By Kevin Coleman
Defense Tech Cyber-War Analyst
Remember that old adage? It was a common catch-phrase used by Ronald Reagan when he was addressing Russia and the Intermediate Range Nuclear Forces Treaty (INF). Well, it has just returned and has new meaning since it would be applied to the cyber world.
A group of fifteen nations, including the United States, China, Russia Belarus, Brazil Britain, Estonia, France, Germany, India, Israel, Italy, Qatar, South Korea and South Africa have all expressed a willingness to engage in constructive discussions about reducing the threat of cyber attacks on each others’ computer networks and systems.
Unlike previous efforts that concentrated on efforts to address the dramatic growth of cyber crime, this effort will address cyber attacks and intrusions on these countries critical infrastructure and sensitive computer systems and networks.
The Obama administration has reportedly stated that there’s been an increased understanding of the international need to address the cyber risks. These risks have been driven by the rapid advancement and proliferation of cyber weapons, as well as the number of cyber attacks and clandestine activities used in cyber intelligence.
How do we verify when it comes to cyber arms and attacks? The House Subcommittee on Technology and Innovation recently held a hearing to look into the issue of cyber attribution and the significant challenge these problems pose. During the hearing Committee Chairman David Wu said, “History shows that one of the best deterrents to an attack is the ability to identify your attacker.”
Anyone who has ever investigated a cyber attack knows what a huge challenge this is. International cooperation and joint investigations are two of the cornerstones in the foundation that needs to be built to manage the growing risks associated with cyber attacks and cyber intelligence collection.
Foreign Policy recently ran an article titled Fifth Domain. In that article they asked the following four questions.
1. Can traditional arms control or diplomacy be useful in this situation?
2. Would nations sign a global pact to foreswear cyber war?
3. Could it be enforced, and would it be effective against the legions of hackers and cyber warriors who exist outside of state control, or are loosely allied with state security agencies?
4. Is this threat too big for arms control as we’ve known it?
Here are my answers.
1. No! It can start a dialog, but the proliferation of cyber aggression capabilities is too far along!
2. They might, but, what value would it have without verification measures and what about the hordes of non-state actors?
3. No! How would you ever verify cyber arms control or address the problem of attribution of cyber acts of aggression?
4. A RESOUNDING YES! Ask yourself this, what is the difference between a security testing tool and a cyber weapon? The answer is the intent of the person using it. You can’t control intent.
These are great discussion points for the hundreds of thousands of participants in this blog. Tell us what you think.