Time to remove politics from cybersecurity research

Print Friendly, PDF & Email

All around the world researchers are working on identifying various types of malware and vulnerabilities that collectively threaten the foundations upon which modern businesses operate. Thanks to the efforts of cybersecurity experts working in academic institutions and private companies our cybersecurity defenses are stronger than they would be otherwise.

However, it’s also become painfully obvious that nation-states and cybercriminals are developing more advanced forms of malware that are becoming harder to detect. Case in point is malware dubbed Daxin that is optimized for use against hardened targets in a way that still allows attackers to burrow deep into a target’s network and exfiltrate data without raising suspicions. Described as the most advanced piece of malware attributed to cyberespionage activities emanating from China, Daxin hijacks legitimate TCP/IP connections to exchange digital keys with a remote peer to create an open encrypted communication channel. That approach makes it appear to be just another open channel like any other emanating from an enterprise.

The issue is that various cybersecurity teams have known about the existence of Daxin since 2013. It’s only been this past week, however, that researchers collaborating via the Joint Cyber Defense Collaborative (JCDC) set up by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have shared the details on how Daxin works. That means Daxin malware has been floating around for the better part of the past decade.

The JCDC has only been in place since last summer. It represents a noble effort to combine public and private resources to accelerate the discovery of malware. The trouble is nation-states themselves are often the very same entities developing advanced malware. Daxin, for example, in addition to incorporating code used to create a strain of malware known as Zala also appears to have borrowed techniques associated with a Regin malware that is believed to have been first created by Western intelligence agencies.

Regardless of who created any strain of malware, there’s a conflict of interest between nation-states that create malware and the researchers working within another branch of the government to find a way to thwart it. The issue is hardly limited to the United States. Researchers via a paper published by the Institute of Electrical and Electronics Engineers (IEEE) way back in 2018 called for the setting up of a consortium to create a platform to detect malware based on an immutable blockchain platform. Most of those researchers are affiliated with Nanjing University in China so despite the merits of the idea support for it has thus far been not surprisingly negligible.

That’s understandable. Geopolitics has always been a factor in cybersecurity research. It’s just now of hand. The only way to reduce the influence of politics on cybersecurity research is to set up a truly independent organization that is not affiliated with any nation. In effect, this entity would be the cybersecurity equivalent of the World Economic Forum (WEF) that is based in a neutral country such as Switzerland.

Despite the best efforts of cybersecurity researchers, it simply takes too long to first discover advanced malware and then find a way to thwart it in a way that can be widely applied. While that global network of cybersecurity researchers does share a lot of information, there’s also a lot of duplication of effort as various teams look to compete for bragging rights over who discovered what strain of malware or vulnerability first. Competition is not a bad thing in itself but in the form currently being applied to cybersecurity research, it’s not efficient enough. For business and IT leaders that are trying to securely enable digital processes that are a major problem that only they can really fix. An international research organization funded by private companies that operate outside the influence of any government entity has become a business imperative. The only question now is how best to go about setting up that consortium before the actions of nation-states rend asunder a global network that for all its deficiencies continues to rank in the long history of humanity as one of the most amazing marvels ever created.

Scroll to top