U.S. should seek world cooperation on cyber conflict, says ex-CIA director
Complexities of cyberwar mandates need for international agreements, says retired general Michael Hayden
Computerworld - LAS VEGAS -- The U.S. needs to consider working with other leading nations to develop rules of engagement in cyberspace, retired general and former director of the CIA Michael Hayden said during a keynote address at the Black Hat conference here on Thursday.
As the country with the largest stakes on the Internet, the U.S. has been somewhat reluctant to engage in such discourse because of concerns that any international negotiations will force it to reveal or limit its cyber capabilities, Hayden said.
However, the complexities involved in defining cyber conflict, and in developing an effective deterrence and response strategy, are driving the need for at least some high-level engagement with other nations, he said.
"We have been really late to any international debate on arms limitation in cyberspace," Hayden said. "Our voice in this is going to get weaker as days go by."
The goal with any international negotiations should be to establish broad international norms for the Internet, rather than focus on any arms control, Hayden said. One example would be to have a norm that prohibits the launching of denial of service attacks against assets in another country, except during an armed conflict, he said.
DoS attacks, for example, are "such an easily available weapon that we really ought to stigmatize [its use]" and provide for sanctions against countries that allow it from within their borders, he said.
Similarly, attacks against power networks and those in the financial services sectors would be ruled as off-limits because of the devastating consequences the attacks could have, he said.
"We would all agree that [such attacks] are like chemical weapons," which should never be used, he said.
Sanctions could then be developed for violations of established rules, said Hayden, who also acknowledged that enforcement and attributions issues could pose a big challenge to the effective implementation of such agreements.
Discussions about the need for the U.S. to consider international engagement in cybersecurity issues come even as policy makers are struggling to come up with a comprehensive strategy for dealing with cyberwar.
The Defense Department has for long considered cyberspace as a domain that needs to be protected in much the same way that it protects the four other domains -- air, ground, sea and space. However, applying traditional attack and defense models to the cyber domain have proved to be enormously challenging, Hayden said.
Even the manner in which the new Cyber Command is set up reflects some of that challenge with the Department of Homeland Security (DHS) handling cyber defense functions, the intelligence community handling espionage-related tasks, and the defense department being responsible for cyber attack functions.
"Technologically and operationally, they are all the same thing -- it means having your way on the Net," Hayden said. But thanks to politics, each of these functions are funded differently and are governed by different laws, he said.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed . His e-mail address is firstname.lastname@example.org.
- Secretive group seeks recruits at Defcon, finds skepticism
- Hacker snoops on GSM cell phones in demo
- Free Android apps scrape personal data, send it to China
- U.S. should seek world cooperation on cyber conflict, says ex-CIA director
- 'Unhackable' Android can be hacked, Black Hat researchers say
- Update: ATM hack gives cash on demand
- BitBlaze tool boosts bug-hunting productivity 10-fold
- Apple patches Safari ahead of Black Hat talk, launches add-on gallery
- Black Hat: Most browsers can be made to give up personal data
- AT&T: We don't intend to stop Black Hat demo
Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.
- Silicon Valley's 19 Coolest Places to Work
- Is Windows 8 Development Worth the Trouble?
- 8 Books Every IT Leader Should Read This Year
- 10 Hot Hadoop Startups to Watch
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Infographic: Converged Infrastructure Benefits This Infographic quantifies the savings organizations are realizing from increased deployment speed, higher availability, and lower annual costs.
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- Going Paperless? Here's What You Need to Think About As makers of some of the world's most popular PDF solutions, we often consult with businesses & governmental agencies that have the goal...
- The Big Data Opportunity for HR and Finance If CEOs, CFOs, CIOs, and CHROs want to drive their businesses forward, they will need to quickly recognize the enormous value of big...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Building Tomorrow's Infrastructure Listen to this podcast to discover how Crider Foods worked with PC Connection to update their IT infrastructure, while maintaining compliance and control. All Cybercrime and Hacking White Papers | Webcasts