Cyberspace Cooperation

The Global Cooperation in Cyberspace Initiative seeks to reduce conflict, crime and other disruptions in cyberspace and promote stability, innovation and inclusion.

Learn More

EWI’s Kostyuk Sheds Light on Czech Republic Cyber Challenges

Nadiya Kostyuk’s timely article, “International and Domestic Challenges to Comprehensive National Cybersecurity” appears in the latest edition of the Journal of Strategic Studies, using the Czech Republic as a case study.  

Kostyuk, EWI’s cybersecurity coordinator, argues in her piece that, “Domestic challenges that nations face in addressing cybersecurity in an effective and comprehensive manner include ambiguous legislation, recalcitrant officials and a lack of both fiscal and human capital.” 

Click here to read the full article: “International and Domestic Challenges to Comprehensive National Cybersecurity”

Photo credit: Mecanoeil

 

Austin Delivers Keynote at 2014 Canada-U.S. Cybersecurity Conference

In his speech at New York's Consulate General of Canada, Austin advocated an international treaty protecting financial exchanges in cyberspace. 

EWI's Professorial Fellow Greg Austin was the keynote speaker at the 2014 Canada-U.S. Cybersecurity Conference on February 28, 2014. Co-hosted by the Consulate General of Canada in New York and the Securities Industry and Financial Markets Association, the theme of this year's conference was Securing our Financial Infrastructure. Event discussions focused on the interconnected nature of governmental policy, economic competitiveness and cybersecurity. Austin also participated in a Cybersecurity Working Group. 

In his keynote speech–International Protection of Exchanges and Clearing Houses from Systemic Shock in Cyberspace–Austin stressed the need for the private sector and governments to work together in addressing threats to global financial infrastructure. He highlighted key issues and risks in cyber financial regulation.

Austin stated: "The [financial services] sector has been a consistent focus of attention at the EastWest Institute, from our earliest work on the reliability of underseas cables in 2009, to more recent work on priority international communications. Our interest in international protection of the financial services sector in cyberspace is directed at systemic threats, not enterprise-level threats. What threats are there in cyberspace that may cause a global economic shock and what can be done about them at the international level?"

In his remarks, Austin recommended a treaty to ensure absolute protection of designated exchanges and clearing houses in cyberspace, in the same way that states now commit to absolute protection of diplomats or embassies abroad. While admitting the idea may sound novel, Austin suggested that it is an innovation in keeping with today’s cyber Zeitgeist. More importantly, it offers an essential pathway to help secure a global economy wholly dependent on the functioning of information systems and networks that support currency, stock and derivatives trading, as well as clearing house operations. His proposal recognizes that data integrity is the new frontline of global economic security.

Read the full text of Austin's speech on EWI's Policy Innovation Unit blog. 

Greg Austin Participates in Cybersecurity Working Group

Overview

EWI's Professorial Fellow Greg Austin willl be a keynote speaker and serve as a member of the Cybersecurity Working Group, co-hosted by the Consulate General of Canada in New York and the Securities Industry and Financial Markets Association.

The working group is part of the 2014 Canada-US Cybersecurity Conference: Securing our Financial Infrastructure, which seeks to address the interconnected nature of governmental policy, economic competitiveness and cybersecurity. 

Frenkel Reviews Key Findings from "Resetting the System"

Science and technology reporter Karen Frenkel summarizes the key findings of EWI's recently released discussion paper Resetting the System: Why Highly Secure Computing Should Be the Priority of Cybersecurity Policies in an engaging slideshow

Click here to read the review, on CIO Insight

The EastWest Institute is calling for a new computing paradigm called Highly Secure Computing (HSC), in a new report, "Resetting the System: Why Highly Secure Computing Should be the Priority of Cybersecurity Policies." The EastWest Institute's goal is to make the world safer by addressing seemingly intractable problems that threaten regional and global stability. Current IT paradigms have "tolerated inherent structural security deficits of information technology for too long," according to authors Sandro Gayacken and Greg Austin. Traditional IT security and its social management are not up to the task of combating state-sponsored cyber-attacks, the EastWest Institute report says. The remedy is so-called passive security measures, regardless of who launched a cyber-attack. This "new ecology of cyber security" would result in less pressure on liberty and privacy in the name of political security, the authors claim. Instead, HSC espouses the concept of "deterrence by denial," which would render attribution of attacks irrelevant and reduce the need for surveillance and Internet control. They argue that HSC would therefore be a win-win strategy for both security and civil liberties. To read the full report, click here.  

_

Click here to view the slideshow.  

Greg Austin Advocates Paradigm Shift in Cybersecurity

Professorial Fellow Greg Austin writes "High Time to Act Against Information Catastrophe: Time to Strengthen Cyber Security," for The Globalist. Austin argues that we need a paradigm shift in cybersecurity, pointing to EWI's recently released policy report Resetting the System as an example.  

Read the full piece here on The Globalist

 

High Time to Act Against Information Catastrophe: Time to Strengthen Cyber Security

We need stronger cyber security to protect against massive consumer data breaches

If you are a leader in business or government, or even just a private citizen, there is an emerging phenomenon that you need to know more about. It’s called “information catastrophe.”

This is the event where the marvelous technologies of the cyber age combine with the actions of a person (accidental or malicious) to dump the larger share of your confidential database into the public domain, to criminals or to hostile governments.

It just happened in Korea, as announced this week. The event in question involved the theft and illegal sale of the credit card information of most of the country’s consumer population.

Don’t worry so much about identity theft, though that is happening. You need to be preparing for information catastrophe.

There are important defensive measures, such as reviewing security procedures, vetting your staff or associates better, or establishing strong relations with law enforcement or national intelligence agencies. Those approaches, however, are only band-aid solutions and temporary fixes.

Market pressure + policy failures = low security

The biggest source of the problem is the low-security character of the information systems and networks you are using.

A series of market pressures over half a century as well as regulatory policy failures have somehow convinced most of us to entrust our life savings of information and our inner-most feelings and secrets to data “banks” somewhere in the ether.

Only gradually are people becoming aware that these data banks are highly insecure and more regularly being breached in the bright glare of unwanted publicity.

The data banks comprise software and hardware products in which high vulnerability to attack has been tolerated as a trade-off for lower cost and more convenient accessibility.

When the initial choices for lower cost and lower security were made in many technical sub-fields decades ago, we did not quite foresee the combined effect of those choices.

A paradigm shift in cyber security

Now that we fear NSA can hack anything and anyone, and we know some other, more sinister governments are mining all of our personal information with malicious intent, it is time for us all to trade-up to “highly secure computing.”

In a recent paper released by the East West Institute, called “Resetting the System,” German researcher Sandro Gaycken and I make the case for this paradigm shift in cyber security.

We note that the U.S. Department of Homeland Security (DHS) has identified highly secure computing as one of the highest priorities for research in this field. U.S. scientists are reserving the right to legally develop NSA-resistant encryption.

And the Defense Advanced Research Projects Agency (DARPA), where key elements of Internet technology were developed, is now running new projects in highly secure computing.

We understand that term to mean information technology with security that is unlikely to be breached — except in unusual and rare circumstances (or at high cost and risk to the perpetrator).

Highly security computing is a gigantic investment

This is not some unachievable holy grail. As John Dobson and Brian Randell argued in 1986, while being critical of those who believed it possible to build totally secure systems, “highly secure computing” is a worthwhile goal for scientific research and public policy.

As the DHS’s research plan mentioned above has noted, the more highly secure technologies cannot be bolted on top of the existing ones.

By and large, a move to less vulnerable IT would require a gigantic initial investment by manufacturers and consumers. It could be more expensive to operate and perhaps less convenient and less functional. So consumers—firms and individuals—will not rush to adopt it voluntarily.

The roles of governments and the private sector

Typically, a market failure—where private markets do not provide goods or services needed by customers or do not provide them in adequate quantities at an affordable price—triggers the question of government intervention.

In most market economies, considerable care is taken to craft policies that address the national interest (or public interest) without unduly constraining innovation and competitiveness in the private sector.

But once a government chooses to intervene, the inevitable result—absent a complete course reversal by the private sector—must be some compromise with and by private sector interests. Just how this might play out in particular economies demands detailed study. The policy outcome would inevitably be imperfect.

At the very least, this cyber security dilemma probably demands a price signal of some sort by government and a transition plan with clear benchmarks and standards to provide for phasing out of low security equipment and software.

With or against markets: the EU and China

While this may seem anathema within a U.S. free market environment, the pace of change may be forced on the global market by the European Union or its individual member states with considerable influence.

China is definitely acting against the market, as we have known it. The Snowden leaks about NSA successes against it have led to decisions by the government to accelerate its indigenous cyber security efforts, including new design standards. China is also reviewing its exposure to commercially available products that fall into the low-security and highly vulnerable category.

Today, it seems like we are many years from a consistent effort by any government to adopt highly secure standards for its IT market.

But as the information catastrophes start to affect more and more politicians or significant national economic or security actors, the rush to new products will intensify.

As we move closer to adoption of cloud computing, where confidentiality expectations will be paramount, we can expect that to drive a more rapid move to maximum security in cyber space. The companies that judge this moment well may ride the crest of a new wave of IT wealth.

 

Ischinger Discusses Munich Security Conference Goals

Writing for Project Syndicate, EWI Board Member Wolfgang Ischinger and Tobias Bunde write that this year's Munich Security Conference will must addresss how to prevent the West from falling apart in the digital age. 

Read the article on Project Syndicate

The Western Alliance in the Digital Age
 

MUNICH – This weekend, Helmut Schmidt and Henry Kissinger will participate in a discussion at the Munich Security Conference (MSC)—just as they did a half-century ago, when they took part in the first “Internationale Wehrkunde-Begegnung” (the forerunner of today’s conference). In the meantime, many developments around the world have given us reason to rejoice—but also to reflect.

It is not only the crises extending from Ukraine to Syria that will prevent the MSC, the fiftieth, from becoming an exercise in self-celebration. The transatlantic partnership, traditionally the backbone of the conference, has seen better days than these.

The United States has now at least recognized that a great deal of trust has been lost in recent months, owing to the scale of surveillance undertaken by its National Security Agency. President Barack Obama’s speech about reforms of US intelligence-gathering activities, as well as his subsequent interview on German television, represented a first attempt to regain the confidence of America’s allies. But it signals, at most, the beginning of an intensive transatlantic dialogue on the issue.

The topic is too broad to be discussed solely among governments and secret services. What we need is a more comprehensive international debate that engages, say, the American and German publics, as well as the US Congress and the German Bundestag—in short, an intra-Western debate about our relationship in the digital age.

In 1963, when Ewald von Kleist invited participants to Munich for the first conference, which Americans fondly call the “Wehrkunde” to this day, the motivating idea was to invite our most important allies to a discussion about the major strategic issues directly affecting Germany and NATO. The main topic, at that time, was the Atlantic Alliance’s nuclear strategy. After all, Germany would have been the first victim of a nuclear confrontation between NATO and the Warsaw Pact countries. Kleist wanted to contribute to the creation of a German “strategic community,” which could make its own contributions to the NATO debate, rather than just absorbing whatever their technologically superior US ally proposed.

In a way, we are in a similar situation today. Though the security implications of the digital age are less tangible and not as destructive as a nuclear attack, the technological possibilities fundamentally alter the playing field of international relations.

The revelations concerning the NSA’s surveillance activities are just the start. A future of “thinking drones” and defensive and offensive cyber weapons raises new ethical, legal, and political questions. We Europeans need to be self-critical and admit that we are not only lagging behind in terms of technical capabilities; we are also in danger of not fully grasping in time the possibilities and dangers of the digital world.

And of course, we will hardly be able to engage in meaningful negotiations with the Americans on cyber issues unless we succeed in establishing a united stance within the European Union. Doing so would put us in far better position to negotiate on equal terms with the US, just as we can on trade issues.

In the past, the Western allies’ participation in NATO and its Nuclear Planning Group accommodated their concerns and prevented them from becoming mere objects of US strategy. Today, we need similar initiatives with regard to the digital world. Those hoping to achieve true cooperation must be willing to make their own contributions.

This year’s MSC will include not only security officials from many countries. Three dozen German MPs and a significant US Congressional delegation will also participate. That is why the conference is an excellent opportunity to step up the transatlantic debate. After all, let’s be honest: there will be real changes in US intelligence agencies’ behavior only if Congress regulates their activities more strictly.

The revelations and resulting debates in recent months have shown that many US politicians are also uneasy about the liberties taken by the secret services. However, without domestic pressure, little will change. It is all the more important that societal stakeholders—companies, NGOs, or international commissions of experts—both here and in the US become more heavily involved than before. This issue affects us all.

The debate is not—and should not be—between Europe and the US. Some Americans are grateful for Edward J. Snowden’s revelations about the NSA, which they believe have stimulated urgently needed public deliberation. The institutionally assured possibility of self-criticism is, arguably, the West’s best characteristic—its outstanding trait. Our democracies are better organized than other systems to scrutinize their own policies and respond to criticism.

In the 1960’s, the West had to agree on a common strategy for the nuclear age, and learn to deal with the atomic threat. Subsequently, we were able to take the first steps toward arms control and disarmament. Today, we need a similar debate in the West regarding our strategy for the digital age if we want to overcome new challenges without denying our identity as liberal democracies.

This weekend in Munich, the Schmidts and Kissingers of today and tomorrow will have an opportunity to engage in what is probably the most important strategic debate of our time: how to prevent the West from falling apart in the digital age.

Click here to watch a live stream of the Munich Security Conference in English. 
_

Return to EWI Now

Pages

Subscribe to RSS - Cyberspace Cooperation