Europa Calling: Community Cybersecurity

By Klara Jordan

In its 30 May 30 2015 article the Washington Post brilliantly recounts the story of how the early founders of the internet saw its promise but didn’t foresee its dark side – namely that the open nature of the internet will enable users to attack each other. The internet pioneers were hoping to secure what they created through individual vigilance and the shared responsibility of the connected community. This vision dissipated in 1988 with the Morris worm, the first major worm attack and the first distributed denial-of-service (DDoS) attack that knocked out portions of the internet and caused millions of dollars in damage.

30 years later, and billions spent on trying to address the symptoms of the fundamental flaws of the internet, there is a new type of “community organisation” trying to address those issues and revive the vision of those internet pioneers of shared responsibility for internet security.

Who are these organisations, and what are the challenges they are particularly well-suited to address?

Since the inception of the internet, several actors have been active in the quest to secure its infrastructure. Protocol suppliers, hardware and software developers, operators, security researchers, security providers – including national governments and the private sector – each with various incentives and force to secure the internet and address the security symptoms of its open nature. Despite the time and resources spent in this area, we have seen efforts that continue to treat only symptoms of insecurity, going after one attack, one actor, one breach, one event at a time.

At some point in early 2000, the term “whole-of-society” approach made its way into cybersecurity conversations simply meaning that cybersecurity is everyone’s responsibility, and we have witnessed a wave of nonprofit organisations in this space. Their role was to support the ecosystem mostly through exchange and promotion of best practices for providing security,  security research, and cybersecurity awareness activities.

Some, like the Global Cyber Alliance (GCA) founded in 2015, took the model of an internet laboratory to explore which security challenges, can be addressed at scale. GCA is defending the internet through active engagement with those who believe, like the founding fathers of the internet, that shared responsibility of the connected community is the only way forward. This is especially acute now with the innumerable value and impact of systems connected to the internet and the information it carries.

In the spirit of active co-creation with the public and private sector and other members of the nonprofit community, GCA delivered deployable and scalable tools that address some of the fundamental flaws of the internet, such as:

Openness: TCP/IP is the protocol a computer uses to access the internet. The inherent flaw dating back to initial concepts of internet pioneers is its openness. In practice, the protocol uses the address of a device to connect it to the internet, but it also uses the same address to identify the device. This makes the address very “spoofable” – allowing a malicious actor to send messages with an IP address indicating its coming from a trusted sender. The current protocol allows  a malicious actor to impersonate almost anyone.

DMARC (Domain-based Message Authentication, Reporting and Conformance) – a readily available protocol to address this challenge – has not been widely deployed due to complexity and misconceptions. GCA wanted to be accessible to everyone and created the step-by-step DMARC Setup Guide, available in 18 languages, to help organisations of all sizes to implement DMARC.

Relative anonymity: In the early days of the internet, one computer contacted another computer on the network by looking up its numerical (IP) address and then typed it in. To allow for the expansion of the internet – by allowing websites to be looked up by their name and eliminate possibility of human error – the Domain Name System (DNS) was introduced in 1983. Today every internet communication involves a lookup for the destination server the user wants to visit. DNS is the “phonebook” of the internet which connects the name of the website that’s easily recognizable and usable (e.g. to an IP address so the browser can load the website the user wishes to visit. Because the number of websites and IP addresses associated with them an average user has no way of knowing which address his search engine accessing.  An average user has no way of knowing whether the website they are accessing and appears to be legitimate is what it appears to be and is secure to access. Credit card information, social security numbers, and other sensitive and personal information gets stolen every day through users accessing malicious websites.

GCA, in collaboration with IBM and Packet Clearing House (PCH), created Quad9 – a free, recursive, anycast DNS platform that prevents the user from accessing malicious sites. Quad9 routes the DNS queries through a secure network of servers around the globe based upon threat intelligence from more than 18 of the industry’s leading threat intelligence companies to give a real-time perspective on what websites are safe and what sites are known to include malware or other threats. If the system detects that the site the user wants to reach is known to be infected, they will automatically be blocked from entry – keeping the data and computer safe.

Part of what makes Quad9 unique is its dedication to the privacy of the user.  No personally identifiable information (PII) is collected from the user, and user IP addresses are not stored to disk. And just this week, Quad9 announced Quad9 Connect, a mobile app for the more than 2.5 billion users of smartphones and other mobile devices built on Android, giving them the same protection and privacy.

These tools have been developed through engagement, discussions, and input from the larger community to ensure that GCA is addressing the unique challenges of our connected world, at scale.

On 8 May 2019, GCA gathered for the third time with its UK and European-based community for a forward looking conversation on what challenges the community is in the best position to take on together. Stakeholders from industry, government and the research community gathered to look at the current trends in cybersecurity and what’s on the horizon. This event was an opportunity to assess and discuss which of the current systemic cybersecurity threat trends will be best addressed by a large set of stakeholders and, contrarily, which of them cannot be immediately addressed, either because there is no solution to them or because no single vendor or government has the capacity to even initiate the process.

Two themes resonated thought the event. Speakers from all walks of cybersecurity agreed that these issues can only be effectively addressed through a community approach.

Comprehensive understanding of the cyber threat landscape: Currently, information about cybersecurity events is underreported and even when it is, it is done so and analyzed in silos, preventing the community to gain a comprehensive understanding of campaigns of malicious actors – be it nation states, criminal actors, or individuals acting independently or on behalf of organized entities. Without a comprehensive understanding of the threat landscape, it remains a challenge to mount a comprehensive national deterrence (by denial or at the strategic level), defence, or response campaigns. Several speakers from the law enforcement community highlighted that the rates of cybercrime reporting were particularly low. According to Commissioner Ian Dyson, City of London Police, only 10-12% of cybercrime is being reported. This not provide a comprehensive threat landscape, but it is detrimental to ensure the prevention of re-victimization. If the victims don’t come forward, there is no way to provide them with resources and support to break the cycle.

There are several initiatives supporting the sharing and utilization of shared information. GCA, for example serves as a hub that uses threat intelligence from more than a dozen of the industry’s leading cyber security companies for its Quad 9 tool. The Cyber Threat Alliance, a member-based organisation, coordinates sharing of timely, actionable information amongst its members. All these, and many other projects should grow internationally and involve actors from other verticals in sharing the information. A separate issue becomes the quality of the information and intelligence shared, the issue of actionable threat intelligence, and the ability of organisations to act upon the information received.

Understanding and protecting the supply chain, especially its weakest links: Target breach – through a breach of a supplier system – brings the need to think about the cybersecurity practices of each partnership an organisation has to the forefront. Supply-chain security – whether software, hardware, physical, or that of the partners – is a rich topic, considered mostly by large organisations with sophisticated management systems and organisations.

Small businesses are oftentimes the weakest link and expose a larger organisation to vulnerabilities. They are also the backbone of the economy and use the supply chain to access global markets.  Speakers at the event highlighted the need to help small businesses to better protect themselves, so they can be a responsible supply-chain partner and continue to fuel the economy and create jobs.

Many organisations are active in this space and continue to make contributions to support the security of small businesses in the supply chain. For example, the Scottish Business Resilience Center provides resources, including cybersecurity resources, to create a secure environment where businesses can trade securely. The Global Cyber Alliance created a free resource, the Cybersecurity Toolkit for Small Business, to help small organisations implement the basic cyber hygiene.

The 2019 Cyber Trends event highlighted the need to continue community engagement to think about – and more importantly implement – measures and tools to strengthen the global cyber ecosystem. We are looking forward to engaging with our community throughout 2019 to continue this work and look forward to gather them again in 2020.


The author, Klara Jordan, is the Director, EU at the Global Cyber Alliance. You can follow her on Twitter at @JordanKlara or connect with her on LinkedIn.