Presentations from BGF-UNESCO-at-UCLA conference

(October 2oth, 2016) On September 3rd,  The Boston Global Forum hosted the very first  BGF-UNESCO-at-UCLA conference  at the Harvard University Faculty Club.

This conference was an official event to establish the Global Citizenship Education Network (GCEN) between UNESCO, UCLA and the Boston Global Forum (BGF) .  Based on GCEN, we will implement our next initiatives: Global Citizen Number (GCN), Global Citizen Score Card (GCSC) , Global Citizen Certificate (GCC), and Global Citizen Leadership programs (GCL).

Here the presentations from our distinguished speakers at the conference concerning  Global Citizenship Education in Cyber Civil Defense.

 

Analytics for Smart Grid Cybersecurity by Nazli Choucri and Gaurav Agarwal


Cyber Civil Defense by Allan Cytryn


Cyber-security Incidents by Rodman K. Reef from Reef Karson Consulting, LLC


The Dynamics of International Cyber Conflict by Ryan C. Maness


Global Citizenship in Cyber Civil Defense


 

Addressing Attacks on Vietnamese Computer Systems

Addressing Attacks on Vietnamese Computer Systems

By

Allan Cytryn, Risk Masters International, LLC; Member of Board of Thinkers, The Boston Global Forum

and Prof. John E. Savage, Brown University; Member of Board of Thinkers, The Boston Global Forum

images

We recommend a series of actions, both short and long-term. The ultimate goals of these actions are to 1) ensure the appropriate international agencies are fully engaged in addressing this issue and its longer term implications, 2) operationally address the issue immediately and restore reliable, safe operations for air travel, and 3) more broadly enhance the cyber-resilience of Vietnam so that it is less vulnerable to such incidents.

I. Ensure the appropriate international agencies are engaged:

  1. . This is an airline security issue. We recommend reporting it to the International Civil Aviation Organization (ICAO) and requesting their assistance. While they may not have cyber security expertise, they are very concerned about security and may be able to help address the problem.
  2. We recommend reporting this incident to FIRST, the global Forum for Incident Response and Security Teams. FIRST describes itself as the “premier organization and recognized global leader in (computer security) incident response.” As you can see from their website, they can provide a great deal of assistance with long and short term solutions.
  3. This serious incident should also be reported to international bodies including ASEAN, G7, G20, and UNGA.

II. Address the issue immediately and restore reliable, safe operations:

  1. Consultants should be hired to do a forensic analysis of the affected systems. Friendly governments, such as the US, can advise on companies that are highly qualified to do this analysis and that can be trusted as well.
  2. Companies that we would recommend include Crowdstrike and Fidelis.

 

III. Longer-term, more broadly enhance the cyber-resilience of Vietnam:

a. Implement broad-based cyber-education at multiple levels

i. Train local specialists in computer security.

  1. The Vietnam Education Foundation (VEF) can help to develop university-level cybersecurity educational programs.
  2. The Boston Global Forum can also help with this effort.
  3. Vietnam could also emulate the US Computer Science for All program that encourages young Americans to acquire computer science skills.

 

ii. Educate policymakers and academics about Internet governance issues.

  1. DiPLO Foundation has cybersecurity programs to help diplomats to acquire the knowledge necessary to participate in international policy development.
  2. The Boston Global Forum can also help with this matter.

iii. Develop programs in cyber-hygiene for the general population and develop policies and practices to ensure the general population is appropriately educated in this area

  1. Begin classroom training in early education and continue through all level of schooling
  2. Provide online courses to allow all persons, including those not in school, to be properly educated
  3. Consider policies and incentives to encourage people to take the cyber-hygiene courses

b. Develop a cyber-resilient infrastructure

i. Broadly adopt the principle of cyber-resilience across all IT and Communications infrastructure in Vietnam.

ii. Jumpstart the process by targeting key industries, businesses and organizations that have the highest level of exposure and risk.

  1. Consider “pooling” or sharing resources and teams across multiple organizations where appropriate and practical to maximize the speed and effectiveness of the initial programs.
  2. Identify and address reasonable impediments to success, including funding, product availability, staff availability and training.

iii. Align these efforts with training goals, using these implementation activities to further the nation’s goals to train individuals who can then apply their learnings to other enterprises.

Congressional Quarterly Roll Call Documents John Savage’s Contribution To A Historic International Cybersecurity Agreement

(July 4th, 2016) Congressional Quarterly Roll Call recently interviewed Professor John Savage of Brown University‘s Department of Computer Science (Brown CS) to document a unique moment in history. “The May 26-27 meeting of the Group of Seven in Ise-Shima, Japan,” writes Paul Merrion, “produced the G7’s first-ever stand-alone agreement on cybersecurity, data protection and internet governance.” 

download.png.300x300_q85

To give a bit of history, the Boston Global Forum (BGF), chaired by former governor Michael Dukakis, was founded to bring together thought leaders and experts from around the globe to participate in open public forums to discuss and illuminate the most critical issues affecting the world at large. In February, their CEO, Tuan Nguyen, asked John to address BGF and prepare an agenda for the G7 Summit, working with other individuals affiliated with BGF to develop his presentation into a formal proposal.

The G7 agreement (“The G7 Ise-Shima Leaders’ Declaration”), which draws on the work of Savage and his colleagues, makes the landmark statement that cyberspace is under the rule of national law, and advocates for responsible state behavior during peacetime and the development of confidence-building measures to increase security. “It’s very significant,” John says. “It’s progress, it’s recognition that nations need to help one another.”

The full article, located here, is only available to subscribers, but a summary of the Declaration is available here.

For more information, please click the link that follows to contact Brown CS Communication Outreach Specialist Jesse C. Polhemus.

Cybersecurity Deficits and International Norms by Derek S. Reveron

(June 6th, 2016) International security for the last 30 years has been characterized by security deficits, which I define as a government’s inability to meet its national security obligations without external support. (1)  In the terrestrial world, intra-state, transnational, and regional actors challenge governments’ ability to provide a secure environment for their citizens.

Logo

 

cybersecurity011_16x9

This means Iraq struggles against ISIS, the United States struggles against transnational organized crime, and Ukraine struggles against Russia. While these conflicts are isolated in particular places of the world, the effect of security deficits are felt throughout entire regions. G7 countries have been at the forefront of peace efforts to alleviate problems created by international crises like these. They also provide development and security assistance to weakened governments in an effort to improve stability, strengthen institutions, and protect vulnerable populations. The rationale to assist countries in overcoming their security deficits has been based on the assumption that instability breeds chaos, which would make it more likely that the international community would face pressure to intervene in the future, often at a higher cost in lives and resources.The same is true in the cyber world. Transnational organized criminal groups harness the power of the internet to steal identities and conduct financial crimes; terrorist organizations use cyberspace to recruit fighters and promote their destructive deeds; and countries employ cyber tools for espionage while laying the ground work for military operations in cyberspace. Cyber challenges like these cut across all dimensions where we live and are simultaneously political, economic, and social. More than ever, citizens, regardless of nationality, are exposed to risks created by cyber insecurity. Reinforced by intelligence assessments, polling in the United States places cyber insecurity as a pressing national security challenge.

With persistent vulnerabilities in the software we use and the relative impunity with which states, groups, and individuals operate in cyberspace, we will continue to experience data breaches leading to fraud and intellectual property theft undercutting innovation. Governments, organizations, companies, and individuals can be vermatched by malicious actors. Cybersecurity deficits undercut the benefits citizens derive from the technology we enjoy, and directly affect individuals in ways that past conflicts in distant parts of the world have not affected G7 countries.

At the same time, disclosures about governments’ roles in cyberspace undermine trust and challenge credibility. Information technology companies are pressured to enable governments special access to their products, all the while attempting to comply with different national regulations. Citizens are stuck in the middle feeling that the promises of an open, transparent, and secure cyberspace look bleak.

At the national security level, governments are concerned with Cybergeddon scenarios against critical public infrastructure disabling electricity, telecommunications, and financial services. While Cybergeddon is not inevitable (and represents a wake-up call about cyber insecurity rather than an existential threat), critical sectors have huge incentives to secure their infrastructure. However, as we have seen in other areas, security becomes a cat and mouse game where malicious actors improve rapidly, often outpacing governments abilities to adapt or defend against emerging threats.

This shared insecurity need not be paralyzing, but can be a basis for international cooperation in which G7 governments have important roles to play. Building on the norms that my colleague John Savage outlined, the next steps to improve cybersecurity include:

  1. Convening sub-regional summits to outline the scope of cybersecurity challenges andimprove multilateral efforts to promulgate norms.
  1. Establishing information sharing centers where governments can share threat information, coordinate cybersecurity policies, and implement best practices forgovernments, organizations, companies, and individuals.
  1. Assisting governments in developing countries to strengthen their government networks,improve protection of critical public infrastructure, and educate citizens to raise their security posture improving human capital. There are no borders in cyberspace, and our networks are only as strong as the weakest access point. By promoting cybersecurity norms, enabling cooperation among G7 countries, and assisting developing countries, we all become more secure from actors that place individuals at the forefront of the cybersecurity threat. When thinking about improving security in cyberspace, we should look at how international partners contribute to security in the terrestrial space through cooperative military operations, peacekeeping, and international assistance. These are important norms to replicate in cyberspace as there is a common responsibility to guarantee our citizens a minimal level of cybersecurity.

Since cyberspace is a reflection of G7 countries’ values and corporations in G7 countries dominate the information technology space, G7 countries are well placed to lead the world on establishing cyber norms to improve cybersecurity.

Derek S. Reveron (2)  May 9, 2016

U.S. Naval War College and Belfer Center for Science and International Affairs

(1) Derek S. Reveron, Exporting Security: International Engagement, Security Cooperation, and the Changing Face of the US Military, Second Edition (Washington, DC: Georgetown University Press, 2016).

(2) The views expressed here are the author’s alone and do not represent the official position of the Department of the Navy, the Department of Defense or the U.S. government.