Napolitano: U.S. and allies must improve info sharing on cyber threats

As cybersecurity grows in importance, the United States and its allies need to improve information-sharing and collaboration on cyber threats, Homeland Security Secretary Janet Napolitano said today.

While the United States does share information about cyber threats with some allies via existing mechanisms such as the Five Eyes agreement, it does so on an ad hoc basis. There is no specific structure for sharing cyber intelligence despite the fact that cyber threats and attacks crisscross international boundaries, said Napolitano after a speech on cybersecurity at the Center for Strategic and International Studies.

"Cybersecurity, first of all, it is inherently international, it respects no national boundaries," Napolitano said. "Second, there are no international protocols or frameworks on which to hang things. Thirdly, there is a wide disparity in technological capacity among different countries, so it’s really an area that requires a lot of work, but the plain fact of the matter is we have to work internationally."

As Killer Apps has reported previously, Pentagon officials have argued that rapid information-sharing between allies is badly needed to defeat cyber attacks since the cyber domain transcends national borders. Hackers in one country going after networks in another can often disguise their attacks to appear as if they are emanating from servers in a third nation. As Napolitano pointed out today, not all countries have the ability to detect cyber threats and attacks quickly. This means that a country whose servers are hijacked may not even know that it is hosting an attack.

"This is one area where there will needs to be a lot of work over the next, I will say months and years, it is not well developed yet," said Napolitano.

In addition to improving information-sharing with its allies, the United States is working to establish international "norms of behavior" in the cyber arena that are based on the law of armed conflict. These norms would define acts of cyber war, espionage, and crime and would establish what constitutes an appropriate response to such acts. However, these efforts are being held up by nations such as Russia and China, Pentagon officials say.

Here’s what Eric Rosenbach, deputy assistant secretary of defense for cyber policy, told Killer Apps about the matter last month:

"We look at cyber just like you would look at any other form of warfare or military operations," Rosenbach said. "So the law of armed conflict applies, and within that you can already interpret what would be acceptable in cyberspace. We don’t have a lot of case history to back up the customary aspect of it in international law, but we think that the framework is already there."

Russia and China are focused more on controlling citizens’ activities on the Internet rather than limiting attacks on nations’ critical infrastructure, he said.

"There are other countries, the Chinese and Russians in particular, that don’t think the law of armed conflict is the best framework to view these things through and they focus much more heavily on control of information than they do on the security of crucial infrastructure or preventing the destruction of networks."

Rosenbach went on to call this a "nonstarter."

"To say that your model of an international law for cybersecurity is based on controlling media content or what people can say about the government isn’t something we’re interested in at all," he said. "There are other areas — in particular, the theft of intellectual property — because that’s a major problem for the United States right now, where there are very different ideas about what’s acceptable and what’s not."