Let’s kick things off at the RSA Conference in San Francisco, which brings together information security professionals and business leaders to discuss emerging cybersecurity trends. This year’s conference has drawn criticism from leading security experts as RSA Security—the network security company that manages the conference— has been accused of taking money from the National Security Agency to incorporate a flawed encryption algorithm into one of its security products.
As with many of today’s cyber conversations, the Snowden disclosures shaped the agenda at the EU-Brazil summit this week in Brussels. First up was the announcement of a new underwater communications cable to run between Portugal and Brazil. The €134 million project seeks to reduce reliance on US cables in order to insulate against American surveillance efforts. (Brazilian President Dilma Rousseff has been less-than-successful in building her country’s cyber fortifications since it was revealed the NSA had been keeping tabs on her and her allies). Also out of the EU-Brazil summit is news of the grouping’s plan to hold a dialogue on international cyber policy. The first dialogue is set to occur on the sidelines of April’s Global Multistakeholder Meeting on the Future of Internet Governance (or NETmundial) in Sao Paulo. The US State Department has recently released their submission to conference organisers.
The New York Times has a piece on the role that American cyber weapons might play in Syria:
The Obama administration has been engaged in a largely secret debate about whether cyberarms should be used like ordinary weapons, whether they should be rarely used covert tools or whether they ought to be reserved for extraordinarily rare use against the most sophisticated, hard-to-reach targets. And looming over the issue is the question of retaliation: whether such an attack on Syria’s air power, its electric grid or its leadership would prompt Syrian, Iranian or Russian retaliation in the United States.
In a move that has surprised some, South Korea has candidly announced its plan to develop offensive cyber capabilities to disrupt the DPRK’s nuclear weapons program. The South Korean Defence Ministry stated that a new Cyber Defence Command would be set up from May and name checked Stuxnet as the type of cyberweapon it would seek to deploy. While developing cyber capabilities might well be a smart move, it mightn’t be so strategic to advertise your offensive intentions to your hostile northern neighbour…
In light of the data breaches at major retailers Target and Neiman Marcus, US Attorney General Eric Holder has called for a data-breach notification law, which would require businesses that have lost information in cyberattacks to notify those affected. According to Holder, this law ‘would enable law enforcement to better investigate these crimes—and hold compromised entities accountable’. The Economist has a possible pre-emptive answer for retailers and other businesses, with an interesting piece on the role of ‘whitehats’ and the increasing demand for penetration testing of computer systems.
Tokyo-based Bitcoin exchange Mt. Gox is offline with trading suspended due to the theft of roughly US$375 million dollars worth of the virtual currency. The exchange hack and subsequent collapse in Bitcoin value brings into question yet again the currency’s stability and security protocols, let alone the legitimacy of Bitcoin as a global currency.
Over at The Monkey Cage blog, Henry Farell has continued his dispassionate exploration into the political science of cyber security. In Part III, he looks to how international relations theory informs American cyber security doctrine. Catch up with Part I and Part II.
In case you missed it, ICPC’s Klée Aiken this week published his report on US cyber security efforts in which he highlights some important lessons for Australia. Cybersecurity by Executive Order can be downloaded here (PDF).
Finally, some good news for those of us who have already binge-watched the entire second season of House of Cards (Chinese cyber espionage storyline, anyone?). CBS has ordered a pilot of the long running CSI: Crime Scene Investigation franchise to explore the dark world of cybercrime. The spinoff will investigate ‘crimes that start in the mind, live on-line and play out in the real world’ informed by the work of Irish cyber psychologist Mary Aiken.
David Lang and Simon Hansen are interns in ASPI’s International Cyber Policy Centre.