Time to re­boot our think­ing on cy­ber­crime

China Daily European Weekly - - COMMENT - Har­vey Mor­ris The au­thor is a se­nior me­dia con­sul­tant for China Daily. Con­tact the writer at editor@mail.chi­nadai­lyuk.com

Lat­est in­ter­net se­cu­rity scare sug­gests the need for an in­ter­na­tional ap­proach to strength­en­ing on­line de­fenses

With what sounded like a barn door slam­ming shut af­ter the horse had bolted, fi­nance of­fi­cials from seven of the world’s lead­ing economies pledged over the week­end to step up in­ter­na­tional co­op­er­a­tion on fight­ing cy­ber­crime.

To be fair to the fi­nance min­is­ters and cen­tral bank gov­er­nors of the G7 group of na­tions, they had al­ready been plan­ning a de­bate on the grow­ing on­line threat to their dig­i­tized fi­nan­cial sys­tems be­fore the re­cent world­wide “ran­somware” at­tack erupted.

As Ital­ian Fi­nanceMin­is­ter Pier Carlo Padoan ac­knowl­edged, the prior sched­ul­ing of talks on the is­sue at a reg­u­lar G7 meet­ing in Italy was “un­for­tu­nately very timely”.

How­ever, the re­cent un­prece­dented cy­ber­at­tack went well beyond the fi­nan­cial sec­tor, to af­fect in­sti­tu­tions, com­pa­nies and in­di­vid­u­als in 150 coun­tries.

Among the hun­dreds of thou­sands of vic­tims were users of Bri­tain’s Na­tion­alHealth Ser­vice, who had treat­ments can­celled or de­layed. Rus­sian hospi­tal, trans­porta­tion and po­lice ser­vices were dis­rupted by com­puter mal­ware that froze com­puter hard drives and de­manded ran­soms to un­lock them. And, in China, the virus af­fected 30,000 lo­ca­tions, in­clud­ing univer­si­ties, gov­ern­ment agen­cies and even gas sta­tions, as the work­ing week be­gan.

It was a clas­sic “some­body do some­thing” mo­ment as gov­ern­ments, in­sti­tu­tions, the soft­ware in­dus­try and se­cu­rity ex­perts squab­bled about who was re­spon­si­ble for the dra­matic fail­ing of the world’s cy­ber de­fenses.

Amid this out­break of mu­tual re­crim­i­na­tion, Mi­crosoft blamed the United States gov­ern­ment for stock­pil­ing cy­ber­weapons that had been ob­tained and then ex­ploited by on­line crim­i­nals. The soft­ware gi­ant’s top lawyer, Brad Smith, said, “The gov­ern­ments of the world should treat this at­tack as a wake-up call.”

No one would dis­agree with that. But what should gov­ern­ments do in prac­tice?

In a com­mu­nique at the end of its Ital­ian meet­ing, the G7 called on “in­ter­na­tional or­ga­ni­za­tions and gov­ern­men­tal in­sti­tu­tions in part­ner­ship with the pri­vate sec­tor to en­hance shar­ing of cy­ber­se­cu­rity in­for­ma­tion”.

That might be eas­ier said than done in a global frame­work in which ma­jor pow­ers are de­vel­op­ing cy­ber­weapons that can be just as desta­bi­liz­ing as phys­i­cal ones.

The Stuxnet virus, dis­cov­ered to have dis­rupted Iran’s nu­clear re­ac­tors in 2010, is widely be­lieved to have been de­vel­oped by the US and Is­rael. More re­cently, un­proven al­le­ga­tions and me­dia re­ports claim­ing that Rus­sia used cy­ber tech­nolo­gies to in­flu­ence elec­tions in the US and Europe have soured re­la­tions be­tween the West andMoscow.

There has, nev­er­the­less, been some progress to­ward co­op­er­a­tion in re­cent years. Bei­jing andWash­ing­ton have held two di­a­logues on cy­ber­crime, achiev­ing pos­i­tive re­sults. And China and Rus­sia have con­cluded a pact that gave a mu­tual as­sur­ance on non-ag­gres­sion in cy­berspace.

The lat­est mega-at­tack, asMi­crosoft’s Brad Smith sug­gested, should en­cour­age all gov­ern­ments to as­sess the dan­gers of cy­ber­weapons fall­ing into the hands of crim­i­nals.

As Rus­sian Pres­i­dent Vladimir Putin warned dur­ing his visit to Bei­jing for the Belt and Road Fo­rum for In­ter­na­tional Co­op­er­a­tion, “Mal­ware cre­ated by in­tel­li­gence agen­cies can back­fire on its cre­ators.”

The global cy­ber­at­tack has af­fected or­di­nary peo­ple around the world whose lives are now de­pen­dent on com­put­ers— from Bri­tish hospi­tal pa­tients to Chi­nese col­lege stu­dents. Pub­lic pres­sure may build on gov­ern­ments, not only to cre­ate ad­e­quate na­tional de­fenses, but also to find global so­lu­tions to the global threat.

Europol, the Euro­peanUnion’s lawen­force­ment agency, which al­ready has in­ves­ti­ga­tors from a num­ber of coun­tries on the “ran­somware” case, says the at­tack will “re­quire a com­plex in­ter­na­tional in­ves­ti­ga­tion to iden­tify the cul­prits”.

Na­tional gov­ern­ments will be nat­u­rally hes­i­tant about co­op­er­at­ing in a sphere that is so closely linked to in­tel­li­gence and de­fense. But the rev­e­la­tions about theUS ori­gins of the mal­ware, how­ever un­in­tended, may in­crease pres­sure for an al­ter­na­tive toUS dom­i­nance of the cy­ber­sphere.

Ear­lier this month, Chi­nese of­fi­cials called for a new­model for gov­ern­ing the in­ter­net and said China was will­ing to share its “wis­dom, ex­pe­ri­ence and re­sources” in the field with other coun­tries.

With what now looks like ad­mirable pre­science, Long Zhou, the Chi­nese For­eignMin­istry’s co­or­di­na­tor for cy­ber­af­fairs, said at the time: “Cy­ber­at­tacks, cy­beres­pi­onage and surveil­lance have be­come ma­jor is­sues con­fronting all coun­tries.”

Newspapers in English

Newspapers from China

© PressReader. All rights reserved.