Not All Nations A Slam Dunk For U.S. Global Internet Cybersecurity Policy

  /     /     /  
Publicated : 22/11/2024   Category : security


Not All Nations A Slam Dunk For U.S. Global Internet Cybersecurity Policy


Fighting cybercrime and cyberattacks at home isnt easy for countries that lack the necessary legal power and resources



The U.S. and China were able to find common ground on antispam efforts, but dont expect them to do the same when it comes to the complex cat-and-mouse game that is cyberespionage. And thats just one of the challenges the White House faces in implementing its new global cybersecurity policy, which calls for international cooperation among nations in defining the norms of online behavior and consistently enforcing unlawful activities.
The White House
on Monday published its historic policy document
, which drew a line in the sand for how the U.S. envisions keeping the Internet secure, open, interoperable, and reliable worldwide. The International Strategy For Cyberspace: Prosperity, Security, and Openness in a Networked World policy document also makes it clear that, when necessary, the U.S. will defend itself from cyberattacks, including drawing on its military might.
A cornerstone of the policy is the U.S.s plan to reach out to other nations in an effort to keep the Internet safe, secure, and open, and to better protect it from cybercriminals, cyberattacks, and cyberespionage. The policy has been applauded by security experts.
While traditional U.S. allies, such as Western Europe, are likely to follow suit with their own policy documents that echo some of the same themes, experts say, it wont be so easy to get those nations on board that traditionally have been home for cybercrime and cyberespionage, or have turned a blind eye to that activity in their countries.
Jeff Moss, vice president and CSO of the Internet Corporation for Assigned Names and Numbers (ICANN) and founder of Black Hat, says there are a couple of security issues that most countries can agree on. I dont think youre going to find any government standing up for spam. [Most] agree that botnets and spam are bad. So those are two good starting points, Moss says. Those two issues could initially be identified as international norms of misbehavior on the Internet, he says.
China and the U.S.
recently formed a bilateral arrangement to quell spam between the two countries
, but the news came with little fanfare. At the time of the announcement, Karl Frederick Rauscher, CTO of think tank EastWest Institute, who brokered the bilateral arrangement along with Yonglin Zhou, director of the network security committee of the Internet Society of China, said that the antispam efforts were part of a larger initiative between the two cyberpowers.
While the think tank considers this a first step in talks between the two nations on cybercrime issues, moving beyond antispam efforts is a much taller order. Chinese hackers have been implicated in so-called targeted, advanced persistent threat (APT)-type attacks against U.S. government agencies for years and, most recently, against U.S. businesses, such as Google, Intel, Adobe, and others.
Its too soon to tell whether the U.S.s new global policy will at all meaningfully pressure Eastern Europe to crack down on cybercrime, or get China to acknowledge or make changes to its worst-kept secret of hackers within its borders, who have been stealing intellectual property from U.S. government agencies and companies, for instance.
Eric Rosenbach, principal and lead for the cybersecurity practice at Good Harbor Consulting, says even if a particular country is interested in fighting cybercrime within its borders, for example, it may not have the legal infrastructure do so. But its a great idea to start at it and keep grinding away, and hope that it bears fruit, he says. But no one in the administration is naive to believe that this global initiative will kill cyberespionage, for example, he says.
The bottom line is that setting a policy is a big step. Its very important and has been lacking until now. Its extremely significant that this strategy was unveiled [together] by five cabinet secretaries, Rosenbach says.
ICANNs Moss expects the U.S. policy to spur more of a global debate on cybersecurity and Internet openness issues. The U.K., France, The Netherlands, and Australia, [for instance], will want to respond with their own written policies, he says.
There have been some successes in multinational efforts in the past year, including botnet takedowns that relied, in part, on cooperation from across the pond. Attorney General Eric Holder pointed to those efforts at the rollout of the U.S. International Strategy for Cyberspace.
In recent months, the Justice Department has announced takedowns of significant criminal groups operating from Romania, Egypt, and elsewhere that had been victimizing American businesses and citizens -- including children. We’ve also brought multiple criminal conspirators to justice for their roles in coordinated cybercrimes that, according to court documents, netted nearly 1.5 million dollars from U.S. victims, Holder said. And, just a few weeks ago, we announced an operation to disable an international criminal network that had infected more than 2 million computers worldwide with malicious software. Until we stepped in -- with the help of industry and security experts, as well as key international partners -- this malware was allowing criminals to capture bank account numbers, user names, and other sensitive and financial information online.
But Holder said its time to take the global fight to to the next level. The U.S. policy basically reiterates support for the so-called Budapest Convention initiative to create a rule of law on the Internet, he said.
Another loose end is the U.S. Defense Departments policy on defending cyberspace. The DoD will be coming forward in a month with its updated vision based on [the White House policy document]. That will attempt to help clarify their thinking as well as align with this, ICANNs Moss says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Not All Nations A Slam Dunk For U.S. Global Internet Cybersecurity Policy