💾 Archived View for gmi.noulin.net › mobileNews › 2883.gmi captured on 2021-12-03 at 14:04:38. Gemini links have been rewritten to link to archived content
-=-=-=-=-=-=-
By Maggie Shiels Technology reporter, BBC News, Silicon Valley
Battle map on screen Electronic attacks will play a part in conventional
conflict, but they are not wars, says Mr Schneier
The threat of cyber warfare is greatly exaggerated, according to a leading
security expert.
Bruce Schneier claims that emotive rhetoric around the term does not match the
reality.
He warned that using sensational phrases such as "cyber armageddon" only
inflames the situation.
Mr Schneier, who is chief security officer for BT, is due to address the RSA
security conference in San Francisco this week
Speaking ahead of the event, he told BBC News that there was a power struggle
going on, involving a "battle of metaphors".
He suggested that the notion of a cyber war was based on several high-profile
incidents from recent years.
They include blackouts in Brazil in 1998, attacks by China on Google in 2009
and the Stuxnet virus that attacked Iran's nuclear facilities.
He also pointed to the fallout from Wikileaks and the hacking of Republican
vice-presidential candidate Sarah Palin's e-mail.
"What we are seeing is not cyber war but an increasing use of war-like tactics
and that is what is confusing us.
"We don't have good definitions of what cyber war is, what it looks like and
how to fight it," said Mr Schneier.
Sarah Palin Casualty of war? Attacks such as Sarah Palin's e-mail hack have
been lumped into the debate
His point of view was backed by Howard Schmidt, cyber security co-ordinator for
the White House.
"We really need to define this word because words do matter," said Mr Schmidt.
"Cyber war is a turbo metaphor that does not address the issues we are looking
at like cyber espionage, cyber crime, identity theft, credit card fraud.
"When you look at the conflict environment - military to military - command and
control is always part of the thing.
"Don't make it something that it is not," Mr Schmidt told a small group of
reporters on the opening day of the conference.
A report last month by the Organisation for Economic Cooperation and
Development also concluded that the vast majority of hi-tech attacks, described
as acts of cyber war, do not deserve the name.
Tanks and bombs
The issue is likely to receive a lot of attention at RSA this week as a number
of panels seek to define what is and what is not cyber warfare.
"Stuxnet and the Google infiltration are not cyber war - who died?" asked Mr
Schneier.
"We know what war looks like and it involves tanks and bombs.
"However all wars in the future will have a cyber space component.
"Just like we saw in the Iraqi war we [the US] used an air attack to soften up
the country for a ground offensive.
"It is probably reasonable you will see a cyber attack to soften up the country
for an air attack or ground offensive," he added.
Mr Schneier claimed that the heated rhetoric is driving policy in ways that
might not be appropriate.
"The fear is that we are going to see an increased militarisation of the
internet," he said.
Recently the FBI and Department of Defence squared off over who got to control
defence in cyber space and the multimillion dollar budget that goes with the
job.
Mr Schneier said that battle was won by the defence department.
He also claimed there was a worrying trend of politicians who try to introduce
legislation as a way to deal with the issue as nothing short of knee-jerk
politics.
Start Quote
Stuxnet and the Google infiltration are not cyber war - who died?
End Quote Bruce Schneier Security analyst
Last week the Cybersecurity Enhancement Act was introduced in the Senate,
following confirmation by oil companies and Nasdaq officials that their
computer systems were repeatedly hacked by outsiders
"My worry is these ill thought-out bills will pass," said Mr Schneier.
Treaty talk
Talk of drawing up the equivalent of a Geneva Convention for cyber space has
been gaining attention.
The proposal was raised by international affairs think-tank, the EastWest
Institute at a security conference in Munich last week.
Mr Schmidt said he is sceptical because he does not believe every country will
sign up to an agreed set of norms or standards.
"I don't know that a treaty is going to solve anything at this juncture.
"Not everyone thinks about this unilaterally around the world. We can't do this
by ourselves," he said.
Industry commentator Declan McCullagh, who is chief potlicial writer for online
news site CNET.com, believes the idea of doing nothing is untenable.
"Before we get to the stage of having to launch a cyber war, and that will
eventually come, lets have a public discussion about what this involves," he
said.
"A Geneva Convention for cyber war makes sense at least to start that
discussion.
"What that would do is put certain types of attacks off the table like you are
not going to target the enemy's hospitals or certain types of civilian systems
that innocents depend on for their livelihood.
"I don't think everyone is going to respect it, and maybe the US won't respect
it at times, but at least it starts the discussion and will probably have a
positive effect," said Mr McCullagh.
This year marks the 20th anniversary of the RSA event, which began as a purely
technical cryptography conference and has evolved into a broader forum that
includes issues of policy and governance as well as technology.