The UK and the US will collaborate more closely to prevent "cyberattacks," the two countries' respective leaders so bravely promised in a joint press conference on Friday.
Following bilateral meetings in Washington DC this week, UK Prime Minister David Cameron and US President Barack Obama jointly announced new cooperative measures to improve "cybersecurity," saying the threat of attacks from the internet against important computer networks is "one of the most serious economic and national challenges that our nations face."
"Both governments have agreed to bolster our efforts to increase threat information sharing and conduct joint cybersecurity and network defense exercises to enhance our combined ability to respond to malicious cyber activity," a "fact sheet" released in tandem with Friday morning's press conference explained.
The new measures will include the establishment of a "cyber cell" – a cooperative effort between the US Computer Emergency Readiness Team (US-CERT) and its analogue in the UK (CERT-UK) – with a presence in each country.
"The cell, which will allow staff from each agency to be co-located, will focus on specific cyber defense topics and enable cyber threat information and data to be shared at pace and at greater scale," the countries' statement said.
In addition, both nations will fund new academic research into computer security, including the establishment of a new Fulbright Cyber Security Award that would underwrite security scholarship for up to six months.
In a Q&A with the press, Obama also said that his administration will open "a dialogue" with major US tech firms, like Facebook and Google, on how to better use the data they gather on citizens to thwart terrorism. (Let's not forget, this more or less already happened with PRISM, CALEA, and so on, anyway.)
The President acknowledged concerns that encryption technology may make intelligence-gathering efforts more difficult, saying, "If we get into a situation which the technologies do not allow us at all to track somebody we're confident is a terrorist … and despite knowing that information, despite having a phone number or a social-media address or email address, that we can't penetrate that, that's a problem."
But even though Obama referred to Cameron as a "great friend", the Prez stopped short of offering a direct endorsement for the Prime Minister's position that governments should impose stronger controls on encryption technology in the interest of national security.
Indeed, the Whitehouse's fact sheet on the security joint effort neglects to even mention the Tory leader's crusade against encryption his spies can't crack – leaving the politicians to ask tech giants nicely (or not so nicely) to cooperate.
I'm hearing Cameron didn't get White House support for extra web surveillance & weaken encryption. Bilateral factsheet only on cybersecurity— Alan Travis (@alantravis40) January 16, 2015
Cameron himself said that discussions between government and online firms were ongoing, and that his goal was to make it easier for intelligence-gathering outfits to sift through online data while still respecting individual privacy.
IT security experts fear opening access to agents will leave people vulnerable to hackers exploiting the same back or front doors.
"We have a very clear set of legal procedures," Cameron said. "I'm not trying to go through a back door here. The companies themselves have all sorts of interests, but one of those interests is they don't want to be the platform that becomes safe for terrorists to talk to each other and plan appalling outrages on."
In addition to IT security, Cameron and Obama also used Friday's press conference to touch on such matters as the ongoing effort to combat Ebola, maintaining sanctions on Russia in light of the situation in Ukraine, counterterrorism, the need for a "comprehensive EU-US trade deal" in 2015, and the pair's joint opposition to new sanctions against Iran. ®
- Black Hat
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Identity Theft
- Palo Alto Networks