Countries Collaborate To Counter Cybercrime

August 2008
By Rita Boland

 
David Thompson, group president, Information Technology and Services Group at Symantec, one of the private companies invited to take part in IMPACT, cites the need for a public/private partnership to combat cyberterrorism.
A multinational partnership aims to establish international cooperation and information sharing in the battle against cybercriminals.

It’s a small world after all. As the Internet continues to connect peoples across the globe, individuals and groups drawn to destruction find new ways to wreak havoc on communications and services. Now, government leaders are coming together with each other and the private sector to form a united front and fight back because a vulnerability in any region can wreak havoc globally. A new multilateral federation is combating cyberthreats and cyberterrorism, creating greater security in developing networks and stopping dangers before they spiral out of control.

The International Multilateral Partnership Against Cyber-Terrorism (IMPACT) has been launched to bring together the global community to prevent and counter cyberthreats. Membership in the organization is open to all countries, so developing nations can take advantage of existing expertise, and larger ones can help stop attacks. Certain corporations and research agencies also are invited to participate. IMPACT is modeled on the U.S. Centers for Disease Control and Prevention as a government agency interacting with the private and academic sectors.

IMPACT aims to offer network solutions and ideas not available currently. Members will assess security efforts already underway and who is involved with them to determine what needs to be accomplished to protect the network better. The organization aims to fill the gaps it finds in security and defenses. The importance of protecting networks is not confined to ensuring Web sites and e-mails remain viable. Network security also involves guarding critical infrastructure such as transportation, communications, utilities and public services as well as financial services and other personal information.

IMPACT was launched at the World Cyber Security Summit during the World Congress on Information Technology (WCIT) in May in Kuala Lumpur, Malaysia.  Malaysia has invested $13 million to get the organization underway, and part of that funding will build a headquarters in the country. The headquarters will be in a high-tech city where most of the multinational companies operating in Malaysia are located. In addition to using the money to create infrastructure, the funds will jumpstart efforts such as writing mission and vision statements, developing rules of engagement and generating other necessary products. IMPACT also must set a timeline of various benchmarks, incorporating input from member governments.

In addition to the Malaysian funding, another $1 million was donated to IMPACT by the SANS Institute. Those funds are allocated for a joint project between the institute and IMPACT to increase the cyberdefense capacity of developing countries. IMPACT also has received the endorsement of the International Telecommunication Union (ITU), a United Nations agency, and the Council of Europe is involved with the organization. The council created the Convention on Cybercrime, a treaty signed by various countries.

The thrust behind IMPACT is to become more proactive toward global cyberterrorism and other attacks rather than reactive. Cyberterrorism, as defined by the organization, involves using electronic means to significantly disrupt an economy or pose a significant threat to life and limb. IMPACT also will develop early response systems so threats generated in one region can be eliminated before they spread. The organization wants to establish certain criteria for information assurance, providing a template and other standardizations among different countries for information assurance and cyberterrorism response.

To accomplish its objectives, IMPACT brings together key decision makers who can take substantive action against cyberattacks. The initial meeting at the WCIT was the largest ministerial meeting on cybersecurity, and the goal of creating partnerships among large and small and public and private institutions is a step toward defeating threats in all areas of the network. Almost 30 countries attended. However, certain countries often associated with cyberoperations, including the United States, United Kingdom, China and Russia, were absent. Six nongovernment organizations also were in attendance.

Through the multilateral effort, smaller countries will be better equipped to protect their portions of the network, and private companies who own part of the network will be in on initiatives from the beginning so they can use research and development funds to create protective tools. “Each country, business and individual has to do their part to secure cyberspace,” Howard Schmidt, a member of the nine-person IMPACT international advisory board, says. Schmidt served as the cybersecurity adviser to the White House during part of the George W. Bush administration, and he also has worked as the chief security officer for major computer and Internet companies.

The membership of IMPACT has yet to be finalized, and no country or company has joined officially. The organization still is working out what membership entails before formalizing country participation. IMPACT leaders believe the nations that attended the summit are likely to join.

When the organization has better solidified participation, it may open satellite offices in major global regions. In the shorter term, members can use online meetings to conduct business. “That’s one of IMPACT’s strengths, leveraging technology,” Schmidt explains. Participants also will have to meet face to face, but the frequency of those meetings is unsettled. Countries that become active in the organization may host a meeting to demonstrate commitment to the effort.

Though having governments and organizations communicate about cyberterrorism and other threats seems obvious, the practice is difficult. IMPACT hopes to serve as a platform to bring nations together to exchange ideas and best practices. According to Mohd Noor Amin, the chairman and cofounder of IMPACT, “Typically governments have cybersecurity as a domestic agenda. While it is important to have a domestic policy, it is no longer feasible…to treat cybersecurity as something you can effectively monitor or police within your own territories.”

Despite the problems inherent in creating effective collaboration between various nations, especially ones accused of supporting cyberterrorism, Schmidt believes IMPACT can meet its objectives. “I absolutely believe it can succeed, and I think that everyone [at the summit meeting] was committed to it,” he shares. During the meetings, notable names such as Malaysia Prime Minister Abdullah Ahmad Badawi—who conceived IMPACT and is known in the region and in other parts of the world as a leader in technology—and Hamadoun Toure, the secretary general of the ITU, spoke about the importance of consolidated cybersecurity efforts. “I walked away with a really strong feeling that not only can it work, but it will work,” Schmidt says.

Success in preventing cyberterrorism and other cyberthreats requires that governments have a global snapshot of cyberthreats, and the only way to accomplish that is through communication and collaboration. Additionally, the private sector and academia must be involved in the dialogue, so they can offer their solutions to protect national cyberspaces.

David Thompson, the group president for the Information Technology and Services Group at Symantec, explains that private-sector involvement is crucial to this type of effort because companies conduct research and development to create security solutions. He says Symantec, for example, wants to see threats disappear from marketplaces as a way to protect customers and wants to see its intellectual property leveraged. Symantec is one of the initial private companies invited to participate in IMPACT. “It’s a joint effort between the public and private sectors to take care of critical infrastructure,” Thompson says. Symantec has probes around the globe to help conduct deep-site threat analysis. The company can feed data about attacks in various countries or certain infrastructures to groups such as IMPACT and give them early warning of some threats (see page 67).

According to Thompson, approximately 90 percent of global infrastructure belongs to the private sector, but 60 percent of attacks are against government infrastructure. “It’s really important to have coordination,” he says. Governments around the world are seeing the benefits of unified defenses. Thompson shares that countries are becoming more progressive in leveraging private-sector knowledge, whether to advance their positions against cyberthreats or to prevent having to design network security from scratch. As new threats continue to emerge, organizations such as IMPACT can coordinate and direct responses in a more uniform manner. Developing networks with the right technology and security is important for cyberthreat response, as well as for long-term economic growth.

Because the private sector owns such a large amount of the global network infrastructure, moving forward without its involvement would hinder IMPACT’s progress. The private sector also plays a unique role in assuring cybersecurity when tools and infrastructure are built, creating items that are simple to use and easy to distribute. The free market has enabled users to take advantage of advances in technology by research and development from private firms, and IMPACT wants to promote private-sector development. The organization also seeks to ensure industry spends time developing solutions that are beneficial for the larger cybercommunity and that the private sector complies with the laws of multiple countries.

One of the ways IMPACT will help secure networks is through the development of an Aggregated Early Warning System. Traditionally when an attack occurs, victims respond, analyze the problem and then try to build defenses to prevent a repeat. Because of the number of vulnerabilities in existence, and in some cases the lack of qualified people to deal with threats, IMPACT wants to create the warning system to prevent a local problem from becoming a global problem such as that caused by the “I Love You” bug around the turn of the millennium. That worm was initiated in the Philippines and gradually spread around the world. Many experts believe that if personnel in the region had taken steps to eliminate the threat earlier, the virus could have been shut down before moving to other locations.

The concept behind the Aggregated Early Warning System is to build a mechanism where data from a threat can be input and analyzed, and then information about it can be sent out to all subscribers so they can develop defenses. IMPACT has a commitment by some public and private members to provide feeds into warning systems resulting in a good aggregated, worldwide cyberviewpoint.

Another initiative from IMPACT is a Global Response Center. Through this center, governments can share their resources during crisis situations. IMPACT has a charter to compile a list of available government resources as well as resources available within a country, so that if an attack occurs, solutions can be found quickly. Along with the Global Response Center, IMPACT has three other key focus areas: cybersecurity training and skills development; security assurance and research; and policy, regulatory framework and international cooperation.

Under the main focuses, more concrete plans are developed. One goal is to attract the private sector to produce solutions for systems with small usage bases. IMPACT has training facilities working with academia to address the issue because a small user base does not eliminate a system from needing vulnerabilities plugged. IMPACT also has a training and skills development function that intends to offer high-level strategic security training for government members. IMPACT will tap the private sector for assistance with that initiative.

Another plan involves IMPACT determining solutions for information sharing versus policy. The more information experts have, the better security they can build against cyberterrorism and other threats, but meeting the requirements of all involved parties presents a challenge. A country may have a national policy on cyberthreats or vulnerability, but a server in one nation could have users in another region, creating a need for some sort of multinational agreement on practices.

Schmidt says that as IMPACT evolves, it will put out more information about what members and potential participants can contribute and what they can expect from the organization. “The end result is to make [the network] more secure and to keep it robust,” he explains.

Through its efforts, IMPACT wants to keep the network easy to use for everyone, and keep the infrastructure and the services that rely on network security safe from attack. IMPACT hopes to guarantee that if a problem occurs with a service such as electricity, the issue is not connected to a system failure or malicious incident. “We can’t control the weather, but we can do a lot more to control the information and communications technology systems we use globally,” Schmidt says.

Web Resources
International Multilateral Partnership Against Cyber-Terrorism: www.impact-alliance.org
SANS Institute: www.sans.org
International Telecommunication Union: www.itu.int
Council of Europe: www.coe.int

 

Enjoyed this article? SUBSCRIBE NOW to keep the content flowing.