Cyber Security is now recognized as a high risk priority by governments across the globe. This is supported by the fact that the UK Government’s Strategic Defence Spending Review which diverted key funds away from traditional areas of spending to the protection of the UK’s critical national infrastructure from the cyber threat.
There is no winner in Cyber warfare
The importance of this shift to a greater focus on Cyber Security was given highlighted by the discovery of STUXNET, the first example of a ‘cyber weapon’ designed to attack an aspect of a nation’s critical national infrastructure.
The Cyber Security meeting was a great success. At the start of the meeting there were some technical issues with the microphones, but who cares? We want to discuss Cyber warfare! And so we did.
The discussion started with the NATO strategies issue, it was about which options does a country have when it is under attack by a force?
This was a very delicate issue because what is Cyber warfare is? Well we speak of Cyber warfare at the moment that a country has declared war to the country. So when a country or a force attacks another country without a declaration of warfare it is not Cyber warfare.
The act of attacking without a declaration of war is classified as Cybercrime. This makes it hard to retaliate because there is no war declared. The next issue that comes along is the fact that even if we do reply with an attack, we could take down an hospital and then we are speaking of collateral damage. Because the aggressor used the hospital network to attack, we retaliate against the hospital.
We will need a global understanding & perspective about the Cyber war attacks.
Cybercrime is like a paradox. There is no hierarchical system
Nightmare of all problems
After an attack (Stuxnet) there are certain points that need to be checked and controlled. You will have to look after :
– How did they penetrate the systems
– You will have to clean the systems
– The disruption it caused
– Exploits ?
– The mental stress it causes.
The cyberspace needs to be regulated, but how do you want to regulate the internet while it can’t be regulated by a single regulator. Because when we look to the internet we see it as no man’s land (law of the sea), but in fact it is somebody’s property, it could be from the government, companies or from civilians.
So the world has to agree for transparency. If we need help or information regarding Cyber security the countries should provide them.
But at the moment there is no transparency, think of the Estonia and Russian conflict.
A Finnish expert, told the Helsingin Sanomat newspaper that it would be difficult to prove the Russian state’s responsibility, and that the Kremlin could inflict much more serious cyber-damage if it chose to. source
– The internet traffic regarding Cybercrime has increased rapidly.
– How can a behaviour code be created to use the internet legitimate.
– If there is an attack going on, and you want to retaliate how will you get the attribution of proof?
– How can we make retaliation possible?
– Who is responsible ?
– What can we do against sponsored cyber attacks?
– How can we prevent extremists from recruiting people from the internet?
– At a certain point defence will catch up with offensive behaviour
– Creating a global cyber war response team
If I would shutdown a honey pot because there is a “cyber war” going on, it could affect over 500 servers. And that is the reason why you can’t retaliate, because you don’t know were the bodies will show up.
Author: Reza Rafati
Twitter name: @cyberwarzonecom