In what was a big week for Canberra international cyber policy folk, in addition to ICPC’s workshop in KL, last week also saw the inaugural meeting of the Australia–Japan Cyber Policy Dialogue. The meeting was the result of an agreement between Prime Ministers Shinzo Abe and Tony Abbott last April last year to jointly discuss cyber threats of common concern and review the strengthening of regional and international cooperation. The whole-of-government meeting, co-chaired by DFAT Assistant Secretary Ian Biggs and MOFA’s Cyber Policy Ambassador Takashi Okada, discussed the development of international cyber norms, application of international law to state behaviour in cyberspace and the development of CBMs in the ARF. The dialogue also set out areas for potential increased bilateral cooperation such as cybercrime, critical infrastructure protection and cybersecurity cooperation for major international events such as the Olympic Games. Tokyo will play host to the second dialogue meeting next year.
Faced with a hostile Congress, President Obama has taken the executive order route to try to push along his information-sharing agenda. Obama announced the executive order whilst speaking at a White House-convened summit on cybersecurity and consumer protection at Stanford University. The order seeks to promote information sharing within the private sector and between private-sector companies and government. The order also includes new guidelines for privacy and civil-liberty protection, and it encourages the formation of sector-specific Information Sharing and Analysis Organizations (ISAOs).
The executive order follows the announcement earlier in the week of the creation of a new US cyber-security agency. The Cyber Threat Intelligence Integration Centre, will sit within the US government’s intelligence hierarchy and provide coordinated threat assessments. Some US experts have already questioned whether another layer of cyber bureaucracy is necessary given the proliferation of existing agencies. But the President’s homeland security advisor Lisa Monaco argues that the unit will fill a critical gap as ‘currently, no single government entity is responsible for producing coordinated cyber threat assessments and quickly disseminating the information’.
On the same day that the new US centre was launched, the Dutch Government was subject to a massive DDOS attack. The attack took down most of government’s ‘central websites’ and spilled over to several private-sector ones including that of communications provider Telford. The attack led Dutch MPs to call for a ramp up in the government’s cyber defences.
North Korea has traditionally been a bit of a DDOS attack fan. But Anna Mulrine has written a useful piece on how the country is working to expand its toolkit beyond simple denial of service attacks. The article charts the rise of North Korea’s offensive cyber capabilities, leading up to the Sony Hack, but stresses that the hermit kingdom is still some way off the top of the technical tree. ICPC international fellow Jim Lewis told Mulrine, North Korea ‘might be in the top 10,’ but ‘they can’t do something like Stuxnet.’ ‘They’re not going to be able to do the most damaging kind of cyberattack.’
Facebook has launched a new social network for cyber-security professionals designed to improve information sharing. Dubbed ThreatExchange, the website was developed to help share threat information more easily, pool knowledge and discoveries, and raise overall system security. Bitly, Dropbox, Facebook, Pinterest, Tumblr, Twitter and Yahoo have already signed on to the Beta site.