In Brief
Cyberwar: Is Offense the New Defense?
Many experts - including some in the military - argue that cyber weapons could make our networks safer. But will they? Robert Lemos reports from the Conference on Cyber Warfare in Estonia.
"The availability of cyberattack technologies for national purposes greatly expands the range of options available to U.S. policy makers as well as to policy makers in other nations," the report states.
One option: If nations develop an overwhelming cyber attack capability, it could result in a digital version of nuclear detente, argued Amit Sharma, a scientist with the Defence Research and Development Organization at India's Ministry of Defence. If nations cannot agree by treaty to limit use of cyber attacks, a doctrine similar to the Mutually Assured Destruction of the nuclear theater could deter attacks, Sharma told attendees at the Conference on Cyber Warfare.
"You can talk endlessly about the law of armed conflict, but a treaty would not be achieved," he said. "The only viable solution is one of cyber deterrence."
See also: Cyber Conflict - The Modern Gold Rush
Not everyone at the conference agreed. In a presentation on what can be learned by the different analogies used for cyber attacks, Ned Moran, a consultant with Booz Allen Hamilton, argued that each analogy has considerable weaknesses. While a massive cyber attack that takes down large portions of the Internet and causes devastation among data could be similar to a nuclear attack, ongoing cyber espionage more closely resembles a Cold War analogy, he said.
"No single analogy tells the whole story," Moran said, adding that focusing on the wrong analogy has often led political leaders to make bad policy.
Moreover, the nuclear analogy has another major stumbling block: Deterrence is difficult when you cannot determine who is behind an attack in cyberspace.
Nart Villeneuve, a researcher with the Information Warfare Monitor, spent months tracking sensitive computers that were compromised in a manner that seemed to point to the People's Republic of China as the culprit, but in his presentation at the conference, he underscored that other explanations are possible.
"The obvious elephant in the room is that these are ... targets collected by China for intelligence purposes," Villeneuve said. "All the targets were were able to identify had some value (to China). But there are other explanations. The distribution could be completely random. ... Or this could be a total setup. Someone trying to make use of the fact that there is already this frame of reference of attacks emanating from China to disguise their activities. If I was going to attack a third country, I would probably do it through China."
Yet, the issues with attributing attacks are not insurmountable, said the NRC's Lin.
cyberwar
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- The Forrester Wave™: Web Filtering, Q2 2009
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
