Governmental cyber officials from around the world met up in Germany this week to discuss international Internet security. The US hasn’t played a significant role in this hootenanny in the past.
There are some huge differences between the US and Russia on the role of the Internet. We’re concerned about online crime, espionage and hacker threats to infrastructure. As a semiauthoritarian country, Russia’s got an entirely different set of objectives – namely, regime survival. Quoth George Sadowsky, US ICANN rep:
The Russians have a dramatically different definition of information security than we do; it’s a broader notion, and they really mean state security
At the same time, the border between criminal mafia and government can get a bit blurry in Mother Russia, and their online criminals are particularly profitable.
Another interesting element: the Russians are pushing a treaty that bans offensive cyberweapons.
While a lovely concept, it’s ludicrous to the point of comedy. The techniques of attack and defense in cybersecurity are tightly linked; you can’t protect your networks without thinking about how people will get in, and many network analysis tools are basically automated attack suites.
Further, the centerpiece of the great New START treaty is the concept of verification – intrusive examinations can ensure that there are in fact only 1,550 warheads out there. How on earth would you make sure no one was building “cyber weapons” – which are, of course, only programs – without giving the KGB FSS access to every computer?
Real world weapons (ie, microwave rayguns that fry electronics) are actual items that could be controlled and counted, like subs or SCUDs.
All said, though, the US and Russia seem to be moving closer to shared ideas on the topic of international Internet security. And they’re going to continue talking.
I’m a bit alarmed about what it is they agree about, though. Stay tuned!