At a glance.
- Cyberspace Solarium previews good-government recommendations to "define, develop, defend, and deter."
- The EU uses its Rapid Alert System against coronavirus disinformation.
- US State Department plans to send Ukraine $8 million to help build cybersecurity capability.
- How not to engage a threat actor legally.
"Define, develop, defend, and deter."
The Cyberspace Solarium, the US blue-ribbon policy commission, previewed its recommendations yesterday. The commissioners promised, the Hill says, seventy-five specific recommendations for cyber strategy when they report later this month. The Solarium’s co-chair, Senator Angus King, Democrat of Maine, summed up the Solarium’s goal as “define, develop, defend, and deter,” foretelling an alliterative report. The Commission is working to “define a structure whereby we’re going to confront this challenge,” and develop relationships with allies so these norms can be applied internationally. That structure will encompass not only approaches to stopping cyberattacks, but also plans for continuity and resilience when attacks succeed. We’ll never completely prevent successful cyberattacks, and that, the Senator said, is why deterrence forms another essential component of the recommended framework.
A few of the specific recommendations our correspondent heard at yesterday's session will be that election officials use paper ballots, that a fifth, non-partisan member be added to the US Election Assistance Commission to break the deadlock too often achieved by the EAC’s current two-Democrat, two-Republican membership, and that the US embark on a civic education program to make citizens more skeptical about disinformation.
The Cyberspace Solarium’s final report is expected out next week, on Wednesday, March 11th.
Europe engages its Rapid Alert System in response to coronavirus disinformation.
The European Union has used its Rapid Alert System, an approach to controlling disinformation by information-sharing and coordinated messaging, to respond to widely distributed fake news about COVID-19, Euractiv reports.
Washington offers Kyiv funds to improve cybersecurity.
The US State Department has allocated $8 million in cybersecurity assistance to the government of Ukraine, according to the Hill. It’s a capability building project. Some of the promised $8 million will go to the US Agency for International Development’s cybersecurity project, which plans to invest $38 million over four years to build Ukraine’s cybersecurity capabilities. Washington and Kyiv have also for some time been engaged in cooperation against a common Russian cyber threat.
How not to engage a threat actor legally.
As we saw yesterday, the US Department of Justice has just published advice about how to collect intelligence in cyberspace and stay on the right side of US Federal law. Here's how not to do it. A guy in the UK who goes by the nom-de-hack "Jim Browning" hacked into an Indian call center's boiler room cameras and sent what he witnessed to the BBC. The scammers were in Delhi running the hoary old Microsoft Help Desk wheeze. As fed up as everyone may be with scam calls, cyberspace isn't law west of the Pecos (or for that matter even law east of the Wye). So don't try this at home, since it's illegal in at least the UK and the US, and probably just about everywhere else. But still, as the BBC doesn't actually say but succeeds in suggesting, it's pretty funny, and it probably looks about the way you imagined it would.