Cyber wrap
8 Apr 2014|

First up this week, a recent global BBC poll has shown that a majority of people believe the Internet has brought both greater freedom and, perversely, increased government surveillance. Conducted in 17 countries around the world, the poll is being released as part of Freedom Live, a day of broadcasts on the World Service that asks what it means to be free. Interestingly, countries that like to think of themselves as bastions of freedom and democracy, like Germany and the US, had the lowest number of respondents (36% in the US) who felt free from government surveillance online. On the other hand, when the pollsters asked the same question in China and Russia, a large majority (76% in China) answered that they felt free from online surveillance.

‘APT will not be about the big-ass machines; it will be about the little,’ Dan Geer said of Advanced Persistent Threats. It seems that he has been on a roll; Jack Goldsmith at the Lawfare blog has collated three recent speeches by the cybersecurity ‘maven.’ In one speech on cybersecurity trends at the NRO IT conference last November, Geer makes the rather sobering observation that ‘the Internet will never again be as free as it is this morning’.

Turning now to US–China relations, David Sanger at the New York Times has revealed that the Obama administration quietly held an extraordinary briefing for the Chinese military leadership on the Pentagon’s emerging doctrine for offensive and defensive cyber operations—reminiscent of Cold War-era exchanges held with the Soviets on ‘red lines’ for employing nuclear weapons. Defense Secretary Chuck Hagel hopes that the US can deal with growing Chinese distrust by being more transparent. The idea is to allay concerns about the growing American cyber capabilities and to reduce the possibility of a fast-escalating series of cyberattacks between China and the US. But the US also expects the Chinese to reciprocate–and the Pentagon is apparently still waiting. For an alternative view, see Adam Segal’s take—which suggests the Pentagon’s transparency was intended to deter, not assure.

For more on US–China cybersecurity relations, see Sanger’s podcast with Dave Davies over at NPR’s ‘all tech considered’. According to Sanger, cyberespionage is a whole new ‘field of conflict’ on the global stage. Over at ChinaFile, it’s spy vs spy as Vincent Ni asks: when do cyberattacks cross the line?

China and the EU have agreed to work more closely on cybersecurity issues as President Xi finishes his ten-day Euro trip. According to the South China Morning Post, China has released a policy paper that aims to ‘strengthen dialogue with Brussels on cybersecurity and improve co-operation in fighting internet crime and cybersecurity threats’. The document also seeks to bolster groups such as the China–EU Cyber Taskforce.

Sticking with the Europeans, British Cabinet Office Minister Francis Maude formally launched the UK’s Computer Emergency Response Team (CERT-UK) last week. This body, like other national CERTs, will co-ordinate Britain’s cybersecurity defence and provide advice and alerts on cyber-threats to government, industry and academia.

In Australia, the Commonwealth Bank has called on the Federal Government to review its national security strategy, last revised (PDF) in 2009. As part of a federal inquiry investigating reform in the banking sector, the CommBank submission said that the ‘threat to Australians online has increased and a re-evaluation of Australia’s cyber security strategy and program of investment would be timely.’

In other domestic news, the Australian Communications and Media Authority have launched a cyber safety campaign targeting Indigenous communities around Australia. The campaign, ‘be deadly online’, has a series of videos and graphics addressing online issues including sexting and cyber bullying. And following Prime Minister Abbott abroad on his Asia tour, Australia and Japan have announced plans to establish a bilateral dialogue on cyber policy to ‘address common cyber threats and discuss ways to strengthen regional and international cooperation.’ Check out the full joint statement here.

ASPI’s International Cyber Policy Centre will be launching the inaugural Cyber Maturity in the Asia-Pacific report on 15 April. This report and accompanying infographics will assess cyber maturity of regional states as well as the UK and the US. Sure to be a valuable resource for all in the cybersecurity community. Keep your eyes peeled for developments here.

Lastly, the news that many have been waiting for since the Internet refrigerator, the next item in the Internet of Things is the interconnected washing machine. We can only hope that nefarious hackers don’t change the wash cycles. A cyberattack this year was linked to a large botnet of internet-connected home appliances that delivered more than 750,000 malicious emails.

Simon Hansen is an intern in ASPI’s International Cyber Policy Centre