17 december 2010

Overheden moeten zo transparant en open mogelijk zijn, stelt Neelie Kroes. Dat is belangrijk én praktisch: met minder geheimen kan er ook minder uitlekken. Dat is een van de lessen die eurocommissaris Neelie Kroes trekt uit de ‘Wikileaks-saga’, zoals ze het lek van 250.000 geheime Amerikaanse ambtsberichten zelf omschrijft. De berg geheime telegrammen stonden op SiprNet, een besloten intranet van de Amerikaanse Defensie en Buitenlandse Zaken. Echt geheim was het niet: ten minste 2,5 miljoen ambtenaren en militairen hebben toegang tot die bestanden. Kroes: ‘From a cyber-security angle, this highlights the need for all organisations and individuals to protect themselves against threats to steal confidential information’. Maar, zo voegt ze er aan toe: ‘In parallel, we should also ensure that we, as governments and public administrations, are as transparent and open as possible. I think that is an important value, but it also has a major practical advantage: it reduces the amount of information that requires special protection’.

Kroes stipt nog een tweetal andere incidenten rondom ‘Cablegate’ aan, zoals het staken van de hosting van Wikileaks door Amazon en EveryDNS. Ze vraagt zich af: ‘Was there a violation of the terms of service by the various providers involved? Was the fact that those providers operated across various regions of the world, and therefore under different policy and regulations of ‘cloud computing’, relevant to their decision? When problems arise with globally distributed services all private operators and public authorities should be able to act with some legal certainty’. En ten slotte de talloze cyberaanvallen via DDoS op sites van Wikileaks en Wikileaks-blokkers, zoals PayPal, Mastercard en Visa. De informatie over hoeveel PC’s meededen aan deze aanvallen is onbetrouwbaar, constateert Kroes. ‘The number of computers used in the attacks was apparently relatively small (a few hundreds), although some figures reported in the press claimed over six times as many. This raises the question of the reliability of the information circulating about cyber-attacks. It also tells us that such attacks can be organised by just a few. However, the ‘victim’ services have also proved quite robust and agile, which demonstrates the resilience of the cloud architectures we have in place. Finally, although the LOIC software shares features with botnets (e.g. the PCs respond to a central command server), a key fact is that the PC owners have voluntarily made their computers part of a coordinated action. Those issues are for us all to examine’. De eurocommissaris van ICT-zaken benadrukt dat trans-Atlantische, publiek-private samenwerking cruciaal is om cybercrime te bestrijden en ‘de integriteit van het internet’ te beschermen. Daartoe is vorige maand de EU-US Working Group on Cyber-security and Cyber-crime in het leven geroepen. Naast ingebakken security hamert Kroes andermaal op het belang van privacy bij technologieën en bedrijfsprocessen. ‘Those who see these as a mere additional cost are short-sighted: today it is already a competitive advantage; tomorrow it will be a necessary requirement – for, when your bank account, your health records and your rights and duties as a citizen will be fully dependent on IT systems, no individual or organisation will want to buy or use IT products and services that do not have the highest security and privacy standards’.