June 2 with sessions on cyberstability. Ten experts were invited to provide analysis on the critical developments and initiatives in the field of international cyberspace stability and present on the most pressing research and policy proposals that emerged from the GCSC Inaugural Meeting in Munich, in February of this year. The Hearings were moderated by the Chairs of the Research Advisory Group and helped to inform the deliberations of the Commissioners the following day.

On June 3, the Commissioners convened in a closed session to decide on the work program for the coming year, centered on developing proposals for norms and policies to enhance international and stability and guide responsible state and non-state behavior in cyberspace. The prioritized topics for 2017 include the "public core of the Internet" and "critical infrastructures," and the protection thereof. As a first step the GCSC will focus on a working definition of critical infrastructure that serves the Commission’s needs. To this end, it will set out to distinguish between the public core of the Internet, critical infrastructures of the Internet, and IT-aspects of non-Internet critical infrastructures. By means of a mapping exercise, the Commission seeks to get a better understanding of the public core and critical infrastructures, as well as the protective measures and state practices in this context.

The Commission also touched upon other topics, such as the protection of electoral infrastructures, the application of sovereignty, secure access for the next billion users, rules for offensive actions in cyberspace, attribution and compliance to norms and private sector responsibilities, amongst others. The Commission is continuing its deliberations in these areas as well, and expects to build on the substantial contributions made by multilateral expert groups to the collective understanding of the challenges and approaches to increasing stability in cyberspace.

In addition, the GCSC announced the launch of the Research Advisory Group (RAG), and its Chairs were introduced to the Commissioners. The RAG will help execute and implement the Commission’s research agenda, particularly on international cybersecurity, law, Internet governance, and technology & information security practice. More information on how to join the Research Advisory Group can be found here.

The GCSC will convene a smaller scale Commission meeting on July 27 on the margins of Black Hat in Las Vegas, U.S. In the run-up to the meeting, the GCSC Secretariat and the Chairs of the Research Advisory Group will publish the Requests for Proposals (RFPs) on the email platform of the Research Advisory Group. Researchers and institutions that are a member of the Research Advisory Group can respond to these RFPs with proposals. The subscription procedure for the Research Advisory Group is explained here. The RFPs provide additional details on the immediate research priorities of the Commission and will be published before today.

The Hague Centre for Strategic Studies, the EastWest Institute, the Chairs and Commissioners would like to thank the government of Estonia for hosting the Tallinn meeting, as well as the GCSC partners, the government of The Netherlands and Singapore, Microsoft, the Internet Society (ISOC), and the other funders for supporting the work of the Commission.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
'Hidden Tunnels' Help Hackers Launch Financial Services Attacks
Kelly Sheridan, Staff Editor, Dark Reading,  6/20/2018
Inside a SamSam Ransomware Attack
Ajit Sancheti, CEO and Co-Founder, Preempt,  6/20/2018
Tesla Employee Steals, Sabotages Company Data
Jai Vijayan, Freelance writer,  6/19/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-12697
PUBLISHED: 2018-06-23
A NULL pointer dereference (aka SEGV on unknown address 0x000000000000) was discovered in work_stuff_copy_to_from in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30. This can occur during execution of objdump.
CVE-2018-12698
PUBLISHED: 2018-06-23
demangle_template in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM) during the "Create an array for saving the template argument values" XNEWVEC call. This can occur during execution of objdump.
CVE-2018-12699
PUBLISHED: 2018-06-23
finish_stab in stabs.c in GNU Binutils 2.30 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact, as demonstrated by an out-of-bounds write of 8 bytes. This can occur during execution of objdump.
CVE-2018-12700
PUBLISHED: 2018-06-23
A Stack Exhaustion issue was discovered in debug_write_type in debug.c in GNU Binutils 2.30 because of DEBUG_KIND_INDIRECT infinite recursion.
CVE-2018-11560
PUBLISHED: 2018-06-23
The webService binary on Insteon HD IP Camera White 2864-222 devices has a stack-based Buffer Overflow leading to Control-Flow Hijacking via a crafted usr key, as demonstrated by a long remoteIp parameter to cgi-bin/CGIProxy.fcgi on port 34100.