Category Archives: Cyber Security Policy

Commerce Dept. Cans ICANN

The US Government is winding down their participation in the Internet Corporation for Assisgned Names and Numbers (ICANN). ICANN’s duties include setting policies for domain names, top level domains, and controlling the root nameservers that are the backbone of the Domain Name Service, which is a distributed registry that translates addresses entered into a web browser from something like www.google.com to a machine readable address (in this case 74.125.239.146). While much hay has been made by certain political personalities, among them Moonbase Commander Newt Gingrich, about this loss of control by the US to an undefined international community, this move has been planned for a significant amount of time, and the transition of ICANN towards a more global regulatory system will occur under a planned framework.

There was another possible path for the governance of the DNS and addressing systems, that being the ITU, which would have been overseen by the UN. However, as every nation would have had a vote in that situation, and the number of nations which would like to see substantial control instituted and widespread surveillance authorized is almost certainly greater than those who (at least publicly) would like to see a free and open internet. Many nations saw this as problematic, among them the US and Russia, which has lent significant weight to the process being adopted now of reforming ICANN and reducing US Government influence. That said, the existing system was no longer sustainable, especially in the wake of the Snowden leaks which revealed wide ranging activities by the US Government, activities which have done significant damage to the moral authority which is the foundation of governance.

Pursuing ICANN as a regulatory body for the future is an example of the use of the Multistakeholder governance model, which will essentially give regulatory control to a number of major internet and technology companies, and Internet civil society groups. A presentation on the application of this model in ICANN may be found here.

 

Dan Gifford, MCySec Media Manager

Profile of Brazil’s Overall Cyber Security Situation

Brazil is often known for its coastal beauty but sadly it should also be recognized for its prolific cyber security concerns. According to Symantec, Brazil is listed as number 7 on their list of countries with the biggest cybercrime problems. Despite investing significant amounts of money into cyber start-ups and establishing cooperative cyber security agreements with Argentina, India and Russia, Brazil is still struggling to overcome the persisting challenge that cyber-criminals present. On top of this, Brazil has recently taken a hardliner stance against the U.S. following the revelations of Edward Snowden. Brazil has actively supported the U.N.’s Cyberprivacy Agreement and begun taking steps to bypass the U.S.-operated underwater cable systems in order to reduce their dependence on who they now perceive to be false friends. It appears that Brazil, however, is focused on the wrong issues as they still need to overcome large numbers of internal banking Trojans and substantial gaps within their cyber security dynamics. Some experts even claim that Brazil’s current security posture is so poor that they are wide open to cyber-invasion. Brazil has also taken steps to introduce cloud technology into their government networks which could magnify problems in their current state. On a positive note, Brazil is now realizing that effective policy and law for responding to cybercrime is necessary. Hopefully Brazil will follow-up these legislative acts with improvements in their cyber security practices to provide some teeth for their new resolve.

For another recent summary of Brazil’s cyber security situation, check out the National Center for Digital Government’s whitepaper Brazil and the Fog of (Cyber) War.

- by Ben Volcsko, Research Assistant

FBI Asking Tech Vendors to Install Backdoors

Wickr’s Nico Sell has disclosed in a PCMag article that she was approached by the FBI at a security conference, and that an agent casually asked if she would be willing to install a backdoor for them in her company’s encrypted communication app. Sell refused, saying that even if the claims of the FBI are legitimate, “It was very clear that a backdoor for the good guys is  always a backdoor for the bad guys.”

Wickr’s laudable stance aside, the question remains as to how many other technology companies have been more forthcoming with granting access to state agencies. If an approach is made to every major app developer, how many of the apps on your phone can you trust? And if one is compromised, and has rights to read all information on the machine, is everything else likewise compromised?