Skip the navigation
)
News

U.S. should seek world cooperation on cyber conflict, says ex-CIA director

Complexities of cyberwar mandates need for international agreements, says retired general Michael Hayden

July 29, 2010 07:58 PM ET

Computerworld - LAS VEGAS -- The U.S. needs to consider working with other leading nations to develop rules of engagement in cyberspace, retired general and former director of the CIA Michael Hayden said during a keynote address at the Black Hat conference here on Thursday.

As the country with the largest stakes on the Internet, the U.S. has been somewhat reluctant to engage in such discourse because of concerns that any international negotiations will force it to reveal or limit its cyber capabilities, Hayden said.

However, the complexities involved in defining cyber conflict, and in developing an effective deterrence and response strategy, are driving the need for at least some high-level engagement with other nations, he said.

"We have been really late to any international debate on arms limitation in cyberspace," Hayden said. "Our voice in this is going to get weaker as days go by."

The goal with any international negotiations should be to establish broad international norms for the Internet, rather than focus on any arms control, Hayden said. One example would be to have a norm that prohibits the launching of denial of service attacks against assets in another country, except during an armed conflict, he said.

DoS attacks, for example, are "such an easily available weapon that we really ought to stigmatize [its use]" and provide for sanctions against countries that allow it from within their borders, he said.

Similarly, attacks against power networks and those in the financial services sectors would be ruled as off-limits because of the devastating consequences the attacks could have, he said.

"We would all agree that [such attacks] are like chemical weapons," which should never be used, he said.

Sanctions could then be developed for violations of established rules, said Hayden, who also acknowledged that enforcement and attributions issues could pose a big challenge to the effective implementation of such agreements.

Discussions about the need for the U.S. to consider international engagement in cybersecurity issues come even as policy makers are struggling to come up with a comprehensive strategy for dealing with cyberwar.

The Defense Department has for long considered cyberspace as a domain that needs to be protected in much the same way that it protects the four other domains -- air, ground, sea and space. However, applying traditional attack and defense models to the cyber domain have proved to be enormously challenging, Hayden said.

Even the manner in which the new Cyber Command is set up reflects some of that challenge with the Department of Homeland Security (DHS) handling cyber defense functions, the intelligence community handling espionage-related tasks, and the defense department being responsible for cyber attack functions.

"Technologically and operationally, they are all the same thing -- it means having your way on the Net," Hayden said. But thanks to politics, each of these functions are funded differently and are governed by different laws, he said.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at Twitter @jaivijayan or subscribe to Jaikumar's RSS feed Vijayan RSS. His e-mail address is jvijayan@computerworld.com.

Read more about Cybercrime and Hacking in Computerworld's Cybercrime and Hacking Topic Center.



What is Tech Briefcase?
TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more
Bookmark content
Speed up your research efforts with content across the web.
Search and Store
Find the white papers you need. Create folders for any topic.
View Anywhere
Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.
Don't have an account yet?
Additional Resources
Security KnowledgeVault
WHITE PAPER
Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

Cut Communications Costs Once and for All
WHITE PAPER
New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Cybercrime and Hacking White Papers
Practice Management: Double Billing Rate and Improve Patient Services
Would you like to double your billing rate and achieve faster payment for services?

Download this customer success story to see how One Health...
Mission Critical Data Explosion and Customer Case Study
Would you like to double your tier 1 storage capacity while simultaneously reducing your storage footprint?

Download this customer success story to see how...
Protecting Against Database Attacks and Insider Threats: Top 5 Scenarios
Read this new eBook to learn the top five scenarios and essential best practices for preventing database attacks and insider threats.
Database Activity Monitoring Is Evolving
Read the analyst report and learn how you can leverage the core capabilities of a DAP solution for better database security.
Establishing a Strategy for Database Security is No Longer Optional
The options for securing increasingly valuable databases are very broad and deep, and can be confusing. This research provides an overview of three...
All Cybercrime and Hacking White Papers
Cybercrime and Hacking Webcasts
Distributed Database Security with Real-time Monitoring
View this demo and learn how IBM InfoSphere Guardium database activity monitoring can help protect your sensitive data in distributed DBMS environments with...
InfoSphere Warehouse Packs Demo
These flash modules make warehousing more tangible and relevant to business users through detailed explanations of the InfoSphere Warehouse Packs.
Delivery Management -- Extending Lifecycle Management
Date: Wednesday, June 20, 2012, 1:00 PM EDT

Siloed organizations continue doing the wrong things and doing things wrong, leading to increased costs,...
Leverage automation today to reduce IT complexity
Date: Tuesday, June 5, 2012, 2:00 PM EDT

Whether your B2B complexity is caused by multiple technologies due to M&A, business or application specific...
Redefine Expectations in the Data Center
Need to do more with less? Watch this video to learn how HP ProLiant Gen8 servers can help your business deploy servers three...
All Cybercrime and Hacking Webcasts
Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter
  1. View all newsletters | Privacy Policy
IT Jobs