Cyber wrap
23 Dec 2015|

11184349836_ea2bfb1da8_z

China hosted the second World Internet Conference (WIC) in Wuzhen, Zhejiang province this week with President Xi Jinping delivering a keynote address at the opening ceremony. He called for international respect of ‘cyber sovereignty’, which is the right of individual countries to determine the information available within their borders. Simultaneously, Xi warned against ‘cyber hegemony’, arguing that the governance of cyberspace shouldn’t lie in the hands of the powerful few, but rather all stakeholders. The conference also produced the Wuzhen Initiative, a series of five principles addressing development, diversity, security and governance in cyberspace. The speech has also been interpreted by some news outlets as a sign that Xi is ‘doubling down’ on cyber control. For a rundown of the main themes, check out Adam Segal’s interesting synopsis. Also, read Scott Malcomson’s piece on how the conference represents another step towards the fragmentation of cyber governance and the so-called ‘Splinternet’.

The encryption debate continues. To date, discussion has been divided between authorities who argue encryption backdoors are essential to the law enforcement effort and tech companies who maintain that encryption is important to security and customer privacy. But this week, arguments may be tilting in favour of the security-minded. Recent reports from investigators in Paris affirm that the recent terrorist attacks involved the use of encrypted communication apps. Investigators believe that the terrorists may have exploited the end-to-end encryption of Whatsapp and Telegram, to coordinate their efforts on 13 November. Blackberry called this week for a fair balance to be struck between privacy and security, criticising Apple for not helping authorities access encrypted information that was the subject of a criminal enquiry. The company’s CEO and Chairman asserted that Blackberry’s ‘privacy commitment does not extend to criminals’ and as such they ‘reject the notion that tech companies should refuse reasonable, lawful access requests’.

A new WIRED analysis by Mike Gault has a refreshing take on the encryption discussion, arguing that there’s much more to information security than confidentiality and perimeter protection. Gault reminds readers that cybersecurity is constituted by three principles: the ‘confidentiality, availability and integrity’ of data, known as the ‘CIA Triad’. He criticises the current disproportionate focus on confidentiality and argues that the compromise of a data’s integrity is in fact ‘the biggest threat’.

In less positive news, Turkey fell victim to a Distributed Denial of Service (DDoS) attack this week. More than 400,000 websites were flooded with information, crippling systems and putting pages offline. Unsubstantiated rumours began to circulate that this was a Russian retaliation to the downing of a Russian fighter jet by Turkey last month. However, responsibility has recently been claimed by global hacktivist group, Anonymous, who state the attack is part of their ongoing #OpISIS. The group accuses Turkey of aiding ISIS by buying its oil and hospitalising its fighters, and argues this recent attack is Turkey’s punishment for its alleged support of the terrorist group. The assault involved a network of malicious computers simultaneously overwhelming websites with online traffic, targeting official domain names registered by NIC.tr—the administration office in the Turkish capital, Ankara. The incident affected universities, government institutions and the military, causing all incoming traffic, including emails, to be shut down by Turkey’s National Response Centre for Cyber Events.

And finally, as the year draws to a close, it’s time to consider the main cyber lessons from 2015 and a couple of big predictions for 2016. Main takeaways include the vulnerability of the Internet of Things and healthcare systems, as well as issues of third party security and insider threats. Looking ahead, check out some cybersecurity predictions for 2016 here, here and here. This Forbes article presents a variety of research on the future of cybersecurity, notably predicting that the industry will jump from its current worth of US$75 billion to US$170 billion by 2020. So, it looks like we’ll have plenty to talk about next year, happy holidays!