Sunday, 26 May 2013

Online freedoms must survive government hacker wars, warns US attorney general

Browser address bar with mouse cursor
The rise in cyber threats and malware attack tools must not threaten the openness of the internet as a place to do business, according to US deputy attorney general James Cole.
Cole highlighted the importance of maintaining core online freedoms in this fight against cyber threats in an address to the Georgetown Cybersecurity Law Institute on Thursday.
"We must work together to build closer and even better partnerships. Only by doing this will we be able to make the future internet a place where we can be more confident that our businesses, our privacy, and our personal finances can operate safely," said Cole.
"We need to facilitate the appropriate sharing of cyber security information like malware codes between the government and private industry so industry can protect itself. We also need legislation to incorporate privacy and civil liberties safeguards into all aspects of cyber security."
Cole said the government has already reached out to several of its allies to implement policies that ensure the internet remains open.
"We have been and should also continue to engage our allies and partners worldwide to solidify norms of cyber behaviour – to help ensure that the internet remains open, secure, and stable. It is also crucial for us to maintain a meaningful dialogue with the world's largest cyber actors and work together to develop an understanding of acceptable behaviour in cyberspace."
Cole's comments follow concerns within the security community that governments will use the recent influx of hyper-sophisticated malware that is targeting industry to push through draconian legislation, removing core online freedoms.
Most recently PandaLabs' security expert, Luis Corrons, said the recent wave of attacks stemming from China has led governments to reconsider the importance of key liberties, like the right to surf the internet anonymously.
The attorney general addressed the attacks, highlighting the threat they posed to critical infrastructure as a core challenge that must be addressed.
"The cyber threat also takes the form of destructive malware. This is malicious software that is capable of deleting everything on a given computer hard drive. This is not an imaginary scenario. In Saudi Arabia, an oil company called Aramco was infected with just such a virus. Our country's critical infrastructure is one of the most important areas requiring protection from cyber threats" he said.
"Today, most of the important critical functions in our society are run by computer systems. The power grid, hydroelectric dams, nuclear power plants, transportation systems, stock markets and communication systems are all controlled through sophisticated computer systems that allow them to be efficient, effective and coordinate with numerous other critical functions. Unless we work together, we will not be able to address the cyber threat successfully."
Cole urged US businesses to follow Europe's example and work with law enforcement and the government to educate their employees about cyber threats and share attack data with one another.
"Companies need to educate their employees on intrusion techniques such as spear-phishing or redirecting websites – the scams that use a combination of email and bogus websites to trick victims into clicking on website links or opening attachments. It only takes the carelessness of one employee to let a hacker into your network. So companies need to train their employees to recognise and avoid these kinds of scams," he said.
"You're going to need up-to-date information on what cyber threats are out there and what they look like. Participating in information-sharing platforms like InfraGard can help you in this regard."
Information sharing has also been a key part of many European governments' cyber strategies. The UK government has already put in place several information-sharing initiatives as a part of its £650m Cyber Security Strategy investment.
These have included the launch of the Cyber Security Information Sharing Partnership (CISP) and an open call for feedback from businesses on what they would like to see in the country's forthcoming cyber security organisational standards.

No comments:

Post a Comment