Diplomats, 'Net greybeards work to disarm USA, China and Russia’s cyber-weapons

Because when state attacks blow back, the taxpayers who paid to have them developed pay again

Black Hat Asia The USA, China and Russia are doing all that they can to avoid development of a treaty that would make it hard for them to conduct cyber-war, but an effort led by the governments of The Netherlands, France and Singapore, together with Microsoft and The Internet Society, is using diplomacy to find another way to stop state-sponsored online warfare.

The group making the diplomatic push is called the Global Commission on the Stability of Cyberspace (GCSC).

One of the group’s motivations is that state-sponsored attacks nearly always have commercial and/or human consequences well beyond their intended targets.

As explained today in a keynote at Black Hat Asia by GCSC commissioner and executive director of Packet Clearing House Bill Woodcock, those behind state-sponsored attacks are usually either hopelessly optimistic, or indifferent, to the notion that their exploits will be re-used. The results of that faulty thinking are history: the likes of Stuxnet, Flame, Petya and NotPetya did huge damage well beyond their intended targets, imposing massive costs on businesses.

“Where that leaves us is having to spend a lot to money to defend ourselves,” Woodcock said, describing his role at the Clearing House, which operates internet exchanges, provides DNS services and consults in internet regulation. Woodcock helped to develop some basic elements of the DNS. He is therefore rather testy that money the Clearing House spends on security “… is not going on making the internet faster, bigger or better, or more available to more people.”

“So the networks that I run, because we have a lot of critical infrastructure on them, we have to try to defend against as much of this stuff as we can. And so we have to overbuild a thousand to one.”

Users of all sizes have different investment ratios, but Woodock said they are still “over-investing, maybe five to one, maybe ten to one. But it is all money they could be putting into other things.”

And ironically, businesses that have to over-invest in security to defend against state-sourced attacks paid for the development of those attacks with their taxes.

“For us at one thousand to one, we could be providing services in one thousand extra locations. We could provide nameservers in a thousand times more cities. We could be providing service faster, to more people, addressing the digital divide more successfully. But instead we are having to build things way, way bigger than we need to provide the actual service.”

Woodcock said that nations capable of conducting significant aggressive cyber-ops don’t really care about the collateral damage they cause and also don’t want their capabilities regulated. They therefore enter into essentially meaningless pacts or give lip service to development of binding treaties.

Enter the GCSC, which he explained to The Register hopes to create “norms” for online warfare and have a critical mass of nations adopt them so that countries that don’t play by the rules are easily-identified as rogues.

“We are not seeking unanimity, but instead something more like the consensus we operate the internet on,” he said. Woodcock also said he fancies the diplomatic effort is internet-like in that it plans to route around troublesome members of the global system.

GCSC is currently working on two things: a definition of an online non-aggression pact, and; a definition of what should not be attacked in a cyber-war.

Progress is slow, Woodcock said, because diplomacy moves slowly. But the group recently agreed on the wording “public core of the internet” to describe the online resources that should be out of bounds for state-conducted cyber-attacks. He’s pleased that term is so vague, as it means a fresh and useful definition can be created. A recent GCSC meeting, he said, saw he and other technical experts squeeze in a discussion of how to expand the definition with the following result.

Public core of the internet draft definition from the Global Commission on the Stability of Cyberspace

Public core of the internet draft definition from the Global Commission on the Stability of Cyberspace. Click the image to enlarge

Woodcock told The Register the GCSC is one year into a three-year program and he is encouraged by progress. His hope is that if the body can agree on norms, and enough nations agree to them, that nations who don’t climb aboard feel diplomatic pressure to come into line or suffer sanctions for not having done so.

And perhaps, one day, that pressure will be enough that offensive cyber ops either stop, or at the very least become less harmful to businesses and civilians – and the parts of the internet on which they rely. ®

Other stories you might like

  • Israel plans ‘Cyber-Dome’ to defeat digital attacks from Iran and others
    Already has 'Iron Dome' – does it need another hero?

    The new head of Israel's National Cyber Directorate (INCD) has announced the nation intends to build a "Cyber-Dome" – a national defense system to fend off digital attacks.

    Gaby Portnoy, director general of INCD, revealed plans for Cyber-Dome on Tuesday, delivering his first public speech since his appointment to the role in February. Portnoy is a 31-year veteran of the Israeli Defense Forces, which he exited as a brigadier general after also serving as head of operations for the Intelligence Corps, and leading visual intelligence team Unit 9900.

    "The Cyber-Dome will elevate national cyber security by implementing new mechanisms in the national cyber perimeter, reducing the harm from cyber attacks at scale," Portnoy told a conference in Tel Aviv. "The Cyber-Dome will also provide tools and services to elevate the protection of the national assets as a whole. The Dome is a new big data, AI, overall approach to proactive defense. It will synchronize nation-level real-time detection, analysis, and mitigation of threats."

    Continue reading
  • Intel to sell Massachusetts R&D site, once home to its only New England fab
    End of another era as former DEC facility faces demolition

    As Intel gets ready to build fabs in Arizona and Ohio, the x86 giant is planning to offload a 149-acre historic research and development site in Massachusetts that was once home to the company's only chip manufacturing plant in New England.

    An Intel spokesperson confirmed on Wednesday to The Register it plans to sell the property. The company expects to transfer the site to a new owner, a real-estate developer, next summer, whereupon it'll be torn down completely.

    The site is located at 75 Reed Rd in Hudson, Massachusetts, between Boston and Worcester. It has been home to more than 800 R&D employees, according to Intel. The spokesperson told us the US giant will move its Hudson employees to a facility it's leasing in Harvard, Massachusetts, about 13 miles away.

    Continue reading
  • Start using Modern Auth now for Exchange Online
    Before Microsoft shutters basic logins in a few months

    The US government is pushing federal agencies and private corporations to adopt the Modern Authentication method in Exchange Online before Microsoft starts shutting down Basic Authentication from the first day of October.

    In an advisory [PDF] this week, Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) noted that while federal executive civilian branch (FCEB) agencies – which includes such organizations as the Federal Communications Commission, Federal Trade Commission, and such departments as Homeland Security, Justice, Treasury, and State – are required to make the change, all organizations should make the switch from Basic Authentication.

    "Federal agencies should determine their use of Basic Auth and migrate users and applications to Modern Auth," CISA wrote. "After completing the migration to Modern Auth, agencies should block Basic Auth."

    Continue reading
  • City-killing asteroid won't hit Earth in 2052 after all
    ESA ruins our day with some bad news

    An asteroid predicted to hit Earth in 2052 has, for now, been removed from the European Space Agency's list of rocks to be worried about.

    Asteroid 2021 QM1 was described by ESA as "the riskiest asteroid known to humankind," at least among asteroids discovered in the past year. QM1 was spotted in August 2021 by Arizona-based Mount Lemmon observatory, and additional observations only made its path appear more threatening.

    "We could see its future paths around the Sun, and in 2052 it could come dangerously close to Earth. The more the asteroid was observed, the greater that risk became," said ESA Head of Planetary Defense Richard Moissl. 

    Continue reading
  • Why Wi-Fi 6 and 6E will connect factories of the future
    Tech body pushes reliability, cost savings of next-gen wireless comms for IIoT – not a typo

    Wi-Fi 6 and 6E are being promoted as technologies for enabling industrial automation and the Industrial Internet of Things (IIoT) thanks to features that provide more reliable communications and reduced costs compared with wired network alternatives, at least according to the Wireless Broadband Alliance (WBA).

    The WBA’s Wi-Fi 6/6E for IIoT working group, led by Cisco, Deutsche Telekom, and Intel, has pulled together ideas on the future of networked devices in factories and written it all up in a “Wi-Fi 6/6E for Industrial IoT: Enabling Wi-Fi Determinism in an IoT World” manifesto.

    The detailed whitepaper makes the case that wireless communications has become the preferred way to network sensors as part of IIoT deployments because it's faster and cheaper than fiber or copper infrastructure. The alliance is a collection of technology companies and service providers that work together on developing standards, coming up with certifications and guidelines, advocating for stuff that they want, and so on.

    Continue reading
  • How can we make the VC world less pale and male, Congress wonders
    'Combating tech bro culture' on the agenda this week for US House committee

    A US congressional hearing on "combating tech bro culture" in the venture capital world is will take place this week, with some of the biggest names in startup funding under the spotlight.

    The House Financial Services Committee's Task Force on Financial Technology is scheduled to meet on Thursday. FSC majority staff said in a memo [PDF] the hearing will focus on how VCs have failed to invest in, say, fintech companies founded by women and people of color. 

    We're told Sallie Krawcheck, CEO and cofounder of Ellevest; Marceau Michel, founder of Black Founders Matter; Abbey Wemimo, cofounder and co-CEO of Esusu; and Maryam Haque, executive director of Venture Forward have at least been invited to speak at the meeting.

    Continue reading
  • DataStax launches streaming data platform with backward support for JMS
    Or move to Apache Pulsar for efficiency gains, says NoSQL vendor

    DataStax, the database company built around open-source wide-column Apache Cassandra, has launched a streaming platform as a service with backwards compatibility for messaging standards JMS, MQ, and Kafka.

    The fully managed messaging and event streaming service, based on open-source Apache Pulsar, is a streaming technology built for the requirements of high-scale, real-time applications.

    But DataStax wanted to help customers get data from their existing messaging platforms, as well as those who migrate to Pulsar, said Chris Latimer, vice president of product management.

    Continue reading

Biting the hand that feeds IT © 1998–2022