now browsing by tag
#nationalcybersecuritymonth | India’s National Cybersecurity Policy Must Acknowledge Modern Realities – The Diplomat
Earlier this year, it was discovered that India was the target of two cyberattacks in the same month. The malware attacks at the Kundankulam Nuclear Power Plant and the Indian Space Research Organization (ISRO) are believed to be the outcomes of phishing attempts on employees. In 2018, it was reported that an officer of the Indian Air Force was sharing sensitive information on Facebook with two women who had honey-trapped him. None of these incidents are known to have resulted in severe harm, but the possibility that they could have is reason enough for India to cultivate and shape international discussions on cyberspace.
As is the case with both international terrorism and protection of the environment, cooperation is a prerequisite to deal with cyberthreats given their borderless nature. India’s National Cyber Security Policy (2013) did not assign much weight to this aspect and defined no measurable outcomes against which progress could be judged. With its upcoming National CyberSecurity Policy (2020-2025), India has the opportunity to align its domestic policy with its global aspirations.
Warfare in Cyberspace Is Unique
Cyberspace is an amalgamation of the virtual with the physical. Actions in the virtual realm can affect the physical domain. With low barriers to entry, cyberspace provides attractive options for the launch of attacks and allows actors to achieve strategic outcomes both within and outside of the information domain. From crumbling critical infrastructure to designing a smart misinformation campaign that can influence democratic processes, the spectrum of outcomes that cyberattacks can achieve is broad. The Stuxnet malware, a U.S.-Israel joint operation to target Iran’s nuclear enrichment plant in Natanz, displayed the capabilities of a highly sophisticated and targeted cyber-offensive operation. Operations against Ukraine’s power grid in 2015, misinformation campaigns targeting U.S. presidential elections in 2016, and the WannaCry and NotPetya ransomware outbreaks in 2017 all showed the potential for real-world impact and collateral damage.
There are two features that distinguish these attacks from conventional ones. First, cyberattacks are hardly predictable. Accurately determining an incoming attack is at present not possible. Second, as long as there is plausible deniability, attribution is tough. As such, warfare in cyberspace poses a unique challenge to national security and the lack of rules to govern it intensifies this challenge.
Security in Cyberspace
The United Nations Charter, the Laws of Armed Conflict (LOAC), and other regional arrangements provide a general overarching framework for governments to manage problems of security across all domains. Cyberspace differs from conventional domains of warfare because it functions as both a battlefield and a weapon. It is therefore risky to assume that existing rules of conflict can be extended to cyberspace as well.
American political scientist Joseph Nye has discussed the absence of coherence among existing norms that govern cyberspace. Existing practices are based on agreements between private players (largely multinational corporations) with only a mild degree of enforceability. Since providing security is a critical function of government and it is most susceptible to attacks, only governments are properly incentivized to set the rules. Numerous track two groups and various private conferences and commissions continue to work on the development of norms. Successive UN-GGEs (Governmental Groups of Experts) have developed a consensus that the UN Charter and international law apply to cyberspace. But cyberspace is changing faster than countries can legislate internally and negotiate externally.
There is no denying that all security efforts need to be collaborative. But as with international terrorism and environmental protection, effective norms and rules can only be set if all stakeholders consensually arrive at what the rules should be. Currently there are two camps on the global stage: a Sino-Russian camp and a rival one comprising the United States, Western Europe, Japan, Australia, and New Zealand. The former espouses the supremacy of national sovereignty in the governance of domestic cyberspace, risk of destabilization by the application of existing international humanitarian law to cyberspace, and the need for new, binding international agreements. The latter advocates for a free and open internet as well as the full applicability of international law (including the right to self-defense, use of countermeasures) to cyberspace. Resolutions sponsoring the formation of the Russia-backed Open Ended Working Group (OEWG) and the UN-GGE 2019-21 were both passed in the United Nations General Assembly in 2018. The UN now has two parallel tracks working toward the establishment of norms in cyberspace. The OEWG is open to all member states and will hold consultations with stakeholders across members, NGOs, and private industry while the UN-GGE is comprised of 25 member states with consultation typically limited to regional organizations. The prevailing atmosphere of mistrust portends further deterioration rather than improvement. This variance between great powers has weighed heavily on international discussion on norms while cyberattacks continue to happen, quietly.
There is some scope for optimism yet. At a panel in the recently concluded Internet Governance Forum in Berlin, the Global Commission on the Stability of Cyberspace (GCSC) proposed eight norms including protection of the public core of internet and infrastructure essential to elections, referenda, and plebiscites. This was followed by informal consultations at both the OEWG and UN-GGE in early December. Through the Paris Tech Accords, Digital Geneva Convention, and Charter or Trust, private companies have also sought to play a more active role in the shaping of norms, which is significant as they operate a significant portion of the public internet.
What Has India Done So Far?
In 2011, India’s proposal for a Committee on Internet Related Policies (CIRP) comprising 50 member states was met with the criticism that it would create an exclusive club. Since then, an analysis of India’s contribution to debates on internet governance by the Center for Internet and Society (India) has revealed a tendency to shift between support for multilateralism and mutli-stakeholderism. Researchers have termed this “nuanced multilateralism,” where a broad range of stakeholders are consulted, but not involved in implementation and enforcement. On the question of cyberspace sovereignty, India seems to share common ground with the Sino-Russian camp, but has refrained from commenting definitively on the issues dividing the two camps. India was one of the member states that backed both UNGA resolutions that resulted in the formation of the OEWG and the UN-GGE (2019-2021). It is also a member of the UN-GGE and has not yet contributed formally to OEWG proceedings. On the multilateral front, it has stayed out of the Osaka Track for Data Governance and the Budapest Convention on Cybercrime.
Get first-read access to major articles yet to be released, as well as links to thought-provoking commentaries and in-depth articles from our Asia-Pacific correspondents.
There is no single approach that captures India’s engagement with multilateral institutions. Its rule-taker instinct is evident from India’s support for the United Nations’ peacekeeping operations. Contrary to this is the rule-breaker approach, which is evident from India’s endeavor to be recognized as a nuclear weapon state while also challenging the norms established by the Nonproliferation Treaty. The expectation that India will be a rule-maker all by itself is unrealistic. In the multipolar world that exists today, no single country, let alone India, can become make the only rule-maker. A more achievable goal for India would be to play the role of a rule-shaper, an active voice among rising powers. This goal finds its strength in India’s economic prowess and diplomatic experience in working with alliances.
India’s success in shaping the international narrative on climate change has already proven its ability as a rule-shaper. With its upcoming National Cybersecurity Policy (2020-2025), India must look to articulate and justify its position on the applicability of international law to cyberspace. It should bring its domestic policy in line with its global aspirations. Given the importance of private companies in this exercise, it must also consider creating an office of a tech ambassador that will present its position consistently. This level of transparency can serve as an important confidence-building measure as it engages across multiple stakeholders and fora to shape future norms.
Prateek Waghre and Shibani Mehta are Research Analysts at The Takshashila Institution, an independent center for research and education in public policy.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans The undead nature of the digital world, with its Facebook Memories and LinkedIn invites (or, as we learned this week, Valentine’s Day texts delivered from the deceased), causes the dead to die over and over and over again, making grief that much more difficult to overcome […] View full post on AmIHackerProof.com
As some law enforcement officials would like to have you believe, choosing to digitally arm yourself for defensive purposes does not make you a criminal. For many years now, arguments have been made over the extent an individual should be able to, however no serious case to eliminate this ability had been made — until now.
At a recent speech, CIA Director Mike Pompeo touched on the traditional national security topics, but then he ventured into the surreal. The CIA director offered, “Cyber is another vector — it’s not a threat of its own, but it is a means by which many non-nation-state actors can inflict incredible costs on the United States of America.” The alarming part is when he attaches the proliferation of end-to-end encryption as part of the challenges his agency faces when tracking these non-nation state terrorists.
To be clear, the head of America’s intelligence agency is saying that encryption is part of the problem for law enforcement in fighting the bad guys. Though this shouldn’t be a shock, as Congressman Pompeo once wrote, “The use of strong encryption in personal communications may itself be a red flag.”
For anyone wondering why an individual would consider using encryption in their daily lives, let me illustrate what this means. In today’s connected world, the reason you read so many stories about cyber-crimes committed by two-bit hackers is because they are trying to steal your credit card number, or enough personal information to commit identity theft. They are afforded this ability because of your lack of encryption. In Free states, encryption is used to protect people from cyber criminals. In the more oppressive countries, encryption is used as a tool to break through firewalls to gain access to an uncensored free and open internet. In many cases, it is the users’ only interaction with the outside world that hasn’t been sanctioned by their government.
Criminalizing encryption is the elimination of our right to self-protect from privacy thieves. The hard truth is encryption exists to protect our right to free speech online here and abroad.
The CIA is far from being a lone voice in the woods, as Deputy U.S. Attorney General Rod Rosenstein is a long-time encryption critic. He’s used every criminal event of national interest as a platform to attack personal digital security as part of a tech conspiracy to thwart law enforcement’s effort to tackle crime. While personal encryption is effective against hackers, governments by and large are getting every byte of your data they want.
Perhaps the deputy attorney general’s most naïve position has been to demand tech companies create strong consumer encryption, but also offer law enforcement backdoor access to your device’s data. This is coming from the same government that maintains a monstrous data center farm in Utah to collect and maintain every bit and byte of digital communications generated globally. The NSA is charged with overseeing the $1.2 billion facility, and promises to only use it for terrorist connected cases. However, as we’ve noted in the past, perhaps the greatest leakers of secure and private information is the very intelligence community that is charged with shielding us from those evildoers. Aside from the ridiculous expectation of an encryption-lite option, a Stanford University cryptographer made it abundantly clear in a recently released paper, and assures us that this type of “securely accessible” encryption does not exist.
Due to the mounting law enforcement worldview of effective encryption as a platform used primarily by criminals, and the general decline of privacy, the ability to maintain some shred of confidentiality is now accompanied with stigma, as well as a price tag that is growing out of reach to the average consumer. Sadly, the United States has been moving toward becoming a country that enjoys cheap luxuries, but expensive necessities. Privacy is no longer a right in the digital realm, but a commodity to be bartered without the creator’s consent.
This exposure has lead everyday consumers to seriously consider options that help shield their data. One pragmatic piece to the privacy solution would be to minimize the chances of such data theft concerns by allowing competition to reign in the ISP markets once again in the form of “open access,” which would restrict network infrastructure providers to operating within prescribed limits. Removing the government protected oligarchy that rules America’s current internet access options would allow consumers to choose providers that consider privacy a priority to their customers, rather than a self-entitled byproduct.
Privacy and access to effective encryption should be a fundamental right. The overtures by the government have forced consumers to consider privacy enabling applications — but it shouldn’t be that way. The right to self-protect should not come with an over-burdensome price tag, and certainly not with an assumption of guilt. There is a strong and proven legislative path forward in allowing consumers to protect ourselves, and it begins with open access.
The post Encryption #vital to #protecting our #data in the #modern #age appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Quantum computing uses the power of atoms to perform memory and processing tasks and remains a theoretical concept. However, it is widely believed that its creation is possible. Most experts now agree that the creation of a quantum computer is simply a matter of engineering, and that the theoretical application will happen. Optimistic estimates for commercialization by the private sector vary between 5 and 15 years, while more conservative estimates by academics put it at 15-25 years.
The drive to create the first quantum computer has been viewed as the new arms race. The milestone to reach is that of quantum supremacy, essentially the performance of computation that goes beyond the capability of the latest and best supercomputers in existence today. But this drive is underpinning another, more pressing race: quantum cybersecurity.
ABI Research, the leader in emerging technology intelligence, forecasts that the first attack-capable quantum machines will make their market debut by 2030. Michela Menting, Research Director at ABI Research warns, “When they do, even the latest and best in class cybersecurity technologies will be vulnerable.”
The race to quantum supremacy is real: governmental R&D is accelerating the crystallization of the quantum computer, with more than US$1.6 billion already invested globally. The potentially drastic repercussions on cybersecurity is equally real and has led to the focus on quantum-safe cryptography. Also known as post quantum cryptography, such research looks to the development of new cryptographic algorithms that could withstand breaking by quantum computers, ideally before such computers become commercially available. Standards agencies the world over, including the NIST and ETSI, are focusing their efforts on developing appropriate standards as time grows increasingly shorter.
Beyond and ahead of quantum computers, the use of the theory has also aided in developing new cryptographic techniques, notably quantum key distribution (QKD). Considered as a type of quantum-safe cryptography, QKD will likely be commercialized before the advent of quantum computers, because it is achievable using current technologies such as lasers and fiber optics. In that sense, QKD is one of the first quantum theories to find real-world applications.
Heavy private sector investment is going into quantum R&D. Since 2012, VC funds have pumped over US$334 million into companies specializing in the space. Those standing out in the space include CipherQ, CryptaLabs, CryptoExperts, ID Quantique, ISARA, MagiQ Technologies, Post-Quantum Solutions, Qubitekk, QuintessenceLabs, QuNu Labs, and SecureRF.
“The transition to quantum resistant cryptography is bound to take time but enterprises should already start considering how to address this future security gap in in their risk assessments and pay attention to both standard developments and market solutions,” Menting concludes.
The post Modern #Cybersecurity Totally Futile in #Quantum #Computing Era appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
For years, I was a serial one date online dater with countless horror stories (Naked with the Dog, You couldn’t even turn off the porn?). It became one of the primary reasons I started my blog, YOU’RE JUST A DUMBASS. Online dating was supposed to provide all of these options, make my dating life more efficient, and fun; instead I would get frustrated and disconnect after just a few months. “The majority of the time, the dates I’d go on with these guys from apps were disappointing”. Read More….
View full post on Dating Scams 101
Single and ready to mingle? But the big question here is how to go about dating? With all the latest dating apps to choose from and so many ways to go on a date, you might be a bit confused. …
The post Online dating, speed dating, casual dating + other types of modern dating decoded! appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
nationalcybersecurity.com – Hackers have stolen more than 500 million financial records in the past 12 months.(Photo: Getty Images/iStockphoto ) Hackers have stolen more than 500 million financial records in the past 12 month…
View full post on Hi-Tech Crime Solutions Weekly
Hackers have stolen more than 500 million financial records in the past 12 months.(Photo: Getty Images/iStockphoto ) CONNECT 7 TWEET
For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com
View full post on National Cyber Security