Nation-state indictments may not be dramatic, but they are foundational.
Latest in cyber attribution
The “hackback” debate has been with us for many years.
Last month, more than 50 countries and over 200 major corporations and organizations came together to agree that the international nature of cyber threats needs a cooperative global response and a common set of principles as a basis for security. This conclusion seems obvious—millions of people have been affected by malicious activity perpetrated through the internet—and yet consensus has proved difficult to obtain until now.
In February 2018, the German government’s network was attacked. Germany did not specify what kind of information was accessed by the foreign hackers, but it is publicly known that the hackers successfully attacked the IT system of the Ministry of Foreign Affairs.
Representative Tom Graves (R-GA) recently released a discussion draft of a bill that would create a defense to liability under the Computer Fraud and Abuse Act (CFAA) (18 USC 1030) f
Privateering in information security is back in fashion. This is not the first time: In 2006, Michael Tanji diagnosed parallels between cyberspace and the loosely governed sea in the 17th century and explored privateering as a policy solution.
From our friends at CYBERCOM:
Yesterday, Scott Charney, Microsoft’s Corporate Vice President for Trustworthy Computing announced a new white paper about cybersecurity norms for nation-states and the global information and communications technology industry, “From Articulation to Implementation: Enabling Progress on Cybersecurity Norms.”
I haven’t yet had a chance to digest it thoroughly, but so far it looks the best corporate statement on this problem to date.
Earlier this week, Lawfare’s Benjamin Wittes interviewed John Carlin at the Atlantic Council on National Security and the Cyber Threat Landscape. Carlin, the Assistant Attorney General for National Security, walks Ben and a live audience through recent changes in his division of the Justice Department, the U.S.
Want to see cyber attribution and deterrence in action? In August, a hacker pulled the names of US military personnel and others out of a corporate network and passed them to ISIL. British jihadist Junaid Hussain exulted when ISIL released the names. “They have us on their ‘hit list,’ and we have them on ours too…,” he tweeted. On the whole, I’d rather be on theirs.