Feeds

World leaders meet to discuss cyberwar rules of engagement

Hague convention for state-backed hacking?

Security for virtualized datacentres

Rules of engagement for the deployment of cyber-weapons need to be developed, an international security conference is due to be told later today.

The influential EastWest Institute is due to present proposals for the cyberspace equivalent of the Geneva convention at the Munich Security Conference, which has included a debate on cyber-security on its agenda for the first time this year. Delegates to the conference include UK Prime Minister David Cameron, German Chancellor Angela Merkel, US Secretary of State Hillary Clinton and Russian Foreign Minister Sergei Lavrov.

The discussion on rules for cyber-conflict follows months after the infamous Stuxnet worm was blamed for infecting industrial control systems and sabotaging centrifuges at controversial Iranian nuclear facilities. Some have described the malware as the world's first cyber-weapon though cyber-espionage in many guises has undoubtedly been practiced by intelligence agencies across the world for many years.

Computer systems underpin the delivery of essential services, including utilities and telecoms and well as banking and government services. Critical national infrastructure systems are most commonly privately held, at least in the US and Europe. Although attacks against various critical systems are commonplace they tend to be low level information-stealing or denial of service exploits. Many independent experts in cyber-security dismiss talk of cyberwar as hype – driven more by the marketing departments of US security contractor giants seeking a new market in cyberspace than by reality on the ground.

Others argue that cyberwarfare (or information warfare) risks are all too real and illustrated by the denial of services attacks that blitzed Estonia off the web and the Operation Aurora assaults against Google and other high-tech firms as well as Stuxnet, a strain of malware that might inspire other forms of malware that attack industrial control kit, perhaps indiscriminately.

The rules of cyberwarfare seek to establish protected domains – such as hospital and schools – that are off limits for attack. Proportionality in response to attacks and identifying the source of attacks is also likely to enter the debate.

British government sources told the BBC that they were not convinced of the need for a treaty governing conflict in cyberspace, while they conceded the need for a discussion on proportional response – and, more particularly, on attributing the source of attack. It is far more difficult to identify the source of a cyber-assault, which can easily be launched from networks of compromised PCs in third-party countries, than the origins of a conventional military assault, which is often proceeded by the gathering of troops and tanks.

Government sources told BBC Newsnight: "How strongly should a state respond to an attack when you do not know who did it, where they did it from or what the intention was? In conventional military terms these questions are easier to answer – not so in the cyber-world." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Found inside ISIS terror chap's laptop: CELINE DION tunes
REPORT: Stash of terrorist material found in Syria Dell box
Show us your Five-Eyes SECRETS says Privacy International
Refusal to disclose GCHQ canteen menus and prices triggers Euro Human Rights Court action
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Heavy VPN users are probably pirates, says BBC
And ISPs should nab 'em on our behalf
Former Bitcoin Foundation chair pleads guilty to money-laundering charge
Charlie Shrem plea deal could still get him five YEARS in chokey
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.