4 septembre 2018 | International, C4ISR

'Five Eyes' allies urge digital industry to stop child pornographers, terrorists

Kathleen Harris · CBC News

Canada and security allies say illicit material is flourishing and easily accessible on the web

Canada and its "Five Eyes" intelligence allies are calling on the digital online industry to take urgent action to stop child pornographers, terrorists and violent extremists from finding a platform on the internet.

After meetings in Australia, ministers from that country, Canada, New Zealand, the U.S. and U.K., issued a statement claiming the group is as determined to counter the "grave threats" online as they are to dealing with them in the physical world.

"Our citizens expect online spaces to be safe, and are gravely concerned about illegal and illicit online content, particularly the online sexual exploitation of children. We stand united in affirming that the rule of law can and must prevail online," reads the joint communique issued Wednesday.

Public Safety Minister Ralph Goodale, Immigration Minister Ahmed Hussen and Justice Minister Jody Wilson-Raybould attended the meetings.

'New vectors for harm'

The joint statement says the anonymous, instantaneous and networked nature of the web has magnified threats and "opened up new vectors for harm." It also notes that the evolution of digital technology has created new opportunities for transmitting child exploitation material and perpetrating the most abhorrent acts, such as live streaming abuse.

The statement says illicit material is not relegated to the recesses of the dark web, but is accessible through most common top‑level domains. Mobile technology has enabled offenders to target children using apps to recruit and coerce children.

"The low financial cost, and the anonymized nature of this criminal enterprise, is contributing to a growth in the sexual exploitation of children. We must escalate government and industry efforts to stop this," it reads.

Lianna McDonald, executive director of the Canadian Centre for Child Protection welcomed the joint statement.

"Our organization has been engaging directly with survivors of child sexual abuse who endure lifelong impacts from the recording and sharing of their abuse on the internet," she said in an emailed statement "Collaboration across borders and with all sectors, including industry, is essential if we are to make meaningful progress in this space and address this heinous crime."

Tackling terrorist fundraising

The communique also pledges to do more to prevent terrorists and violent extremists from spreading materials designed to radicalize, recruit, fundraise and mobilize.

 

Actions urged by the Five Eyes group include:

  • Developing and implementing capabilities to prevent illegal and illicit content from being uploaded, and to execute urgent and immediate takedown measures when there is an upload.
  • Deploying human and automated capabilities to find and remove legacy content.
  • Investing more on automated capabilities and techniques, including photo DNA tools, to detect, remove and prevent reupload of illegal and illicit content.  
  • Building user safety into the design of all online platforms and services.

Allen Mendelsohn, an internet law specialist and lecturer at McGill's law faculty, said because child porn is universally deemed reprehensible, he expects mounting governmental and public pressure could prompt tech companies to act.

But, he said in past, they have resisted any steps to remove content, citing the "slippery slope" argument.

"They are loathe to take any sort of action that would be seen as removing or not displaying any particular content that has been uploaded by users," he said. "They have taken the longstanding position that user content is the user's responsibility, not the platform's responsibility."

 Mendelsohn said the issue is complicated because there are differing laws and views internationally on what constitutes crossing the line for the internet.

https://www.cbc.ca/news/politics/SOMNIA-1.4803122

Sur le même sujet

  • France’s new cyber defense ‘conductor’ talks retaliation, protecting industry

    1 octobre 2019 | International, C4ISR, Sécurité

    France’s new cyber defense ‘conductor’ talks retaliation, protecting industry

    By: Christina Mackenzie  PARIS — Maj. Gen. Didier Tisseyre is France’s new cyber defense force commander — the “conductor” of an orchestra made up of military officials and the domestic defense industry, as he puts it. Cyber Defence Command was created in 2017 and was expanded in January when Armed Forces Minister Florence Parly announced France will develop and deploy offensive cyber weapons. Tisseyre took on the lead role Sept. 1 from his predecessor and most recently served as the deputy to that former commander. He spoke to Defense News earlier this month in a meeting room at the Armed Forces Ministry. What is your role as the head of Cyber Defence Command? I am a conductor, and my orchestra is made up of the Army, Navy and Air Force chiefs of staff, ANSSI [France’s National Agency for the Security of Information Systems], and defense industry leaders. We must protect our systems, be robust, be resilient because if France’s vital interests are attacked, then the armed forces must be able to react. Our weapons systems, our command systems are all computer-controlled. This makes them powerful and effective but also vulnerable, so we must be able to protect them. And today this protection must be as global and end-to-end as possible. This means that everyone in the Ministry of the Armed Forces must work together, and there must be a conductor to coordinate the protection and the defense of our interconnected networks. That is my job I have a staff and a number of specialized units who contribute to this defense and coordinate it. But within each armed force — the Navy, the Army, the Air Force — there are cyberwarriors who liaise with us to defend their systems. We work very closely with ANSSI, exchanging information so that we can anticipate future attacks. We also work closely with our fellow NATO members, our bilateral partners and other international organizations. The idea is to be able to anticipate and not just to react. What does France consider a top cyberthreat?   Cyberspace is a very positive place for bringing people together and is wonderful for the economy, for arts and so on. But precisely because it brings thousands of people into contact with each other, it is also used to get money fraudulently, to influence, to destabilize, to spread ideologies. And even if we must maintain freedom of expression, there are certain things in France which cannot be said publicly — [incitement to ethnic and racial hatred, for example]. Our principle is that everything that happens in real life is transposable into cyberspace, so for France and many other countries, the law is just as applicable in cyberspace as it is in real life. But because there is a general impression that no rules apply in cyberspace, then individuals and groups use it for criminal activities, spying, destabilizing electoral processes. And the question arises as to whether these individual or groups are being backed by states. As a member of the armed forces, my duty is to be paranoid and assume that the cyber enemy may have a strong, state-backed criminal intent to prepare conflicts, and so that is what we must be prepared for. How do you anticipate the ways imaginative hackers will act? By hiring imaginative youngsters ourselves. Our cyberwarriors have to be extremely motivated to protect the ministry’s systems and France, obviously. They must have very specialist IT technical or social media know-how, or be brilliant intelligence gatherers. A lot of what is said on social networks allows us to learn about our enemy, to anticipate possible attacks, or even enables us to hinder their propaganda, particularly on our theaters of operation in Africa or the Levant, for example, where part of our mission is to stop jihadist groups from recruiting. Our cyberwarriors have to have a particular frame of mind because we are not asking them to configure the network or equipment, we are really in a combat situation in cyberspace. We work on operations to defend or to undertake offensive actions to protect our systems, our freedom to act, to guarantee the sovereignty of our systems. Is France confronting specific threats that are different from those faced by other countries? Fundamentally, no, because we are all cyberattacked by people trying to block our computers, and attackers are becoming increasingly sophisticated in their ways of hacking. How does France respond? We must be prepared to react. But France considers that attributing an attack — notably where advanced persistent threats, [or APT], are concerned — is a very political, highly sensitive thing to do. APT can be the work of individuals seeking ways to make money, or being paid by others and potentially linked to intelligence services of other nations. If an organization such as NATO is attacked, then France is, by principle, against collective attribution. Each member of the organization must agree that the attacking individual or group is taking its orders from a state because attribution of blame, as I said, is highly political: You’re designating a state as being responsible for attacking another one, and that has a very strong impact. You have to be able to prove it, and the state that has been blamed might not appreciate having the finger pointed at it. In the physical world when an aircraft crosses into another nation’s airspace or a vehicle crosses a border, there is concrete proof: radar, photographs and so on. The difficulty in cyberspace is that it’s very easy to pass oneself off as somebody else and to hide one’s tracks; [just] because an APT is perpetrated by attackers physically present in one country, that [doesn’t mean] they were taking their orders from that country. Here’s an example to illustrate my point: They could use a server in Germany to send the data to the U.K., which then rebounds in France and finally attacks the United States. So Washington would try and work back to see where the attack came from and would eventually discover that it came from Germany, but that doesn’t mean the order to attack came from Germany. In cyberspace, leads very quickly get entangled. So we really have to be extremely careful about a hack-back before thorough due diligence has been undertaken. What France wants is that each member state validates the blame before the finger is pointed. We are against the idea that just because one member blames a state for attacking it, that NATO takes it as a given and invokes Article 5 of the NATO treaty, [which calls for collective action if a member state is attacked]. What would happen if France is attacked? It depends. If France thinks that the attack came from a state and wants a collective reaction from NATO, then there’d be a whole lot of discussions about the risk of escalation, Article 5, the right to self-defend and so on. These notions involve significant commitments for countries, and so we want things to be clearly defined where cyberspace is concerned: What is an attack? Who was targeted? What are the consequences of the attack? Did it touch the physical integrity of nationals of the country? Were the operating systems of a hospital or a power station impacted? We want to take into account the economic or human impact of the attack and the nature of the attacker: Was it an individual having fun? Was it a group, and what were its motivations? Was it a jihadist group with terrorist intent, or was it outright a state pre-positioning itself for future conflicts or trying to wield influence? France wants things to be clear. We want to establish how international laws apply to cyberspace, and as I mentioned earlier, we insist on due diligence. Could you explain what you mean by “due diligence”? If, for example, France sees that it has been attacked via a server in Germany, then “due diligence” means that instead of us simply hacking Germany back, we would ask the authorities in Berlin to act to stop that server being used. So even if, within NATO, a member state is attacked, then France holds that that state is not authorized to hack back without due diligence being undertaken first. It’s a bit complex, but we’ve listed the types of attack, the principle of digital sovereignty, the references to the Tallinn Manual — [the independent academic research product authored by an international group of about 20 experts to guide how international law applies to cyber conflicts and cyberwarfare]. And we’ve positioned ourselves with regards to this, and in certain particular cases have said, “Be careful, our interpretation of X is slightly different for these reasons,” and we explain why. We also explain that we consider an attack on information systems in France is an attack on our national sovereignty. That gives us the right to riposte, not necessarily in a cyber way but it could be a diplomatic response or an economic one ― it depends on the nature of the attack and the impact it has and on the attacker himself, what his motivations were and in what framework the attack took place. How does the ministry work with industry? The ministry knows how to defend itself, and we have the right, within a very strict framework, to undertake offensive cyberattacks in foreign operations. The attacker knows that a direct attack on us is thus likely to fail. So he will ruse. He’ll attack the weak link: the defense industry, notably the subcontractors that may only make a small component of a weapon or an IT system. He’ll put a virus or malware in that subcontractor’s system, and it will progressively make its way into the major contractor’s system and then into the weapon system. And as all these are interconnected, then this is how we would be attacked. So we need to have confidence in the entire supply chain, and we are on the verge of signing a convention with industry aimed at raising general awareness of this risk at every level of industry. France has allocated €1.6 billion (U.S. $1.8 billion) to cyber defense in its 2019-2025 military program law. What are the main spending priorities? To ensure that the system is protected and defendable. Until recently, we concentrated on the functionality of the system: what it was designed to do and who for (the Air Force, the Navy, the Army, etc.). And making the systems secure was an additional layer to the basic functions, so if funds ran out, then sometimes the layer would be only half done or had holes in it. Today we are aware that there is such vulnerability in computer systems that security has to be built in by design. It’s part and parcel of the functionality of the system. We’re also spending money on the detection of attacks. Our network has sensors in it to detect whether anyone is using the network who shouldn’t be. We’re working on the characterization of attacks, which means we’re collecting data on malware — a bit like a laboratory that might keep a sort of library of viruses and bacteria — to be able to quickly establish what type of attack is being undertaken and therefore what the best “medicine” is for it. And of course we’ll be hiring another 1,000 cyberwarriors between now and 2025. https://www.fifthdomain.com/international/2019/09/30/frances-new-cyber-defense-conductor-talks-retaliation-protecting-industry/

  • DISA releases draft solicitation for $11.7 billion IT contract

    9 septembre 2020 | International, C4ISR, Sécurité

    DISA releases draft solicitation for $11.7 billion IT contract

    Andrew Eversden WASHINGTON — The U.S. Defense Information Systems Agency released its draft request for proposals Sept. 4 for a single-award contract potentially worth $11.7 billion to consolidate the networks at 22 Pentagon agencies. The 10-year, indefinite delivery, indefinitely quantity contract from DISA, called Defense Enclave Services, will transition many so-called fourth estate agencies to common IT systems under a single vendor. Fourth estate agencies are Defense Department entities that do not sit squarely under the military departments, such as the Missile Defense Agency or the Defense Logistics Agency. DISA’s effort is meant to reduce redundant IT costs, improve cybersecurity and standardize IT support services among the fourth estate agencies. “DISA desires to partner with industry to provide commercial Information Technology (IT) services, decrease redundant IT costs, enhance cybersecurity posture, and standardize IT services across disparate networks,” the draft RFP stated. “Defense Enclave Services will unify the 4th Estate’s Common Use IT systems, personnel, functions, and program elements associated with the support of those systems and technologies under a Single Service Provider (SSP) architecture managed, operated, and supported by DISA.” Under the draft RFP, the single provider will provide “all required transition, infrastructure, network operations and management engineering and innovation, cybersecurity, and technical refresh support services" under nine performance areas. Migration to a consolidated network will take place in two phases. Agencies involved in the first phase will complete “integration and sustainment” by fiscal 2025, and those involved in the second phase will complete migration by fiscal 2026. The network will include the Non-classified Internet Protocol Router Network and the Secret Internet Protocol Router Network. DISA estimates the performance period will be from Dec. 7, 2021, to Dec. 6, 2031, with a four-year base period and three two-year options. According to a pre-solicitation industry day script from August, five agencies will be part of the first task order: Defense Media Activity, Defense Technical Information Center, Defense Information Systems Agency, Defense POW/MIA Accounting Agency and Defense Microelectronics Activity. Those five components include 20,000 users, 81 global sites and 40,000 end points, the presentation stated. DISA has been under pressure from lawmakers and top Pentagon officials in recent years to find ways to save money. Last year, DISA officials told reporters that the agency’s Fourth Estate Network Optimization initiative would provide cost savings to the agency. The initiative was directed by the deputy secretary of defense in August last year. Phase one agencies include: Defense Information Systems Agency (DISA-HQ) Defense Technical Information Center (DTIC) Defense Prisoner of War/Missing in Action Accounting Agency (DPAA) Defense Microelectronics Activity (DMEA) Defense Media Activity (DMA) Defense Information Systems Agency (DISA-Field Sites) Defense Contract Management Agency (DCMA) Defense Contract Audit Agency (DCAA) Defense Human Resources Agency/Defense Manpower Data Center (DHRA/DMDC) Defense Finance and Accounting Service (DFAS) Defense Threat Reduction Agency (DTRA) Defense Logistics Agency (DLA) Defense Advanced Research Projects Agency (DARPA) Missile Defense Agency (MDA) Phase two agencies include: Defense Health Agency (DHA) Defense Legal Services Agency (DLSA) Defense Security Cooperation Agency (DSCA) Defense Technology Security Agency (DTSA) Joint Chiefs of Staff (JCS) Office of Secretary of Defense (OSD) Personnel Force Protection Agency (PFPA) Washington Headquarters Services (WHS) Joint Service Provider (JSP) According to the posting on beta.sam.gov, the final RFP will be released the last week of September. https://www.c4isrnet.com/it-networks/2020/09/08/disa-releases-draft-solicitation-for-117-billion-it-contract/

  • Le Suédois Saab propose de remplacer les avions de combat Eurofighter autrichiens par 14 JAS-39 Gripen - Zone Militaire

    2 mai 2022 | International, Aérospatial

    Le Suédois Saab propose de remplacer les avions de combat Eurofighter autrichiens par 14 JAS-39 Gripen - Zone Militaire

    En 2003, l'Österreichische Luftstreitkräfte avait exprimé une préférence en faveur d'une offre faite par le suèdois Saab, laquelle consistait à lui livrer

Toutes les nouvelles