During a panel at the 2017 AAAS Science Diplomacy Conference, experts encouraged international cooperation on cybersecurity challenges related to education, standards and law enforcement. | Stephen Waldron/AAAS
International cooperation on law enforcement and in setting educational and standard practices is the best way to address global cybersecurity challenges, said experts during a panel at the 2017 AAAS Science Diplomacy Conference on 29 March.
Practitioners in the cybersecurity field explored the methods that they are using to improve international relations on cyber-related issues, creating opportunities for experts to work across borders to bolster the security of digital information.
Adam Sedgewick works with the National Institute of Standards and Technology (NIST), the technical arm of the Department of Commerce. He said the agency’s main role in cybersecurity is to find ways to better secure information and data stored in federal computer systems.
“We want to make it easier for users to do the right thing, harder for them to do the wrong thing and then easier to recover when the wrong thing inevitably happens,” Sedgewick said.
Sedgewick is a senior information technology policy adviser at NIST, which released a cybersecurity framework in 2014. He said that the guide is meant to help private sector companies and organizations establish processes to better detect and respond to cyber-attacks. Created as a living document, it was updated as recently as January 2017.
The framework was developed after a 2013 executive order from President Barack Obama, which warned of the cyber threat to the nation’s essential assets like telecommunication and security services, which are classified as “critical infrastructure.”
While it is a tool created by the federal government, the framework references globally recognized cybersecurity standards and can be used by groups outside the United States. In the document’s introduction, NIST stated that it “can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity.”
Such collaboration between countries and regions is essential when it comes to combatting cyberattacks, according to Matthew Noyes, a cybersecurity policy adviser with the Secret Service.
Investigating financial crimes like bank fraud and money laundering is one of the agency’s main priorities. The Secret Service has been probing computer hacking since 1984, Noyes explained, primarily ensuring that technology used by the federal government and financial institutions is not vulnerable to attacks.
“It’s really changed the nature of law enforcement,” Noyes said.
Noyes cited the example of Maxim Senakh, who recently plead guilty in connection with a group that developed malicious software that generated millions of dollars in fraudulent payments by hacking computer servers around the world.
Senakh, a Russian citizen, was arrested while traveling in Finland and eventually extradited to the United States. Noyes mentioned that the FBI, the Finnish government and German federal police all aided with the investigation.
“These are global investigative activities requiring broad partnerships to address,” Noyes said.
The United States has traditionally been a popular target for digital crime because its government and financial institutions were early-adopters of technology, he noted. Going forward, however, Noyes predicted cyberattacks in other countries will increase.
The federal government has upgraded government-issued credit and debit cards, which now feature an EMV chip instead of a magnetic strip, Noyes said. While attackers may be able to duplicate the information kept on a magnetic strip, the microprocessor chip uses a unique authentication code with each transaction, preventing criminals from using the code to make additional purchases.
Many Latin American countries have not yet made this switch, he noted, and could be more vulnerable to theft and fraud.
“That’s going to cause a change in the number of states that are partnering to really address this challenge,” he explained.
As the need expands for companies, governments and organizations to secure their data, Diana Burley is working to fill a gap in the workforce for cybersecurity professionals. The Bureau of Labor Statistics projected that 1.4 million cybersecurity jobs could become available in the United States alone by 2020, but the agency reported only 400,000 qualified workers will be available to fill the positions.
Burley, a professor at George Washington University, leads a joint task force for cybersecurity education. The group plans to develop the first set of global curricular guidelines, as a way of helping academic institutions build up their cybersecurity training programs.
She said that the task force is working with a global advisory committee “to ensure not only that we are addressing needs in the U.S., but that we have a detailed understanding of academic and workforce needs around the world.”
Burley said that teaching students how to protect their own information is also an important component of the guidelines. She said that she has seen a variety of different approaches to this subject, which is also known as cybersecurity awareness.
“Nations around the world are all in the process of figuring it out,” Burley said, “in terms of how to integrate this content into higher-ed and K-12.”
The good news, she said, is that nations are collaborating and learning from each other’s methods in order to determine the most effective techniques for preparing students, not just for safeguarding their future employer’s data, but for securing their own.
“There’s no such thing as 100 percent safety,” said Burley, “but there is progress that we can make toward being safe by taking personal responsibility on the things we control.”
[Associated image: Guillaume Paumier, CC-BY/Wikimedia Commons]