Home / Blogs

WannaCry: Patching Dilemma from the Other Side

Peixi (Patrick) XU

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma.

The first dilemma is about the appropriateness and legitimacy of state's exploitation of industrial software vulnerabilities. For the government experts who are writing the norms for responsible state behavior in cyberspace at the UN level, should such exploitation be considered as responsible or reasonable or as damaging cyber stability? There is a general division of ideas about this point among different nations.

Many cyber powers have actually acknowledged and approved the legitimacy of state behavior like that. The fact that they have founded their cyber force implies that message. Many other nations are uncomfortable about the militarization of the cyberspace and choose to condemn any behavior towards such a direction. They either have not fully grasped the complexity of the situation or lack the capability to face the strategic challenges. This division has significantly reduced room for UN GGE talks on norms of state behavior.

The second dilemma is about non-proliferation of the state's cyber weapons. The previous GGE report has recommended that States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful functions.

However, unlike nuclear weapons or missiles, the spread of the malware is much easier and faster, taking a non-conventional route. Compared with the conventional weapons, the cyber ammunition of a state seems to be much more vulnerable to invasion from other actors. An individual Robin Hood could shake the whole system. This has made future talks on disarmament and non-proliferation of cyber weapons harder. The division of opinions on the first dilemma has made it even more difficult to solve the dilemma on non-proliferation.

An interesting phenomenon in the case is that Microsoft is presenting patches both in terms of code and in terms of policy and law by calling for, on earlier occasions this year, a Digital Geneva Convention, a Tech Accord, and an Attribution Council.

By Peixi (Patrick) XU, Associate Professor, Communication University of China

Related topics: Cyberattack, Cybercrime, Cybersecurity, Internet Governance, Malware, Policy & Regulation


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

DNS Security

Sponsored by Afilias

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

Promoted Posts

Buying or Selling IPv4 Addresses?

Discover ACCELR/8, a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s. more»

Industry Updates – Sponsored Posts

Join Neustar's Town Hall Meeting and Help Shape the Future Of .US

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks