1 / 9

Cybersecurity: A game changer in international relations?

Cybersecurity: A game changer in international relations?. Benoît Morel Carnegie Mellon University. What the text could not say. When it comes to cybersecurity the US government has serious problems: It is far from “leading” (DNS summit) A critical vulnerability in a critical infrastructure

aneko
Download Presentation

Cybersecurity: A game changer in international relations?

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Cybersecurity:A game changer in international relations? • Benoît Morel • Carnegie Mellon University

  2. What the text could not say • When it comes to cybersecurity the US government has serious problems: • It is far from “leading” (DNS summit) A critical vulnerability in a critical infrastructure • It does not cope well when under attack (Agent.btz ) • What can HBGary do that the US Government cannot do by itself??

  3. Repository of knowledge in cyber • There is a lot of knowledge in cyber, but • There is not centralized repository of knowledge • It is true that cybersecurity is not only a technical problem, • But if one does not have technical depth, the best management skill will not solve the problem • Those who speak at black hat meetings and defcon are among the best experts, after… • The authors of conficker, Aurora, • I.e. they are outside of the control of governments (not necessarily China…), and • with the exception of the authors of Stuxnet (only instance where a government did something more sophisticated than the best hackers…)

  4. “Strategic” posture of the US • Cyberdominance is not an option • Today: has the technical competence it takes • Even if it had: the situation is asymmetric: the US offers far more cybertargetsthan any of its potential enemies • From a national security point of view, the opposite is true: • the growth and increasing reliance on the Internet to support critical infrastructures and vital economic activities and their cybersecurity implications weaken the security posture of the US in the foreseeable future. Those are things that could not be written in “the text”…

  5. Are the powers that be aware of that? • Yes, at least partially • Napolitano asks and gets money to hire 1000 cybersecurity experts • a rather desperate measure as experts of the kind needed do not exist in such numbers • The choice of words to describe the seriousness of the situation • The “official” reaction to the aurora operation

  6. What do they try to do about it? • From Gary McGraw: • ”Work emanating from the White House [in the past] did more to presenta number of platitudesthan it did to address the policy vacuum. • Things seem to be turning around with the recently-released "International Strategy for Cyberspace," which the President himself said is "the first time that our Nation has laid out an approach that unifies our engagement with international partners on the full range of cyber issues."  • This is a promising development and one long overdue.” • More politically ambiguously: make the internet the Trojan horse of freedom and democracy: • “Our international cyberspace policy reflects our core commitments to fundamental freedoms, privacy, and the free flow of information.” • "States do not, and should not have to choose between the free flow of information and the security of their networks.“ • A few bromides: • “good cybersecurity can enhance privacy, and effective law enforcement targeting widely-recognized illegal behavior can protect fundamental freedoms.” • “This future promises not just greater prosperity and more reliable networks, but enhanced international security and a more sustainable peace. The United States and a growing number of partners have laid the foundation for this future already..”

  7. The actual strategy? • Dubious assertions: • The United States will ensure that the risks associated with attacking or exploiting our networks vastly outweigh the potential benefits. • The development of norms for state conduct in cyberspace does not require a reinvention of customary international law, nor does it render existing international norms obsolete. Long-standing international norms guiding state behavior—in times of peace and conflict—also apply in cyberspace. • Look for international solutions (all governments (except maybe for Hungary…)) seem to be in similar predicaments. • Through international cooperation, there is hope to cooperatively find a smooth way out

  8. What the text says, hopefully is only the tip of the iceberg, what could be said • What hopefully it implies, is that much more to be done that cannot be part of a declared policy, namely: • Intense effort to make the US government a leader, not depending on the private sector • Not letting legal issues and other sources of inertia (Turf battles, need for a change of culture…) ensure that reforms will go slower than the pace of change

More Related