US, Britain Mull Cross-Border Cyber Defense
The two countries will consider responses to situations where one attack involves multiple countries inadvertently hosting malicious hacking. By Aliya Sternstein
President Barack Obama and British Prime Minister David Cameron are meeting this week in Washington to discuss the two nations' response to the growing threat of cyberattacks.
The two leaders are expected to discuss, in particular, the problem of adversaries hijacking computers in Britain to unleash cyber assaults on America, and vice versa, according to a security firm involved in the talks.
In a realm without physical boundaries, it’s all too easy for hackers to hop around and fake out authorities.
A recent case in point: Computers engaged in the Sony hack allegedly operated out of New York, Thailand, Poland, Italy, Bolivia, Singapore and Cyprus, according toThe Associated Press. The attackers -- who the FBI claims are North Korean -- also published some company files using an anonymous email service in France.
"These attacks cross country borders," said Nicole Eagan, head of U.K.-based firm Darktrace, who will brief Cameron in Washington, D.C., before he heads into the Oval Office on Friday. The defense tactic "really has to be more governments and companies working together because of the nature of these truly global threats."
Darktrace, with a staff roster comprising former National Security Agency, GCHQ and MI5 analysts, uses technology that combines probability and artificial intelligence to predict the next moves of attackers. The system, borne out the University of Cambridge, basically detects hacks before they've happened.
This capability can be helpful in pinpointing the assailant’s potential attack route and end target.
"Let's say you have an adversary that is coming out of the Middle East. They are probably going to utilize infrastructure that partly is based in an Amazon cloud in Europe, maybe then utilize some hop points for command and control that are in the U.S.,” said Jasper Graham, a veteran NSA technical director and now a senior vice president at Darktrace, giving an example of a possible threat vector. "The victim might be the U.S., but they are going to utilize a whole bunch of international infrastructure in order to execute their attacks."
Obama and Cameron are scheduled to discuss a variety other topics over dinner Thursday, followed by a White House meeting Friday, administration officials said in a statement. They declined to comment further.
Sticky Subject of Encryption
Another reason the two countries want to align cyber policies is so they can close regulatory loopholes. Lax security rules in one nation can aid an adversary mired by tougher rules in a target country, Jasper explained.
The men likely will discuss ways of cooperating in situations where “you have one attack but you have multiple countries involved with the hosting” of the malicious activity, he said.
“How do we quickly exchange the [threat] indicators amongst the government agencies so that they can track down those responsible in a timely manner?” Jasper said.
A common hacker practice is to breach a small mom-and-pop shop in one portion of the world and use that store’s compromised system "as a staging point to attack something much bigger in another part of the world," Jasper said. "It becomes really hard for them to trace back who is responsible."
The conversation between the two Western leaders will cap a week of White House activity related to cyberspace. Obama proposed legislation that would, among other things, require companies to notify data breach victims within 30 days and to share metadata from customer and business communications that could signal a cyber threat. The legislative agenda is the administration's response to a year of high-profile intrusions at Target, JPMorgan, Sony and other companies. And the strategy is expected to be a focus of next week's State of the Union address.
But there is tension between civil liberties advocates and the two countries with a "special relationship" over the matter of allowing government eyes into people's private correspondence. To guard against what critics see as surveillance overreach, some citizens now are "encrypting" their communications with secret codes that render them interception-proof.
The prime minister reportedly pledged to ban the likes of Facebook’s WhatsApp, Apple's iPhone and other encryption tools, as a means of collecting more intelligence on suspected terrorists following the Paris shootings.
FBI Director James Comey last fall said: "If the challenges of real-time data interception threaten to leave us in the dark, encryption threatens to lead us all to a very, very dark place. I am a huge believer in the rule of law, but I also believe that no one in this country should be beyond the law. There should be no law-free zones in this country."
The American Civil Liberties Union maintains that encryption does not have to interfere with catching terrorists or cyber crooks.
The nation should concentrate on “encouraging companies to adopt basic security best practices, like two-factor authentication and encryption, to prevent hacks. This would be more effective, and less invasive, than expanding surveillance authorities or creating exemptions to existing privacy law," ACLU legislative counsel Gabe Rottman said Tuesday in a blog post.