Q2/2019 - International Expert Conferences

[Translate to Englisch:] 5G Conference, Prag, 5. Mai 2019

On 5 May 2019 an expert conference on 5G was held in Prague under the title "Cybersecurity of Communication Networks in a Globally Digitalized World". It was opened by Czech Prime Minister Andrej Babis. Participants included EU Commissioner for Justice, Vera Jourova, and NTIA President, David Redl of the US Department of Commerce. Babis said in his opening speech that the societal change brought about by 5G was likely to be more comprehensive than one could imagine at the moment. On the one hand, huge new opportunities were opening up, but on the other hand, the vulnerabilities of societies were going to grow on unprecedented scales. The introduction of 5G therefore had to go hand in hand with a new approach to cyber security issues. It was necessary to create a public awareness that was in line with reality and to raise international cooperation on cyber security to a new level. The conference adopted a document called "The Prague Proposals", which contains 20 proposals for the fields of politics, technology, economics, security and data protection[1].

 

[Translate to Englisch:] CyCon, Tallinn, 29. - 31. Mai 2019

The annual CyCon Conference in Tallinn, organised by the NATO Cyber Defence Centre, has evolved over the years into a leading expert conference on cyber security. The two Tallin Manuals, which are regarded as an essential aid to the interpretation of state behaviour in cyberspace under international law, were developed within the framework of the conferences. The 2019 conference, which took place in Tallinn from 29 to 31 May, was opened by the President of Estonia, Kersti Kaljulaid. In her speech, Kaljulaid outlined Estonia's position on the application of international law in cyberspace in five points[2]. She pointed out that the danger of international conflicts in cyberspace was growing and that especially small and highly networked countries like Estonia saw international law as a bulwark against attacks from outside. She quoted the former President of Estonia, Lennart Meri, who had called international law the "nuclear weapon of a small state". Kaljulaid emphasised that states are responsible for their behaviour in cyberspace. Wrongful behaviour or attacks on other states in cyberspace should have consequences. She referred to numerous grey areas in the interpretation of international law with regard to cyber attacks, but clearly argued that states must also be allowed to resort to the right of self-defence if they are attacked in the cyber domain. Estonia, she said, was almost completely digitalised and therefore highly vulnerable. It had to have all available instruments at its disposal to defend itself against cyber attacks. A corresponding counter-attack must be measured against the principles of proportionality under international law and the norms of international humanitarian law.

 

[Translate to Englisch:] Internet & Jurisdiction Policy Network, Berlin, 3. - 5. Juni 2019

The Internet & Jurisdiction Policy Network founded by the French Internet expert Bertrand de la Chapelle hosted its 3rd annual conference in Berlin from 2 to 4 June 2019. Previous conferences were held in Paris (2017) and Ottawa (2018). The basic idea of the Internet & Jurisdiction project is to develop mechanisms that enable the 193 national jurisdictions to collaborate in a borderless Internet world. The Ottawa Roadmap adopted last year grouped this concept into three programs: Data & Jurisdiction, Content & Jurisdiction and Domains & Jurisdiction. In Berlin, a comprehensive report with very precise proposals for potential general framework conditions was delivered for each of these domains. A series of regional conferences is planned for 2020. A next plenary conference is scheduled for 2021. Due to its topical and explosive nature, the project is very popular with both governments and the private sector. Sponsors of the project include UNESCO, the Council of Europe, the European Commission, the OECD and ICANN. Nevertheless, also doubts are being voiced as to whether the goal of extending the interoperability of national jurisdictions in global cyberspace can be achieved at all[3].

 

[Translate to Englisch:] RightsCon, Tunis, 11. - 14. Juni 2019

The RightsCon Conference has developed from the 2011 "Silicon Valley Human Rights Conference" into one of the world's largest Internet conferences for civil society. More than 3,000 experts, mainly from civil society and the academic community, attended the 8th edition of RightsCon in Tunis from 14 to 17 June 2019. RightsCon is organised by the global civil society organisation Access Now. The organisers had selected 450 sessions from the 850 program proposals. The RightsCon is very similar to the IGF and deals in principle with the same topics. The focus is on human rights issues. Keynote speakers in Tunis included David Kaye, UN Special Rapporteur on Freedom of Expression, and Moez Chakchouk, Assistant Director-General of UNESCO. At the end of the conference, the organisers published a statement titled "RightsCon Tunis Learnings", which attempts to summarise the essentials of the conference[4]. The next RightsCon will be held in June 2020 in San José in Costa Rica.

 

[Translate to Englisch:] Cyber Week, Tel Aviv, 23. - 27. Juni 2019

The Cyber Week in Tel Aviv has become one of the largest Internet conferences outside the USA. The 9th Cyber Week, hosted by the Blavatnik Institute of Tel Aviv University, was attended by 8,000 experts from 80 countries. Israel has become one of the leading countries in the development of cyber security hardware and software. The Israeli Army's special training program with a focus on cyber security has led many former recruits to set up start-ups after leaving the army. They have become the engine of a rapidly developing digital economy in Israel. The Cyber Week conference was opened by Israeli Prime Minister Benjamin Netanyahu. He warned against Iran's growing potential to carry out targeted cyber attacks against third countries. Israel exchanged secret information about cyber threats with 85 countries. With the increased complexity of the systems, also the need for new regulations was growing. Netanyahu emphasised that he wanted to make sure that neither innovation nor cyber security suffered as a result of such regulations[5]. The head of the Israeli secret service Mossad, Yossi Cohen, warned that with society becoming more and more interconnected it would also become more vulnerable. “We are surrounded on all sides by cyber threat” [6]. Mossad received the annual Cyber Defender Award at the conference for its achievements in the field. As in the preceding years, the USA was represented again by high-ranking personalities such as former Senator Joe Lieberman and former NSA Director Mike Rogers. Rogers also commented on the American-Iranian conflict and its growing "cyber dimension"[7].

 

Mehr zum Thema
Q2/2019
  1. [1] Prague Proposals, Prague, 5. Mai 2019: „The Chairman suggests following proposals in four distinct categories in preparation for the roll out of 5G and future networks. A. Policy: 1. Communication networks and services should be designed with resilience and security in mind. They should be built and maintained using international, open, consensus-based standards and risk-informed cybersecurity best practices. Clear globally interoperable cyber security guidance that would support cyber security products and services in increasing resilience of all stakeholders should be promoted. 2. Every country is free, in accordance with international law, to set its own national security and law enforcement requirements, which should respect privacy and adhere to laws protecting information from improper collection and misuse. 3. Laws and policies governing networks and connectivity services should be guided by the principles of transparency and equitability, taking into account the global economy and interoperable rules, with sufficient oversight and respect for the rule of law. 4. The overall risk of influence on a supplier by a third country should be taken into account, notably in relation to its model of governance, the absence of cooperation agreements on security, or similar arrangements, such as adequacy decisions, as regards data protection, or whether this country is a party to multilateral, international or bilateral agreements on cybersecurity, the fight against cybercrime, or data protection. B. Technology: 5. Stakeholders should regularly conduct vulnerability assessments and risk mitigation within all components and network systems, prior to product release and during system operation, and promote a culture of find/fix/patch to mitigate identified vulnerabilities and rapidly deploy fixes or patches. 6. Risk assessments of supplier’s products should take into account all relevant factors, including applicable legal environment and other aspects of supplier’s ecosystem, as these factors may be relevant to stakeholders’ efforts to maintain the highest possible level of cyber security. 7. When building up resilience and security, it should be taken into consideration that malicious cyber activities do not always require the exploitation of a technical vulnerability, e.g. in the event of insider attack. 8. In order to increase the benefits of global communication, States should adopt policies to enable efficient and secure network data flows. 9. Stakeholders should take into consideration technological changes accompanying 5G networks roll out, e.g. use of edge computing and software defined network/network function virtualization, and its impact on overall security of communication channels. 10. Customer – whether the government, operator, or manufacturer -- must be able to be informed about the origin and pedigree of components and software that affect the security level of the product or service, according to state of art and relevant commercial and technical practices, including transparency of maintenance, updates, and remediation of the products and services; C: Economy: 11. A diverse and vibrant communications equipment market and supply chain are essential for security and economic resilience, 12. Robust investment in research and development benefits the global economy and technological advancement and is a way to potentially increase diversity of technological solutions with positive effects on security of communication networks, 13. Communication networks and network services should be financed openly and transparently using standard best practices in procurement, investment, and contracting. 14. State-sponsored incentives, subsidies, or financing of 5G communication networks and service providers should respect principles of fairness, be commercially reasonable, conducted openly and transparently, based on open market competitive principles, while taking into account trade obligations. 15. Effective oversight on key financial and investment instruments influencing telecommunication network development is critical. 16. Communication networks and network service providers should have transparent ownership, partnerships, and corporate governance structures. D. Security, Privacy, and Resilience: 17. All stakeholders including industry should work together to promote security and resilience of national critical infrastructure networks, systems, and connected devices., 18. Sharing experience and best practices, including assistance, as appropriate, with mitigation, investigation, response, and recovery from network attacks, compromises, or disruptions should be promoted. 19. Security and risk assessments of vendors and network technologies should take into account rule of law, security environment, vendor malfeasance, and compliance with open, interoperable, secure standards, and industry best practices to promote a vibrant and robust cyber security supply of products and services to deal with the rising challenges., 20. Risk management framework in a manner that respects data protection principles to ensure privacy of citizens using network equipment and services should be implemented., see: https://www.vlada.cz/en/media-centrum/aktualne/prague-5g-security-conference-announced-series-of-recommendations-the-prague-proposals-173422/
  2. [2] Kersti Kaljulaid, Tallin, 29 May 2019: „1. Existing international law applies in cyberspace. 2. States are responsible for their activities in cyberspace., 3. States must keep on strengthening their own resilience to cyber threats and disruptions, both individually and collectively. 4. States have the right to attribute cyber operations both individually and collectively according to international law. 5. States have the right to react to malicious cyber operations, including using diplomatic response but also countermeasures, and if necessary, the inherent right of self-defence.“ See: https://www.president.ee/en/official-duties/speeches/15241-president-of-the-republic-at-the-opening-of-cycon-2019/index.html
  3. [3] See: https://www.internetjurisdiction.net/
  4. [4] RightsCon Tunis Learnings: a shared foundation for defending our rights, Tunis, 14. Juni 2019, see: https://www.rightscon.org/rightscon-tunis-learnings/
  5. [5] The Times of Israel, Israel cyber spying helped foil terror attacks in ‘dozens’ of countries, PM says, Tel Aviv, 26. Juni 2019: „Israel has used cyber-intelligence to help foil “major” terror attacks planned by the Islamic State terror group and others in “dozens” of countries, Prime Minister Benjamin Netanjahu said at a cybersecurity conference on Wednesday in Tel Aviv. Netanyahu said at the conference that Israel had, for example, helped foil an IS attack on an Etihad Airways flight from Sydney to Abu Dhabi, and alerted Australian officials, helping thwart an explosion in the air. Etihad is the national airline of the United Arab Emirates. „In his speech at the Cyber Week conference, Netanyahu said that the world and Israel were undergoing a “revolution” in which everything from agriculture to health to cars was becoming connected. Israel can play a major part in this revolution, he said, because of its tech prowess. But none of it is possible if the cyber sphere is not secured. Israel has made an “enormous investment” in human capital, mainly via its military training programs, and has created a group of people with skills who “can deal with the ramifications of this revolution,” he said. Cyber is essential to the growth of anything we are talking about,” he said. “Nothing of this… growth is possible without the accompanying cybersecurity and we intend to be world leaders in that field.” To achieve this, Israel must keep investing in its national cyber capabilities and at the same time must not stymie businesses through over-regulation. As the cybersecurity industry grows, so will the need for regulation, similar to the weapons industry, he acknowledged. “but my principal role has been not to over-regulate. “I think we have to take a risk, and it is a considerable risk, of regulating less in order to to grow more and that is a decision that I and Israel have taken.” See: https://www.timesofisrael.com/israel-cyber-spying-helped-foil-terror-attacks-in-dozens-of-countries-pm-says/
  6. [6] The Times of Israel, US, Iran tensions show cyberattacks becoming part of warfare — ex-NSA chief, Tel Aviv, 25. Juni 2019, „Yossi Cohen, the head of the Mossad spy agency, said that “cyber-collection” — or gleaning information from the cyber-sphere — has become “one of the main tools used by intelligence organizations in the war against terror,” and makes it possible for agencies like the Mossad to provide significant warnings to avert immediate threats to lives. A world in which everything is becoming more and more connected is “redesigning the threat of the nation,” he said. “We are surrounded on all sides by the cyber threat and as a result we are becoming increasingly vulnerable and more exposed to attacks.” https://www.timesofisrael.com/us-iran-tensions-show-cyberattacks-becoming-part-of-warfare-ex-nsa-chief/
  7. [7] The Times of Israel, US, Iran tensions show cyberattacks becoming part of warfare — ex-NSA chief, Tel Aviv, 25. Juni 2019: „At the conference in Tel Aviv, Rogers, who emphasized he no longer worked for the government and all of his comments were based on what he had learned via the media, said that in the recent US-Iran tensions, both nations were using cyberattacks “as a potential response option that offers lower risk” than active warfare or a military strike. “That suggests to me that we are going to see more of this,” he said, because a cyberattack has the potential to send a message without provoking more violence. “It is not likely to trigger an escalatory response from the other side,” he said. A third insight that can be gleaned from the recent US-Iran events is that both nations and companies could face the threat of cyberattacks. “In the West we have always drawn this line between what is government and what is commercial,” but Iran has not been respecting this distinction, which presents “another interesting challenge” for cybersecurity firms along with potential targets, he said. Rogers added that cyberattacks are growing globally both in complexity and scale. Technologies such as AI and machine learning are a double-edged sword, offering “great defensive capabilities” but at the same time serving as a handy tool for malicious players. The huge amount of data available today and the convergence of networks makes it harder for both humans and machines to identify all kinds of threats. So, he said, the key is to prioritize the most critical data and processes to be protected, and identify the best possible partners to work with. The way forward, he said, is to use “more integrated solutions.” “Doing more of the same and expecting a different response is just not going to work,” he said. “I don’t understand why we are not using more integrated solutions between the government and the private sector,” which should be working together to learn from each other’s experiences. Unlike the aviation industry, for example, where every incident is analyzed and widely reported, he said, “in cybersecurity we don’t learn from every incident. We need a new model, where the pain of one benefits many. But today, the pain of one is constantly repeated over and over again.“ See: https://www.timesofisrael.com/us-iran-tensions-show-cyberattacks-becoming-part-of-warfare-ex-nsa-chief/