Threat Intelligence

7/5/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Global Commission on the Stability of Cyberspace Holds First Full Commission Meeting

THE HAGUE, NETHERLANDS - The Global Commission on the Stability of Cyberspace (GCSC) convened in Tallinn, Estonia on June 2-3. Marina Kaljurand, GCSC Chair and former Foreign Minister of Estonia, presided over the meeting, together with the two co-chairs, Michael Chertoff, former Secretary of the U.S. Department of Homeland Security, and Latha Reddy, former Deputy National Security Adviser of India. The meeting was hosted by the Ministry of Foreign Affairs of Estonia and coincided with the 9th iteration of CyCon. The Chairs, several Commissioners, and other GCSC members, spoke at CyCon at the invitation of the NATO Cooperative Cyber Defence Centre of Excellence.

"The Tallinn meeting was the first full Commission gathering, marking a critical step towards confirming the GCSC’s approach and direction over the next years of its three-year mandate," said Marina Kaljurand, GCSC Chair. "Based on extensive deliberation, the Commissioners confirmed the group’s core themes to be addressed, operating agenda, research capacity and timelines."

The meetings began on June 2 with sessions on cyberstability. Ten experts were invited to provide analysis on the critical developments and initiatives in the field of international cyberspace stability and present on the most pressing research and policy proposals that emerged from the GCSC Inaugural Meeting in Munich, in February of this year. The Hearings were moderated by the Chairs of the Research Advisory Group and helped to inform the deliberations of the Commissioners the following day.

On June 3, the Commissioners convened in a closed session to decide on the work program for the coming year, centered on developing proposals for norms and policies to enhance international and stability and guide responsible state and non-state behavior in cyberspace. The prioritized topics for 2017 include the "public core of the Internet" and "critical infrastructures," and the protection thereof. As a first step the GCSC will focus on a working definition of critical infrastructure that serves the Commission’s needs. To this end, it will set out to distinguish between the public core of the Internet, critical infrastructures of the Internet, and IT-aspects of non-Internet critical infrastructures. By means of a mapping exercise, the Commission seeks to get a better understanding of the public core and critical infrastructures, as well as the protective measures and state practices in this context.

The Commission also touched upon other topics, such as the protection of electoral infrastructures, the application of sovereignty, secure access for the next billion users, rules for offensive actions in cyberspace, attribution and compliance to norms and private sector responsibilities, amongst others. The Commission is continuing its deliberations in these areas as well, and expects to build on the substantial contributions made by multilateral expert groups to the collective understanding of the challenges and approaches to increasing stability in cyberspace.

In addition, the GCSC announced the launch of the Research Advisory Group (RAG), and its Chairs were introduced to the Commissioners. The RAG will help execute and implement the Commission’s research agenda, particularly on international cybersecurity, law, Internet governance, and technology & information security practice. More information on how to join the Research Advisory Group can be found here.

The GCSC will convene a smaller scale Commission meeting on July 27 on the margins of Black Hat in Las Vegas, U.S. In the run-up to the meeting, the GCSC Secretariat and the Chairs of the Research Advisory Group will publish the Requests for Proposals (RFPs) on the email platform of the Research Advisory Group. Researchers and institutions that are a member of the Research Advisory Group can respond to these RFPs with proposals. The subscription procedure for the Research Advisory Group is explained here. The RFPs provide additional details on the immediate research priorities of the Commission and will be published before today.

The Hague Centre for Strategic Studies, the EastWest Institute, the Chairs and Commissioners would like to thank the government of Estonia for hosting the Tallinn meeting, as well as the GCSC partners, the government of The Netherlands and Singapore, Microsoft, the Internet Society (ISOC), and the other funders for supporting the work of the Commission.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Mobile Malware Incidents Hit 100% of Businesses
Dawn Kawamoto, Associate Editor, Dark Reading,  11/17/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.