💾 Archived View for gmi.noulin.net › mobileNews › 2883.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content

View Raw

More Information

➡️ Next capture (2023-01-29)

-=-=-=-=-=-=-

Cyber war threat exaggerated claims security expert

By Maggie Shiels Technology reporter, BBC News, Silicon Valley

Battle map on screen Electronic attacks will play a part in conventional

conflict, but they are not wars, says Mr Schneier

The threat of cyber warfare is greatly exaggerated, according to a leading

security expert.

Bruce Schneier claims that emotive rhetoric around the term does not match the

reality.

He warned that using sensational phrases such as "cyber armageddon" only

inflames the situation.

Mr Schneier, who is chief security officer for BT, is due to address the RSA

security conference in San Francisco this week

Speaking ahead of the event, he told BBC News that there was a power struggle

going on, involving a "battle of metaphors".

He suggested that the notion of a cyber war was based on several high-profile

incidents from recent years.

They include blackouts in Brazil in 1998, attacks by China on Google in 2009

and the Stuxnet virus that attacked Iran's nuclear facilities.

He also pointed to the fallout from Wikileaks and the hacking of Republican

vice-presidential candidate Sarah Palin's e-mail.

"What we are seeing is not cyber war but an increasing use of war-like tactics

and that is what is confusing us.

"We don't have good definitions of what cyber war is, what it looks like and

how to fight it," said Mr Schneier.

Sarah Palin Casualty of war? Attacks such as Sarah Palin's e-mail hack have

been lumped into the debate

His point of view was backed by Howard Schmidt, cyber security co-ordinator for

the White House.

"We really need to define this word because words do matter," said Mr Schmidt.

"Cyber war is a turbo metaphor that does not address the issues we are looking

at like cyber espionage, cyber crime, identity theft, credit card fraud.

"When you look at the conflict environment - military to military - command and

control is always part of the thing.

"Don't make it something that it is not," Mr Schmidt told a small group of

reporters on the opening day of the conference.

A report last month by the Organisation for Economic Cooperation and

Development also concluded that the vast majority of hi-tech attacks, described

as acts of cyber war, do not deserve the name.

Tanks and bombs

The issue is likely to receive a lot of attention at RSA this week as a number

of panels seek to define what is and what is not cyber warfare.

"Stuxnet and the Google infiltration are not cyber war - who died?" asked Mr

Schneier.

"We know what war looks like and it involves tanks and bombs.

"However all wars in the future will have a cyber space component.

"Just like we saw in the Iraqi war we [the US] used an air attack to soften up

the country for a ground offensive.

"It is probably reasonable you will see a cyber attack to soften up the country

for an air attack or ground offensive," he added.

Mr Schneier claimed that the heated rhetoric is driving policy in ways that

might not be appropriate.

"The fear is that we are going to see an increased militarisation of the

internet," he said.

Recently the FBI and Department of Defence squared off over who got to control

defence in cyber space and the multimillion dollar budget that goes with the

job.

Mr Schneier said that battle was won by the defence department.

He also claimed there was a worrying trend of politicians who try to introduce

legislation as a way to deal with the issue as nothing short of knee-jerk

politics.

Start Quote

Stuxnet and the Google infiltration are not cyber war - who died?

End Quote Bruce Schneier Security analyst

Last week the Cybersecurity Enhancement Act was introduced in the Senate,

following confirmation by oil companies and Nasdaq officials that their

computer systems were repeatedly hacked by outsiders

"My worry is these ill thought-out bills will pass," said Mr Schneier.

Treaty talk

Talk of drawing up the equivalent of a Geneva Convention for cyber space has

been gaining attention.

The proposal was raised by international affairs think-tank, the EastWest

Institute at a security conference in Munich last week.

Mr Schmidt said he is sceptical because he does not believe every country will

sign up to an agreed set of norms or standards.

"I don't know that a treaty is going to solve anything at this juncture.

"Not everyone thinks about this unilaterally around the world. We can't do this

by ourselves," he said.

Industry commentator Declan McCullagh, who is chief potlicial writer for online

news site CNET.com, believes the idea of doing nothing is untenable.

"Before we get to the stage of having to launch a cyber war, and that will

eventually come, lets have a public discussion about what this involves," he

said.

"A Geneva Convention for cyber war makes sense at least to start that

discussion.

"What that would do is put certain types of attacks off the table like you are

not going to target the enemy's hospitals or certain types of civilian systems

that innocents depend on for their livelihood.

"I don't think everyone is going to respect it, and maybe the US won't respect

it at times, but at least it starts the discussion and will probably have a

positive effect," said Mr McCullagh.

This year marks the 20th anniversary of the RSA event, which began as a purely

technical cryptography conference and has evolved into a broader forum that

includes issues of policy and governance as well as technology.