Why Cybersecurity Must Be an International Effort

  /     /     /  
Publicated : 22/11/2024   Category : security


Why Cybersecurity Must Be an International Effort


The former head of cyber for the US State Department calls for agreements across countries to improve government cybersecurity.



BLACK HAT EUROPE - London, UK - Government cybersecurity wont improve unless nations begin working together, and with their own technical security experts, to improve their understanding of security problems and the tools used to fix them.
How many people think were better off today than seventeen years ago? Chris Painter, the former and first-appointed cyber coordinator for the US State Department asked in his keynote at Black Hat Europe, held this week in London. He didnt seem surprised at the response.
Okay, thats nobody … not a single person, he noted as everyone in the packed room kept their hands lowered.
Painter then asked how many attendees believed governments were speaking with security experts to inform their policies with technical expertise. A few raised their hands in agreement.
It wasnt too long ago that high-level government officials didn’t want to care about, or understand, cybersecurity. That has changed, I think, dramatically, Painter observed, as cyber issues more broadly threaten national security, human rights security, and foreign rights policy.
Governments have, in fact, begun to take cyber more seriously as threats carry greater consequences, he said. The Equifax breach, Sony hack, WannaCry, and Petya/not Petya are only a few recent attacks which have captured the international community. Many have begun to worry about attacks on their critical infrastructure, such as that in Ukraine in 2016.
Nations view technology as a threat to their overall stability, Painter said. He divided cyber threats into two categories: technical threats, and threats to policy. There has been greater emphasis on how we counter these problems both nationally and internationally, he explained, and governments have become more organized around cybersecurity.
He emphasized the need for countries to deal collectively with the threats they have in common. Security issues are usually bigger than one country, he said, noting that conflict arises when different nations have different perceptions of how technology should be used. Some countries leverage the Internet to monitor and control citizens, and suppress their freedom of expression, he added.
As countries strengthen their cyber capabilities, Painter explained, they need a stable environment so the beneficial parts of cyber arent undermined by weak security. He said its time for nations to discuss cyber policies through the United Nations and multi-government organizations instead of going solo. International law applies in cyberspace, he said; it isnt a lawless space where anything goes.
It sounds simple on the surface but is complex in practice. According to Painter, international agreements must focus on how to prevent cyberattacks that dont necessarily qualify as cyber warfare; right now, policies dont address these types of threats. States shouldnt attack the critical infrastructure of other states, for example. They shouldnt attack one anothers computer emergency response teams (CERTs), something Painter likened to going after ambulances on the battlefield.
We have not done a good job of deterrence in cyberspace, he continued. Sure, there are rules telling actors not to violate other nations. But those rules are worthless if theres no action taken if people violate them, he said, adding that lack of punishment establishes a norm that [an] activity is acceptable.
As part of this, Painter also called for more efficient attribution, which is necessary to take action on cybercrime. We have to get to attribution quicker, so we can take action quicker, so we can have a deterring effect, he said. Attribution is a political issue, he pointed out, and governments cant punish a threat actor unless they are sure he/she is responsible.
International security will only come with international acceptance of rules, Painter said: We cant have progress if only a few countries agree.
Related Content:
The Rising Dangers of Unsecured IoT Technology
First US Federal CISO Shares Security Lessons Learned
Hacked IV Pumps and Digital Smart Pens Can Lead to Data Breaches
Blocking and Tackling in the New Age of Security

Last News

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security

▸ Car Sector Speeds Up In Security. ◂
Discovered: 23/12/2024
Category: security

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Why Cybersecurity Must Be an International Effort