The international effort to confront international cybercrime

23.04.2015
Cybercriminals obviously do not respect international borders. So it should be equally obvious that the effort to defeat or even slow them down is going to take an international effort, involving both the public and private sector.

Two of the key government players in that effort -- Michael Daniel, U.S. special assistant to the president and cybersecurity coordinator, the White House; and Natalie Black, his UK counterpart as acting director of the Office of Cyber Security and Information Assurance, Cabinet Office -- brought that message to RSA 2015 Thursday in a presentation titled, "There Are No Domestic Cyber Issues: U.S. and UK Leaders on Global Partnership."

[ Follow all CSO's coverage from RSA 2015 ]

Given the evolving nature of cyberthreats, Black said, "We should welcome the opportunity to collaborate.

"The good news is that we're taking cybersecurity much more seriously. We're seeing a recognition that good cybersec is fundamental to effective functioning of society," she said, adding that, "we can't do it alone. There are no islands in cyberspace. To realize benefits and opportunities, we have to work together."

Daniel said his office has laid out three goals:

"And we have to do it not just domestically but internationally," he said. "We need to partner with U.S.-based industry, but also in the international space, the same as we do in other areas."

The two said they are also seeking to align security frameworks like NIST (National Institute of Standards and Technology) in the U.S. and Cyber Essentials in the UK; and to collaborate with CERT (Computer Emergency Readiness Teams) in both countries.

"It's not just talking but exchanging information in machine form and at machine speeds," he said.

Daniel said another focus of collaboration is with all levels of law enforcement. He said the government's takedown last year of the Gameover Zeus botnet involved five federal agencies and required precise timing across multiple time zones.

For the audience, clearly the most contentious issue surrounding talk of "partnership" between government and the private sector in confronting cybercrime is what they perceive as the sharing going mostly one way: They share with government but government doesn't share much with them. And even when it does, there are controls placed on it.

One questioner, who said he works for a firm that has a distributed development environment, said that, "many of the pieces you give us come with flags that say we can't share it."

Daniel said his office is working on that. "We need to recognize threat intelligence as more of a commodity, and not proprietary," he said. "We're trying to push more of it into the unclassified world and make it more sharable."

(www.csoonline.com)

Taylor Armerding