STANFORD — Governments and businesses spend $1 trillion a year for global cybersecurity, but unlike wartime casualties or oil spills, there’s no clear idea what the total losses are because few will admit they’ve been compromised. Cybersecurity leaders from more than 40 countries are gathering at Stanford University this week to consider tackling that information gap by creating a single, trusted entity that would keep track of how much hackers steal.
Chinese Minister Cai Mingzhao acknowledged there are issues of trust to overcome — with some U.S. cybersecurity firms pointing to attacks coming from the Chinese military. But he said countries must work together. “In cyberspace, all countries face the same problems and ultimately share the same fate,” he said.
Mingzhao also urged counterparts to establish new international rules for behavior in cyberspace, a move State Department cyberissues coordinator Christopher Painter said isn’t necessary.
“I don’t think we need a new global instrument for all these different issues,” he said, noting the adopting worldwide rules would take 5 to 10 years “and you end up with something that’s not as strong as what we have now.”
Painter, who spoke after Mingzhao, said a U.S.-China joint cybersecurity working group announced by Secretary of State John Kerry in April has already met once and is moving forward on cooperating against third party threats.
It’s crucial work, said Stanford University economics professor John Shoven, who directs the Stanford Institute for Economic Policy Research. He warned of the “tremendous disruption the lack of trust in the security of the Web would do to the economy.”
“We can’t let that happen,” said Shoven.
Sergio Benedetto, president of the Institute of Electrical and Electronics Engineers Communications Society, noted that the Internet can be mysteries for non-experts.
“For many diplomats and politicians, the world of cyberspace is still like a roomful of scattered puzzles,” he said.
Thus, he said, scientists need to be a part of important global discussions.
One key initiative many agreed on was to create the first worldwide, high level benchmarks for cybersecurity, in hopes of getting better assessments of the frequency and damages of cybersecurity compromises.
The Cyberspace Cooperation Summit was the fourth annual gathering sponsored in part by the EastWest Institute, a global security nonprofit organization.
Stroz Friedberg’s Executive Managing Director Erin Nealy Cox co-authored a plan with the Institute to aggregate losses and begin to identify the true costs of cybercrime.
“Our recommendations offer the means to break through the logjam that prevents effective data collection, analysis and reporting, and such global information and intelligence sharing is critical to bolstering security efforts around the world,” Nealy Cox said.