by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : December 2013
CYBEREYE BY WILLIAM JACKSON THE RELATIONSHIP be- tween the United States and China in cyberspace has been anything but chummy lately. Many in this country see China as a major source of sophis- ticated attacks against our commercial and government infrastructures. China responds that it s not coming from them, and that they are getting hacked also. This has resulted in a poison- ous atmosphere that the East- West Institute calls a "serious challenge" to the friendship and prosperity of both coun- tries. "Such accusations and arguments have fueled escala- tions so that the relationship is now strained, making even routine dialog apprehensive," says a report produced for EWI s recent World Cyberspace Cooperation Summit IV. "Nei- ther side is comfortable with the policies and practices of the other." The paper, written by Karl Frederick Rauscher and Zhou Yonglin, o ers what they call "practical, down to earth guid- ance" for normalizing cyber relations between the two countries. What it boils down to is: "stu happens;" cyber- space is no di erent from any other political or diplomatic domain and each country should accept that. The report does not address who is responsible for launch- ing attacks against whom, and nowhere does it suggest that either side stop hacking the other. But it does acknowledge that unrestrained hacking for criminal or political purposes strains relationships. Both the United States and China are rich in potential targets and at- tack platforms, and the prevail- ing tone of discussion between them has been one of suspicion and blame. Ten recommenda- tions are o ered to help estab- lish trust and develop e ective countermeasures to improve cybersecurity. The initial recommenda- tions establish a framework of trust, based both on formal policy and behavior. These are basic steps, the authors say, but basics to date have been neglected, creating a crisis environment. The remaining recommenda- tions define how each country addresses threats and national interests in cyberspace. The most interesting are: • Separate critical humanitar- ian assets in cyberspace. This would remove noncombatants from the line of fire in a cyber- war, much like giving institu- tions such as hospitals special status in a war zone so that they are not attacked. • De-clutter espionage expec- tations. Basically, this means accept the fact that espionage will occur in cyberspace and that national security assets will be targets, just as in the real world. We might not like it, but we have learned to live with it in the three-dimension- al world, and can live with it online as well. • Prepare su ciently, react quickly and summarize seri- ously. In other words, defend adequately rather than just complaining after the fact of a breach. What the report essentially recommends is extending ex- isting models for political and diplomatic relationships into cyberspace. Human history demonstrates that political and diplomatic relationships can fail, resulting in military action. But it also shows that these relationships can avoid war, as in the case of the major superpowers since 1945. The recommendations in the report might not stop any hacking, but they could help produce a healthier environment for ad- dressing the issue. • TRUST BUT HACK: A PLAN FOR US-CHINA CYBER RELATIONS 14 GCN DECEMBER 2013 • GCN.COM CAN IT STAFF, USERS AGREE ON SECURITY? It is no shock to learn that end users and IT security people often do not see eye to eye. And a recent survey indicates that the divide between users and defenders could be undermining federal cybersecurity. The survey --- of 100 federal security professionals and 100 end users in agencies --- was conducted by MeriTalk in August and contains a few telling points: • 31 percent of end users admit to regularly circumventing what they see as unreasonable security restrictions. • Security people estimate that 49 percent of agency breaches are caused primarily by a lack of user compliance. • User frustration equals security risks. The greatest pain points for users --- Web sur ng and downloading les --- produce the most agency breaches. The results con rm a disconnect that has long existed, said Tom Ruff, public sector vice president at Akamai Technologies, which commissioned the study. Ensuring a user- friendly experience ranked last among the priorities of security professionals, and that probably is as it should be, Ruff said. But the survey found that 95 percent of users believe that cybersecurity is an absolute necessity, so as long as users understand the reason for a speci c policy or process, they probably will accept it. "The more transparent the security policy is, the easier it will be to address the divide," Ruff said. -- William Jackson