US Changes Policy On International Cyber Regime

Uploaded on 2017-03-16 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The US delegate now says a UN cybersecurity group should pause hashing out new rules for online behavior and instead try to get governments to adhere to the ones we have.

A United Nations cybersecurity experts group meeting recently in Geneva should focus on encouraging UN member states to adopt existing cyber rules of the road and confidence-building measures rather than developing new ones, the US delegate said.

That’s a significant shift from a 2015 series of Group of Governmental Experts, or GGE, meeting, during which the US pushed vigorously for a set of peacetime cyber norms, including that nations should not attack each other’s critical infrastructure such as energy plants and electrical grids.

During a round of GGE meetings in 2013, the experts group concluded the international laws that govern armed conflict should apply in cyber-space just as they do on land or at sea.

“We don’t need a continual norms machine ramping out a lot of norms,” State Department Deputy Coordinator for Cyber Issues Michele Markoff told an audience at the Carnegie Endowment for International Peace.

“What we need to do is consolidate what we’ve done and get states to implement,” she said, “both in the internalisation of the norms but also in the operationalization of [confidence-building measures] which will help the norms.”

Confidence-building measures include nations sharing information about transnational cyber threats and about national cyber-security strategies.

The experts group, which is composed of diplomats from 25 nations including Russia and China, has functioned something like an advisory committee on international cyber-security. Principles endorsed by the group remain voluntary and nonbinding for UN member states but generally form a line of accepted behavior that nations don’t want to be seen openly crossing.

Other peacetime cyber “norms” endorsed by the 2015 experts’ group include commitments that nations should not attack each other’s cyber emergency responders and should assist other nations in investigating cyber-attacks launched from their territory.

The US has often faced resistance in the expert’s group from Russian and Chinese delegates who are concerned the US wants to leverage cyber norms to ensure its own hegemony in cyber-space.

Markoff expressed optimism that the US and Russia can cooperate on some international cyber priorities despite tension created by non-cyber conflicts such as the Russian occupation of Crimea.

That work may be aided by the Trump administration’s efforts to repair relations with its former Cold War adversary, she said.

“Despite the decline in US-Russian relations over the last several years, US-Russia cyber relations have been, in fact, a bright spot. I say that with all sincerity,” she said, listing several international forums in which the nations have reached agreement on cyber issues. “As a long-time arms controller … I find that talking to [Russian officials] is much better than not talking to them.”

Markoff added while the U.S. and Russia can be “fellow travelers on a road which is designed to prevent conflict from escalating into open warfare,” the two will often have different broader goals.

Markoff did not address the Russian government-backed hacking of Democratic political organisations during the 2016 election, which US intelligence officials say was designed to aid the electoral chances of President Donald Trump.  

That influence operation did not specifically violate any of the cyber norms endorsed by the 2015 GGE because the US government did not, at that point, consider electoral systems critical infrastructure.

However, the Obama administration repeatedly described the Russian electoral meddling as outside larger bounds of appropriate state behavior and President Barack Obama termed the meddling an “unusual and extraordinary threat to the national security, foreign policy, and economy of the United States” when imposing additional sanctions on Russia.

The US Homeland Security Department added electoral systems to its list of critical infrastructure categories during the final weeks of the Obama administration, despite protests from some state-level officials. The Trump administration has done nothing so far to reverse that decision.

A Russia-linked attack on Ukraine’s power grid last year also did not violate the GGE norm prohibiting critical infrastructure attacks, Markoff said, because the norms apply only in peacetime and the US considers Russia and Ukraine to be in a state of open conflict.

“You can say Russia violated a whole lot of other things, I mean, killing people, but they are not violating this norm,” Markoff said.

DefenseOne

No US Cyber Peace Agreement with China:        Cyber War and Peace:

 

« Teaching Kids Cyber Skills
Tech Companies Oppose Trump’s Travel Ban »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

Praetorian

Praetorian

Praetorian is an offensive cybersecurity company whose mission is to prevent breaches before they occur.

Israel National Cyber Directorate (INCD)

Israel National Cyber Directorate (INCD)

The Israel National Cyber Directorate is the national security and technological agency responsible for defending Israel’s national cyberspace and for establishing and advancing Israel’s cyber power.

CynergisTek

CynergisTek

CynergisTek is a top-ranked cybersecurity and information management consulting firm dedicated to serving the healthcare industry.

Cyberra Legal Services (CLS)

Cyberra Legal Services (CLS)

Cyberra Legal Services provides cyber law advisory, cyber crime consultancy, cyber law compliance audit, cyber security, cyber forensics and cyber training services.

SynerLeap

SynerLeap

SynerLeap is ABB's innovation growth hub. Our aim is to help startups accelerate and expand across industries, ranging from industrial automation and robotics to grid technologies and smart cities.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Quantum Xchange

Quantum Xchange

As the provider of unbreakable quantum-safe encryption, Quantum Xchange gives commercial enterprises and government agencies the ultimate defense to keep high-value data safe.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

BT Security

BT Security

BT provides telecommunications and network infrastructure services to keep businesses around the world connected and secure.

The PenTesting Company

The PenTesting Company

The PenTesting Company is owned and operated by offensive security professionals. Penetration Testing is essentially all we do.

Check Point Software Technologies

Check Point Software Technologies

Check Point Software Technologies is a leading provider of cyber security solutions to governments and corporate enterprises globally.

Bastion Technologies

Bastion Technologies

All your cyber defense. One platform. Keep your business assets and employees safe under one roof. Manage your cyber defense quickly, easily & efficiently.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.

Start-Up Chile (SUP)

Start-Up Chile (SUP)

Start-Up Chile is a business accelerator program created by the Chilean Government for high-potential tech entrepreneurs.