This week saw the long-awaited release of US President Obama’s Framework for Improving Critical Infrastructure Cybersecurity after a year of concentrated effort by the National Institute of Standards and Technology (NIST). The document has been heralded as a step in the right direction; the White House is seeking to motivate private sector uptake by framing these standards as means to support profit. Despite a lack of Congress support, it may also become ‘the de facto standard for private sector cyber security in the eyes of US lawyers and regulators’. The NIST also released an accompanying Roadmap document that will guide the future of the framework, detailing cybersecurity development, alignment and collaboration planning.
Over in Beijing, internet freedom was on the agenda when US Secretary of State John Kerry met with Chinese bloggers over the weekend. The bloggers appealed to Secretary Kerry to help ‘tear down the great internet firewall’ in a discussion that also touched on human rights issues. In contrast, China’s leadership labelled Kerry’s expression of support of internet freedom ‘naive’.
The cyber capabilities and mindset of the North Korean regime have recently been occupying the time of a number of experts. With significant international attention on the DPRK following the release this week of the UN’s Human Rights Inquiry and some commentators charting a cycle of provocation and charm, it remains to be seen how the North’s cyber capabilities—against the US and the South—are intended to be used. For some background reading on the issue, ICPC Director Toby Feakin recently published a paper (PDF) on the size and scope of the DPRK’s cyber capabilities.
Still in Asia, the National Institute of Information and Communications Technology (NICT) in Japan recently reported that it’s the systems of government and other organisations were subject to 12.8 billion cyber-attacks in 2013. The Japanese Defense Ministry has also announced 90 person force that will take shape in late-March to strengthen the Ministry’s capacity to manage cyberattacks. Drawn from across the Self-Defense Forces, the team will monitor, analyse and respond to cyber breaches, as well as explore counterstrike capabilities.
In Europe, the IT and telecommunication systems of the French Defense Ministry are set to be strengthened against cyber threats, with the government announcing an investment of €1 billion. Having recently recommitted to cyber security cooperation with the United States, France has set a two-year timeline in which to build capabilities to match those of its NATO allies. A centre will also be set up to develop offensive cyber weapon capabilities and to train military personnel on cyber defence issues.
In her weekly podcast, German Chancellor Angela Merkel proposed the development of a European communications network to improve data protection for EU residents. Merkel emphasised that emails and other information shouldn’t have to be sent across the Atlantic where data protection standards of giants like Google and Facebook were wanting. The announcement follows the failure of Germany–US talks that were hoped would produce a bilateral no-spy agreement in the wake of the Snowden disclosures.
Finally, the New York Times has a fascinating profile on Brian Krebs. On his blog, Krebs on Security, he writes on a range of cyber security issues, focussing on the dark world of cybercrime (with a 12-guage shotgun by his computer, no less). Krebs was the first to uncover huge frauds at Target, Neiman Marcus and others that have made victims of what’s estimated at more than one third of Americans. His revelations, coupled with tech developments, have boosted the priority of and spending on cyber security for many US-based merchants.
David Lang is an intern at ASPI’s International Cyber Policy Centre.