International Cyber Security Context
An basic introduction and guide to the current cyber security issues and initiatives.
Cyber security touches everything
The Internet and Information Computing Technology (ICT) revolution touches everyone and everything. They are now as essential as water and electricity in support of our modern way of life. Public utilities such as water and power are being transformed with networked sensors (Smart Grids) that promise to improve efficiency and reliability of service delivery. And now even computing technologies are being offered as a public utility "in the cloud", where anyone can access as much computing power they want, any time, any place, while only paying for the resources they actually use.
Behind the scenes, computer security (aka cyber security) is essential for safe and reliable operation of all these systems. In fact, cyber security technologies are already present in billions of devices and countless number of systems.
Global cyber security is our shared responsibility
To help raise awareness on the importance of participation in cyber security, in the USA the U.S. Presidents have declared the whole month of October to be "Cybersecurity Awareness Month" for six consecutive years.
Security is more than a single technology, it is also a process and our shared responsibility. In the same way that recycling is a process that involves both technology and participation by the community, cyber security is something that everybody should be aware. We each need to contribute to our own cyber security, which in turn contributes to the cyber security of the global community.
The global community has massive cyber security problems
Cyber security is a global problem that effects all of us directly and indirectly. Latent security weaknesses in our computer infrastructure exposes everyone to malware. Malware, short for malicious software, is software designed to secretly access a computer system without the owner's informed consent. Malware includes computer viruses, worms, trojan horses, spyware, dishonest adware, scareware, crimeware, most rootkits, and other malicious and unwanted software or programs. Malware threatens the safe operation of our essential ICT infrastructures that modern life depends upon, and is used to commit a wide range of serious cyber crimes. According to an FBI report global cyber crime turnover is approaching USD 1,000 BILLION per annum.
Latent security weaknesses are found in every aspect of our computer infrastructure. In 2009 President Barack Obama's Federal Cyber Space Policy Review Report concluded that “The architecture of the Nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient.”
Trust and global cyber security
According to the European THINK TRUST - RISEPTIS Report entitled “Trust in the information society” (2009):
“Trust is at the core of social order and economic prosperity. It is the basis for economic transactions and inter-human communication. The Internet and the World Wide Web are transforming society in a fundamental way. Understanding how the mechanisms of trust can be maintained through this transformation, is of crucial importance.” ...
“The trustworthiness of our increasingly digitised world is at stake.”
Furthermore: “if citizens feel threatened, mistrustful and increasingly hesitant towards innovative applications and services, our whole society may end up being the loser.”
Calls from the top to address the global cyber security problems
With our almost total dependence on information technology, the known problems with cyber security have now esculated to the point where they have the serious attention of Government leaders around the world.
UNITED STATES OF AMERICA: In 2009, when President Barack Obama presented the Federal Cyberspace Policy Review, he stated: “Cyber space touches everyone and everything… From now on, our digital infrastructure … will be treated as a strategic national asset ... we will develop a new comprehensive strategy to secure America's information and communications networks" and "economic prosperity in the 21st Century will depend upon cyber security".
The USA has since held a National Cyber Security Summit (NITRD - NCLY 2009 Summit) and launched major cyber security R&D initiatives, identifying both the hard problems we need to solve and the new features that are essential for future cyber security solutions.
NATO: In March 2010, NATO's General Secretary Anders Fogh Rasmussen recently named the issue among the top three priorities for defence at the moment. In a speech in Poland, he described cyber security as a challenge that "we must tackle head-on."
UNITED NATIONS: Dr. Hamdoun Toure, the Secretary-General of the United Nations International Telecommunications Union states: “The next world war could happen in cyberspace and that would be a catastrophe .... We have to make sure that all countries understand that in that war, there is no such thing as a superpower. Every citizen is a superpower.”
Calls from the top for leap-ahead cyber security solutions
There are major unresolved threats and problems that affect our global village. This has led to calls from the highest levels of Government and Industry around the globe for a new era in co-operation to create new global cyber security solutions.
To quote the European FP7 THINK TRUST - D3.1A Recommendations Report, section 2.6 entitled “Disruptive Security” (2009):
“The only way to make a significant leap to improve security and trust within the digital world and to make it more reliable is to introduce new security models.”
In 2009, the US President declared the whole year to be National Cyber Leap Year to kick start the search for new leap-ahead cyber security solutions that could transcend the current problems. As Dr. Jeanette Wing of the US National Science Foundation declared at the US Federal Networking and Information Technology Research and Development Program (NITRD) Cybersecurity R&D Themes, 2010:
"Say 'NO!' to business as usual. " We don't want it, we can't take it anymore."
The hazards of Silo'd firefighting approaches to cyber security
We quote a statement that was made on the The British Government’s Technology Strategy Board website in 2008 (but is no-longer online):
"The current way which organisations approach security can be recognised as an underlying market failure which consists of fire fighting security problems, silo'd implementation of technologies, uncontrolled application development practices and a failure to address systemic problems. Organisations tend to deal with one problem at a time that results in the deployment of point solutions to treat singular problems. This failure is typical of an uncontrolled marketplace evolving with little or no co-ordination.
The security of information is concerned with the risks to information being compromised either by disclosure (confidentiality), unreliability (integrity) or being unreachable (availability), collectively this is known as information risk."
ICT Gozo Malta is focused on new solutions that reflect the realities of our modern global village, enabling organisations to overcome insecure legacy and limited silo security solutions with new models that enable even competitors to win for themselves stronger security through co-operation, so all can play their part in securing our global village.
We need trustworthy, collaborative multi-stakeholder, multi-jurisdiction solutions
ICT Gozo Malta projects on models and solutions that will enable security throughout global supply chains even when competitors are involved. The need for new multi-stakeholder, multi-jurisdiction cyber security solutions is widely recognised. According to the U.S. President's 2009 Cyberspace Policy Review: “The Nation also needs a strategy for cybersecurity designed to shape the international environment and bring like-minded nations together on a host of issues, such as technical standards and acceptable legal norms regarding territorial jurisdiction, sovereign responsibility, and use of force. International norms are critical to establishing a secure and thriving digital infrastructure.”
Today's cyber security solutions do not adequately address international trust issues between mutually suspicious organisations/nations. In October 2010 Andrew McLaughlin, the White House Deputy CTO for Internet Policy publicly, asserted that the U.S. government is helpless against fake security identification certifications, a problem that emerges due to the trust model employed in the current (public key) security systems. "We are looking at a multijurisdictional, multistakeholder problem for which there is no governmental solution," said McLaughlin, a former Google executive.
The many known problems in the Internet (X.509) security standards, such as fake security certificates, undermine the utility of all security protocols and products that rely on it. This includes: most secure e-mail, all secure webpages used for online e-commerce (HTTPS, SSL, TLS), virtual private networks (IPsec, SSL VPN), and so on.
To address this critical linchpin issue that resides at the heart of Internet Cyber Security, we need new cyber trust models that increase in security (as opposed to decrease) when bringing in multiple mutually suspicious organisations/security authorities. The global-scale identity management and cryptographic key management solution described on this page employs exactly this type of trust model that increases in security with the participation of multiple organisations.
In addition, ICT Gozo Malta is solving this problem in a way that takes on board the expert recommendations as found in various US Cybersecurity Initiative publications, such as the US Federal NITRD call for designs that employ a Digital Immune System. That is designs that employ a distributed decentralised architecture that can maintain system-wide security in the presence of security failures in components and that employs a layered, defense-in-depth security model. Specifically in our designs we combine a distributed trust model with diversity to protect against a wide range of insider and outsider attacks, including those mounted by malicious agents within cyber security service providers.
A founding member of ICT Gozo Malta in major cyber security initiatives
In 2009/10 major cyber security initiatives were launched in the USA that have identified the nature of the hard problems and the essential features required for new solutions to succeed.
Through its member Synaptic Laboratories Limited ICT Gozo Malta has contributed to and participated in several European and USA federal and industry cyber security initiatives. For example, Synaptic Labs made significant contributions to the proceedings of the US Federal National Cyber Security Summit, the April 2010 Oak Ridge National Laboratory (ORNL) annual Cyber Security and Information Intelligence Workshop (CSIIRW), the May 2010 IEEE Key Management Summit and also the September 2010 U.S. National Institute of Standards and Technology (NIST) Cryptographic Key Management Workshop . Furthermore, Synaptic Laboratories Limited collaborator Sonalysts published reference to our solutions at the NATO Cyber Security Symposium event and co-presented with us at the Oak Ridge National Laboratory 2010 CSIIRW event. Both these presentations focused on new security for smart-grids.
ICT Gozo Malta is focused on new solutions that solve hard problems and that offer the essential features called for by Government Agencies. The designs are also important because they enable competitors and even enemies to obtain stronger security for themselves by collaborating with their opponents. These designs offer global deployment (and marketing) potential, not just because of their technical design, but also because they address the human trust problems that currently prevent true global cyber security.