Cyberweapons Treaties Might Help Prevent Cyberwar
MIAMI At the Hacker Halted cybersecurity conference here yesterday (Oct. 25), BT chief security technology officer Bruce Schneier suggested that international cyberweapons treaties might lessen the chance of a real cyberwar.
"We're in the early years of a cyberwar arms race," said Schneier in his keynote address. "This is dangerous. The cyberweapons could go off accidentally, and right now they're controlled at a rather low level in the military hierarchy. You don't want some colonel starting a war."
Compounding the instability, Schneier said, is the fact that there's no good definition of what cyberwar is , or might be.
"Even actual computer security people don't have a good definition," Schneier said. "Our culture has a weird relationship with the word 'war.' We never use it when there's an actual war. But we use it metaphorically in all sorts of other contexts the War on Drugs, the War on Poverty."
"When there's a real war, we can tell because tanks are invading, planes are bombing," he continued. "On the Internet, the tactics are all the same, no matter who does it . You don't know if a DDoS [distributed denial-of-service] attack is being carried out by kids, by criminals or by the military."
And as major powers such as the U.S., China, Russia, Israel, Britain and Germany all rush to prepare themselves for cyberwar, Schneier said it's important that the governments talk to each other especially because in a cyberwar, you can never be completely sure who's attacking you. ("Cyberweapons don't wear uniforms," he said.)
"There could be a hotline set up between different cyberwar commands," Schneier said. "They could call each other during an attack and say, 'Is this you?' 'No, it's not us.'"
An ever better solution, he said, would be to establish cyberweapons treaties, with enforcement mechanisms. Schneier credited former presidential special adviser Richard A. Clarke, with whom he disagrees on other matters, for proposing the idea in his 2010 book "Cyber War: The Next Threat to National Security and What to Do About It."
"How might cyberwar treaties be enforced?" Schneier asked. "There are mechanisms for nuclear and chemical weapons treaty enforcement so why not cyberweapons treaty enforcement mechanisms?"
Schneier was critical, however, of the increasing talk of cyberwar coming out of Washington, D.C.
"We really need to stop feeding on fears," he said. "Cyberwar rhetoric is being inflated for a purpose. It is good business for defense contractors and for generals. It is a powerful term on Capitol Hill."
"But," he added, "scared people don't make good policy."