C. Warren Axelrod

Global Cybersecurity Agreement?

First off, I strongly believe that, in order to make any headway at all with respect to creating a more trustworthy and secure Internet, there must be global sponsorship of efforts to improve cybersecurity, generally-accepted cybersecurity policy and standards, and international institutions to enforce them. I emphasized the need for global standards in my September 11, 2017 column “Global Cybersecurity Standards … Another Plea,” which is available at https://www.bloginfosec.com/2017/09/11/global-cybersecurity-standards-another-plea/

I have also published a couple of articles, which are available at IEEE Xplore, that suggest organizational structures and processes to achieve a suitable level of international standards for cybersecurity. One is the May 2015 article “Enforcing Security, Safety, and Privacy for the Internet of Things,” where I suggest structures and roles for international agencies for application security. The second is the April 2016 article “The Creation and Certification of Software Cybersecurity Standards,” which points to the gaps in software security standards and recommends how those gaps may be bridged.

So, you would have thought that I would have been overjoyed at learning of the November 12, 2018 publication “PARIS CALL for Trust and Security in Cyberspace, “ available at https://www.diplomatie.gouv.fr/IMG/pdf/paris_call_text_-_en_cle06f918.pdf  Well, I wasn’t. Especially with a title like that. You would have thought that they would have at least given the document an international flavor and emphasized trust and security over a French origin. They should have learned from the Paris [Climate] Agreement. What’s with this need to brand these attempts at global consensus with “Paris”? Keep it neutral.

An article by Cat Zakrzewski with the title “The Cybersecurity 202: The U.S. was notably absent from a global cybersecurity pact, But American companies signed on,” which is available at https://www.washingtonpost.com/news/powerpost/paloma/the-cybersecurity-202/2018/11/13/the-cybersecurity-202-the-u-s-was-notably-absent-from-a-global-cybersecurity-pact-but-american-companies-signed-on/5be9c0881b326b3929054751/?utm_term=.77c9240b0649 , dampened any enthusiasm from the start. First off is the list of counties and major global companies, which didn’t sign the pact. Most surprising was the fact that the U.S. didn’t sign up, but there again, neither did Australia, Russia, China, Iran, North Korea, and Israel. Nor did Amazon and Apple. The “Paris Call” document was fairly general and bore no indication of any adverse consequences for noncompliance, so what was the big deal about not signing? Second, the document is clearly French in origin. It is supposedly supported by the British. However, this coalition is puny in comparison to the U.S., Russia and China. It ends up looking like a political ploy, which is very disheartening. We are allowing precious time to pass without our taking any action in this dangerous space. Shame on us.

So, there you have it. Another futile attempt to curb the rampaging cybersecurity threat.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*