Forwarded from: VytautasB@private Dear Colleagues, Mr. Poulsen's article reminds me of a conference I attendend recently. On March 15-17 I participated at the George C. Marshall European Center for Security Studies Conference on the Political-Military Dimensions of Cyber Security http://www.marshallcenter.org/site-graphic/lang-en/page-conf-summary-index/x docs/conf/conference-summaries/0412/0412.htm . It was a very interesting and thought provoking conference that was co-sponsored by HQ EUCOM and the US DoD's Directorate of Information Assurance. Speakers came from a wide range of US and European institutions and included private industry as well. The sum of all the discussions really brought out the vulnerability of national infrastructure to cyber atttack. One german firm demonstrated a simulator that showed what happens to a country's infrastructure when the electricity runs out (in 12 hours there is no more water being pumped, after some time the transportation system fails etc,) After each day's plenary session we broke up into work groups to discuss responses to various cyber security scenarios. The work group which I was appointed to lead came up with the idea of preparing a draft statement on cyber security. Unfortunately we could not put the statement to a plenary vote since by the end of the conference we were still waiting for German and Russian translations of the text. The Marshall Center's administration was also uncomfortable with the idea of commiting the participants to some sort of binding document. So the draft Statement was never adopted and does not have the approval of the Marshall Center nor of the other co-sponsors. For your information I will enclose a draft copy of the text (see below). Maybe you or your colleagues would care to comment on it? Is there a need for an international body to deal with the cyber threat or is it enough to just rely on regional organisations like the European Union's ENISA and the proposed Convention mentioned in Mr. Poulsen's article or the G8's High Tech Crime Sub-group? International cooperation in fighting air piracy or hijacking has been successful. Sincerely yours, Vytautas Butrimas Deputy Chief Communications and Informations Systems Service Lithuanian Ministry of National Defense Vilnius, Lithuania **************************************************************** **************************************************************** Draft version 1.7 STATEMENT ON CYBER SECURITY We the information security officials from 31 countries participating at the George C. Marshall European Center for Security Studies Conference on The Political-Military Dimensions of Cyber Security held in Munich, Germany on March 15-17, 2004, recognize: that our Governments, industries, and public service sectors depend on information technology and telecommunications (ITT) to perform their functions, that our ITT infrastructure is dangerously vulnerable to electronic or cyber attack from hostile states, terrorists, criminal activities, and computer hackers , that the scale of the threat has both national and international dimensions, that there is a lack of an international legal framework for the prevention and defense against cyber attack, that a credible and effective defense requires international cooperation , and have agreed to encourage the United Nations to initiate the creation of an international body for the management of cyber security events, risk and prevention. This body should take under consideration the development of cyber security proposals based upon existing models that have been successful in dealing with the problems of other sectors such as the Stanford Agreement on air piracy and the World Health Organization on health issues. In addition, the participants at this conference agree to promote this statement in their nations. Adopted* in Munich, Germany on March 17, 2004 *N.B. "Adopted" Only mentioned in the draft text and was not put to an actual vote. Meant for review and study only. (V. Butrimas) ************************************************************** **************************************************************** -----Original Message----- From: InfoSec News [mailto:isn@private] Sent: Monday, April 26, 2004 9:34 AM To: isn@private Subject: [ISN] US defends cybercrime treaty http://www.theregister.co.uk/2004/04/24/us_defends_cybercrime_treaty/ By Kevin Poulsen, SecurityFocus Published Saturday 24th April 2004 Critics took aim this week at a controversial international treaty intended to facilitate cross-boarder computer crime probes, arguing that it would oblige the US and other signatories to cooperate with repressive regimes - a charge that the Justice Department denied. The US is one of 38 nations that have signed onto the Council of Europe's "Convention on Cybercrime," but the US Senate has not yet ratified the measure. In a letter to the Senate last November, President Bush called the pact "the only multilateral treaty to address the problems of computer-related crime and electronic evidence gathering." The treaty, "would remove or minimize legal obstacles to international cooperation that delay or endanger U.S. investigations and prosecutions of computer-related crime," he said. Drafted under strong US influence, the treaty aims to harmonize computer crime laws around the world by obliging participating countries to outlaw computer intrusion, child pornography, commercial copyright infringement, and online fraud. Another portion of the treaty requires each country to pass laws that permit the government to search and seize email and computer records, perform Internet surveillance, and to order ISPs to preserve logs in connection with an investigation. A "mutual assistance" provision then obligates the county to use those tools to help out other signatory countries in cross-border investigations: France, for example, could request from the US the traffic logs for an anonymous Hushmail user suspected of violating French law. [...] _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Mon May 03 2004 - 03:14:53 PDT