Home / Blogs

WannaCry: Patching Dilemma from the Other Side

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.
Peixi (Patrick) XU

WannaCry, originated firstly in state projects but spread by other actors, has touched upon myriads of infrastructure such as hospitals, telecommunication, railroads that many countries have labelled as critical. IT engineers are hastily presenting patching codes in various localized versions. The other patch needed, however, is more than technical. It is normative and legislative. The coding of that patch for a situation like this is in two layers of dilemma.

The first dilemma is about the appropriateness and legitimacy of state's exploitation of industrial software vulnerabilities. For the government experts who are writing the norms for responsible state behavior in cyberspace at the UN level, should such exploitation be considered as responsible or reasonable or as damaging cyber stability? There is a general division of ideas about this point among different nations.

Many cyber powers have actually acknowledged and approved the legitimacy of state behavior like that. The fact that they have founded their cyber force implies that message. Many other nations are uncomfortable about the militarization of the cyberspace and choose to condemn any behavior towards such a direction. They either have not fully grasped the complexity of the situation or lack the capability to face the strategic challenges. This division has significantly reduced room for UN GGE talks on norms of state behavior.

The second dilemma is about non-proliferation of the state's cyber weapons. The previous GGE report has recommended that States should seek to prevent the proliferation of malicious ICT tools and techniques and the use of harmful functions.

However, unlike nuclear weapons or missiles, the spread of the malware is much easier and faster, taking a non-conventional route. Compared with the conventional weapons, the cyber ammunition of a state seems to be much more vulnerable to invasion from other actors. An individual Robin Hood could shake the whole system. This has made future talks on disarmament and non-proliferation of cyber weapons harder. The division of opinions on the first dilemma has made it even more difficult to solve the dilemma on non-proliferation.

An interesting phenomenon in the case is that Microsoft is presenting patches both in terms of code and in terms of policy and law by calling for, on earlier occasions this year, a Digital Geneva Convention, a Tech Accord, and an Attribution Council.

By Peixi (Patrick) XU, Associate Professor, Communication University of China

Related topics: Cyberattack, Cybercrime, Internet Governance, Malware, Policy & Regulation, Cybersecurity

 
   

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Afilias Mobile & Web Services

Mobile Internet

Sponsored by Afilias Mobile & Web Services
Afilias

DNS Security

Sponsored by Afilias
Verisign

Cybersecurity

Sponsored by Verisign

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

MarkMonitor Supports Brand Holders' Efforts Regarding .Feedback Registry

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?