Posts Tagged ‘White House’
IGF-USA 2012 Workshop: Cyber Security – Channeling the Momentum at Home and Abroad
Brief session description:
Thursday, July 26, 2012 – The US House of Representatives has passed four cybersecurity bills, and the US Senate has indicated an intent to consider cybersecurity legislation in the current session. The US Department of State is working with its global partners to develope relationships, collaborative action and norms of behavior for cyberspace. The US Department of Commerce has spearheaded a government initiative on botnets and is working with industry on botnet mitigation measures. The Department of Homeland Security is increasing its cybersecurity staffing for strategic and operational concerns. And the White House is transitioning its team on cybersecurity policy with a second cybersecurity adviser to the president. Stuxnet and Flame attacks have captured international attention. Cybersecurity remains a key theme in discussions in the United Nations, the International Telecommunications Union, the Organization for Economic Cooperation and Development, the Asia-Pacific Economic Cooperation, ICANN and the annual Global Internet Governance Forum. This workshop addressed questions such as: What are businesses, countries, and the technical community doing in this heightened era of cyber security concern? What should they be doing? What are the considerations for individual users here in the U.S. and around the world? How can all these pockets of activity help protect – and not hamper the protection of – the very medium that provides for productivity, communications, efficiencies, innovation, and expression?
Details of the session:
The session was moderated by Audrey Plonk, global security and Internet policy specialist at Intel Corporation. Panelists were:
- Tom Dukes, senior advisor, Office of the Coordinator for Cyber Issues, US Department of State
- Jeff Greene, senior policy counsel, Cyber Security and Identity, Symantec
- Kendall Burman, senior national security fellow, Center for Democracy and Technology
- Patrick Jones, senior director of security, ICANN
Panelists from the government and private sectors gathered at IGF-USA’s cybersecurity workshop to discuss how these entities are collaborating to deal with domestic cybersecurity threats and international cybersecurity issues.
This issue is especially pertinent right now. There have been a number of high-level conferences and meetings in Washington and other locales over the summer of 2012 on this topic, and, as moderator Audrey Plonk, global security and Internet policy specialist for the Intel Corporation, puts it, “Cybersecurity is the new black.”
Jeff Greene, panelist and senior policy counsel of cybersecurity and identity at Symantec, agreed. “At this time three years ago, cybersecurity was something that was mentioned in passing,” he commented. “Now the interest is exponential.”
Symantec’s business is centered on protecting enterprises from cyberthreats. Greene, who until recently worked with the Department of Homeland Security, said that according to this year’s Symantec Internet Security Threat Report, 75 percent of the enterprises Symantec deals with were threatened with a cyber attack in 2011.
He added that while the incidence of spam decreased in 2011, there has been a shift to web-based attacks. Greene also said the government and private sector are working together to reduce such threats.
“It is remarkable how much of the threat dynamic in both sectors is the same,” Greene said. “We see criminal and other malicious activity largely the same as the government does, so this is all work through government, private and international cooperation.”
Panelist Kendall Burman had a different view on government access to private sector and citizen information in terms of cybersecurity. As a senior national security fellow for the Center for Democracy and Technology, she has spent time exploring security and surveillance from the perspective of a member of a group focused on consumer privacy.
“I think that the tricky area from a civil liberties perspective is when the government is in a position of receiving that information, making sure that that information is limited to cybersecurity threats, and what the government can then do then once it receives it,” Burman said.
Panelist Tom Dukes, senior adviser for the Office of the Coordinator for Cyber Issues at the US Department of State, weighed in from a government standpoint on cybersecurity issues, including the important role of the US government in pushing other countries to increase their outreach and share their perspectives on cybersecurity issues.
“Obviously what the US says, the positions we take, are highly influential and they are certainly looked at by a great many other countries,” Dukes said.
“One thing that the US has been trying to do for the last couple years in terms of addressing cyberpolicy issues in general, cybersecurity included, is to try to take sort of a leadership role in helping shape the world debate on how we think about these issues.”
Dukes said that the US has also made progress in terms of leading a global discussion on reaching a consensus about cyber security norms. Greene said that while the U.S. would like to set its own cybersecurity policies, this could cause global problems.
“If everyone has a different set of rules, (global policymaking)’s going to be pretty difficult,” Greene said.
Panelist Patrick Jones, senior director of security for ICANN, shared his view that while US policymaking is important in terms of cybersecurity, politicians should be aware of the effects that any laws they make may have globally.
“It’s helpful for policymakers, when they’re coming up with legislation, that they think of the Internet as global and consider that the decisions they make may have technical impacts that they’re not considering that impact the way people are using the Internet today – give those a thorough understanding before decisions are made about a particular legislation,” Jones said.
One of the final points of discussion during the workshop was the differences between cybersecurity and information security.
In the discussion it was noted that cybersecurity, in the US view on Internet governance, deals primarily with protection from Internet threats. Information security, in the Russian and Chinese view, also includes censoring the civic sector and content from many Western media and knowledge organizations.
Dukes said there are two considerations for openness and freedom of information that convince most leaders in the world to find common ground in the fairly liberal US position on cybersecurity issues.
First is the basic human rights aspect of the argument; many countries accept that people should, whenever possible within the bounds of public safety, have certain rights of free speech, communication and assembly. Most countries agree that this should apply online.
Dukes’ second point is the economic benefit of keeping the Internet as open and free-flowing as possible. “Many evolving world countries are really desperate to find ways that they can harness the power of the Internet to increase economic opportunity, to increase GDP, to increase development and growth,” he said. “Those arguments seem to be very pragmatic, but it’s hard for countries to disagree with that.”
— Mary Kate Brogan
CONCLUSIONS: ‘What We Don’t Know About the Future of the Internet’ Rainie and morning plenary respondents finish the session
The panelists answered questions about finding ways to satisfy desires of people to share freely but somehow pay an appropriate price for the information they gain. “Most in my generation won’t want to pay for things because they are used to things being free,” Gyllenhaal said. “Young people will pay for things we use. I guarantee young people would pay for Facebook. It has become that important for us.”
Andrew McLaughlin came into this discussion in support of the principles many, including Chris Anderson (author of “Free: The Future of a Radical Price” and originator of the “Long Tail” idea in Internet economics), have brought to the forefront of the discussion of Internet economics. “Free doesn’t really mean ‘free,’” he said. “We have lots of media now that is free to the end-consumer in exchange for attention or something that benefits someone else. There will be things you are asked to pay for and things that third parties are asked to pay for.” He added it is important to find ways to properly “vindicate intellectual property rights” online and also address privacy, anonymity and authentication in the right way. “I find the ‘free’ debate to be kind of dissatisfying,” he said. “Free to the end-user still leaves you a broad way to pay for things.”
Lee McKnight noted that the issue is complicated. “It’s not just an issue of free and for-pay, there are barter arrangements that come into play as Internet governance has been progressing in these historic days,” he said. “Economic and competition policy will come to the fore… This is a ripe area for policy analysis and discussion at IGF in Egypt and over time as we continue to grapple over challenges.”
Rainie was asked about education and the Internet as an audience member noted how far behind education is in implementing the advantages of the Internet. “Participation matters,” he noted, saying it has been shown that students enjoy the ways in which they can be more active participants in their education when they can go online in classrooms.
McLaughlin chimed in. “The federal government is a disaster when it comes to using these new tools,” he said, noting that it blocks employees’ use of social networks.
“I hope that people less freaked out by these networks and systems will start running things,” he said, adding that every government employee should have a home page offering information they want to share and affording them the ability to collaborate with others in government. “That would drive a culture change that would be unstoppable,” he said, “and you would get the efficient task-oriented government we are trying to achieve.”
-Janna Anderson, http://www.imaginingtheinternet.org
Response from Andrew McLaughlin, White House, to Lee Rainie’s ‘What We Don’t Know About the Future of the Internet’
“Let me drill down on one issue,” McLaughlin responded. “I am pleased Lee highlighted these architectural issues because they tend to not get a lot of attention. The Internet we have today started out as a research network that is now being treated – properly so – as critical infrastructure. The basic considerations that led to the construction of the TCP and IP protocols were to solve a set of issues that arise from the kind of shared data from universities. There are a lot of components that were not built in that, as Lee outlined, would potentially be quite useful for some of the activities that we would like to take place on the Internet. We are now confronting some fundamental choices about, for example, authentication on the Internet.”
He noted that if you want to secure routing you want to know the places you do want to get packets from and those from which you don’t want to get packets, “where, for example, malware or virus attacks might be.” Yet in places where authoritarian structures control infrastructure complete authentication of identity behind and origins of information becomes problematic.
One of the great features of the Internet is that is facilitating a profound flourishing of direct citizen-to-citizen speech in places that don’t have much of a tradition of that or have a tradition of centralized control over information. So you would alter that architecture and build in that authentication at great peril. – Andrew McLaughlin
He noted that one of the best results of the IGF and ICANN processes is the ways in which they illuminate discussions about the architecture, protocols and principles of the Internet to a much wider audience.
“It was not exactly the original intention for ICANN,” he noted, “but it has been the effect. The project of inculcating a way of thinking about problems with the Internet architecture is profoundly important,” he said, noting that you have to know the language of the architecture to operate in today’s political and economic environment. “Without that understanding, you can’t talk intelligently about cybersecurity, how to protect privacy, how to facilitate authenticated business and governmental transactions, and so forth – well, you can talk intelligently about it, but you will be missing something.”
He noted that the efforts of multistakeholder organizations in shaping an understanding and knowledge of information networks and the people building and scaling them is important.
The role of the IGF and the value of the ICANN process extends beyond the agendas that are typically before them. – McLaughlin
“The reason these issues are conundrums – the security, authentication, privacy, identity issues,” he said, “is that the Internet is a voluntarily interconnected set of networks. There is no central controlling authority; there is no body, no government that can decree what the technical implementations of the network will be. That fact is part of the fundamental strength of the Internet, part of what made it scale so fast, part of what’s made it so powerful, part of what made it facilitate so much speech and free expression in so many surprising ways in every culture around the world.”
He said in this decentralized environment change must now be accomplished “in terms of nudges, in terms of incentives, in terms of persuasion, rather than by decree.” He added that while the Internet architecture at this point may protect the speech of a “dissident in a repressive society or in our own society,” but there are many Internet transactions now threatened by spoofing, DNS attacks and other threats that would not occur if we had a better authentication system.
Understanding how to be precise about those balances and how to get them implemented in a voluntarily interconnected set of networks is a central problem that confronts us over the next few years. From the [Obama] administration’s perspective, the goal of an open Internet that supports free expression, that supports the kind of array, vast wave of human creativity and free expression that we see coursing over the nerves and veins of the Internet every day – maintaining that, accelerating that, enabling that is fundamentally important. – McLaughlin
He also noted that moving forward in encouraging the principles of open government “will guide the administration’s efforts to make progress on these problems.”
He noted that the Obama administration is working to make more information accessible to everyone.
“We want to be a more open government and free the data,” he said, “to make the government a platform for citizen innovation, citizen activities, new business models, and so forth that ride over the data the government has and the taxpayers pay for. The federal government sits on a staggering amount of data, and it can be incredibly valuable if it’s made public in machine-readable formats and can be remixed and reused and combined with other kinds of data. That’s a fundamental commitment.”
-Janna Anderson, http://www.imaginingtheinternet.org