[Infowarrior] - Global anti-cyberterror group formed?

Richard Forno rforno at infowarrior.org
Thu May 15 11:58:43 UTC 2008 

I'm not sure whether to laugh, cry, or run away sadly shaking my head  
here.....don't know enough @ the moment to be sure, but it sounds from  
this article like it's more of the same stuff already in  
operation.......rf


New international group to become the CDC of cyber security

By Jon Stokes | Published: May 14, 2008 - 09:51PM CT

http://arstechnica.com/news.ars/post/20080514-new-international-group-to-become-the-cdc-of-cyber-security.html

Next week, the biannual World Congress of IT (WCIT) will be the venue  
for the launch of a new initiative from an organization that aims to  
become a platform for international cooperation on cyber security. The  
group calls itself the International Multilateral Partnership Against  
Cyber-Terrorism (IMPACT), and its advisory board features tech  
luminaries like Google's Vint Cerf and Symantec CEO John Thompson. The  
group's forthcoming World Cyber Security Summit (WCSS), which will be  
part of the WCIT 2008, is an effort to raise IMPACT's profile as an  
international platform for responding to and containing cyber attacks.

On a conference call this morning, one of IMPACT's principals  
described the organization's mission as becoming a kind of "CDC  
[Centers for Disease Control] for cyber security." The idea is that it  
will provide both a forum and an actual communications system for  
coordinating international responses to cyber attacks, especially when  
those attacks involve civilian networks as a target, a source, or both.

"Typically governments around the world have taken cyber security as a  
domestic issue," said IMPACT Chairman Mohd Noor Amin. "While it's  
important to have a domestic policy, it's no longer tenable to treat  
cyber security as purely something that you can effectively monitor or  
police within your own territory. In order for governments to be aware  
of what's going on out there, governments and organizations must begin  
to talk to one another."

The principal members of IMPACT are governments, but the organization  
will include experts from academia and the private sector, as well.  
Indeed, the group is premised on the understanding that universities  
and corporations own most of the networks and computers that are at  
increasing risk of cyber attack, and that these entities are also at  
the forefront of current information security research and development.

Despite the fact that IMPACT is headquartered in Kuala Lumpur,  
Malaysia, and was founded in 2006 with a grant of $13 million from the  
Malaysian government, most of the 30 governments that are involved in  
the group's launch are Western (the US is a major backer). Russia and  
China, the two largest source countries for cyber attacks, aren't  
represented, but IMPACT has made clear that they intend to reach out  
to everyone as a potential partner.

Blessed are the peacemakers?

Building a forum for international cooperation on cyber security  
issues has a lot to recommend itself. As IMPACT pointed out on the  
call, cyber security is effectively borderless, so cross-border  
cooperation seems like a no-brainer.

I'd go even further than IMPACT has gone and suggest that a CDC-like  
paradigm, where member entities (governments, schools, companies)  
cooperate to share defensive information, shut down attacks in- 
progress, and stop conflicts from escalating, could turn out to be  
superior way of approaching cyber terror than the more traditional,  
nation-state-centric "cyber warfare" paradigm that is also emerging.  
Indeed, the call itself offered a brief glimpse at the tension between  
IMPACT's "cooperate and contain" approach and the cyber warfare  
approach that the US Air Force is actively pursuing.

Check out this partial quote from Amin's response to a journalist's  
question about the absence of China and Russia on the IMPACT rolls:

"We believe that none of the governments who are participating in the  
summit subscribe to the belief that the Internet is a legitimate place  
for any form of cyberterrorism or whether its [inaudible] the Internet  
is not a platform for offensive measures, and I think that most of the  
governments by virtue of participating want safe cyberspace, at least  
in their own territory."

If Amin intended to make the point here that the IMPACT member  
governments believe that "the Internet is not a platform for offensive  
measures," then the US Air Force may want to call him up and correct  
him.

I've recently been covering the USAF's very aggressive efforts to  
position itself as "the point of the spear" in the US military's  
burgeoning cyber warfare efforts. The US military has identified  
electronic communication networks as a new theater of war, and the  
USAF clearly believes that America should have a robust offensive  
capability in that theater.

Not only are military botnets on the military's list of "must haves,"  
but now Wired's Noah Schactman has uncovered a new USAF effort that  
will offer one lucky military contractor $11 million to develop a  
slate of software and hardware tools that will enable it to take full  
control of any kind of networked computer. (I'm sure America's defense  
contractors are thrilled at having a brand new theater of war for  
which they can develop and sell new technologies.)

Ultimately, the two approaches embodied by IMPACT and the new AFCYBER  
Command seem to me to fundamentally at odds with one another, sort of  
like the CDC is at odds with any military bioweapon programs. But  
perhaps someone who follows these issue closely can convince me  
otherwise.

More information about the Infowarrior mailing list