30-06-2012, 06:04 PM
INTERNATIONAL COORDINATION TO INCREASE THE SECURITY OF CRITICAL NETWORK INFRASTRUCTURES
INTERNATIONAL COORDINATION.doc (Size: 375 KB / Downloads: 21)
ABSTRACT:
“[A]ll our infrastructures are increasingly dependent on information and communications systems that criss-cross the nation and span the globe. That dependence is the source of rising vulnerabilities…” Improving the security of these infrastructures requires coordination within and among organizations and nations. With a primary focus on international efforts, we examine the advantages of four forms of cooperation: informal bilateral, formal bilateral, informal multilateral, and formal multilateral. We then consider five areas that demonstrate the value of international coordination: standardization, information sharing, halting attacks in progress, legal coordination, and providing aid to developing nations. To secure these infrastructures effectively, international approaches should be matched with appropriate national strategies. Information security policy efforts in these and other areas should be mindful of unintended consequences.
Introduction
“In a world of intertwined global networks, is there a need for a coordinated, sustained, and institutionalized approach to protecting critical network infrastructures?”
We propose that the answer to this question is yes, and that there is a need not for one, but for several such “coordinated, sustained, and institutionalized” approaches. Both critical network infrastructures and the attacks that threaten them take a wide range of forms; they both also cross borders in complex and sometimes surprising ways. Software written in India controls emergency gas leak repairs in Britain; an e mail from Kenya might cross the Atlantic in route to South Africa; and a hacker operating from an unidentified country might use computers in Latvia and the United States to attack a South Korean government site. No single national or international approach can create trust in so many different infrastructure systems.
Threats to security
The first factor driving the need for defence is the growing dependence of business and society on critical network infrastructures. Communication has become the lifeblood of modern societies. The rise of e commerce has made these networks responsible for a growing share of national wealth and hopes for greater prosperity. Furthermore, in some nations, pre-existing critical services have come to rely on electronic networks – emergency services, navigation systems for shipping and air traffic, electric power grids, and water control systems. While these dependencies vary from nation to nation, nearly all nations already or will in the future depend on these critical network infrastructures.
The need for international cooperation
One reason for our focus on international cooperation is the sheer difficulty and cost of responding to these threats. Most of the over 200 national and territorial governments of the world are technically or otherwise incapable of dealing with cyber threats on their own. Furthermore, the difficulty of guaranteeing the security of any system requires even the most technically advanced nations to consider costs and benefits carefully in choosing strategies for cyber defence. International cooperation can reduce these costs and increase the range of strategic options that each nation can afford to consider.
A stronger reason is that both the networks and the attackers operate across international borders. “Because all of cyberspace comes to ground somewhere, it has essentially created ‘borders’ between every pair of countries, and not just those that are physically adjacent.” Cooperation is the only way to reduce to manageable levels the resulting combinatorial explosion in numbers of potential attacks and cross-border investigations. Some specific defence strategies, such as shutting down attacking systems and locating and extraditing attackers, may be impossible both technically and legally in the absence of international agreements.
The nature of alliance and cooperation
ITU is a good example of the complex forms that international alliances may take. ITU is both a specialized agency of the United Nations (UN), and a formal, multilateral alliance with private, public, and non-profit members. Its membership includes 189 countries and over 650 groups ranging from regional and international organizations to “the world’s largest manufacturers” and “small, innovative new players.” Along with its work in establishing telecommunications and radio standards, ITU is also involved in efforts to extend network services in less developed countries. These diverse activities necessitate the diverse organizational forms of its membership.