Feeds

World leaders meet to discuss cyberwar rules of engagement

Hague convention for state-backed hacking?

5 things you didn’t know about cloud backup

Rules of engagement for the deployment of cyber-weapons need to be developed, an international security conference is due to be told later today.

The influential EastWest Institute is due to present proposals for the cyberspace equivalent of the Geneva convention at the Munich Security Conference, which has included a debate on cyber-security on its agenda for the first time this year. Delegates to the conference include UK Prime Minister David Cameron, German Chancellor Angela Merkel, US Secretary of State Hillary Clinton and Russian Foreign Minister Sergei Lavrov.

The discussion on rules for cyber-conflict follows months after the infamous Stuxnet worm was blamed for infecting industrial control systems and sabotaging centrifuges at controversial Iranian nuclear facilities. Some have described the malware as the world's first cyber-weapon though cyber-espionage in many guises has undoubtedly been practiced by intelligence agencies across the world for many years.

Computer systems underpin the delivery of essential services, including utilities and telecoms and well as banking and government services. Critical national infrastructure systems are most commonly privately held, at least in the US and Europe. Although attacks against various critical systems are commonplace they tend to be low level information-stealing or denial of service exploits. Many independent experts in cyber-security dismiss talk of cyberwar as hype – driven more by the marketing departments of US security contractor giants seeking a new market in cyberspace than by reality on the ground.

Others argue that cyberwarfare (or information warfare) risks are all too real and illustrated by the denial of services attacks that blitzed Estonia off the web and the Operation Aurora assaults against Google and other high-tech firms as well as Stuxnet, a strain of malware that might inspire other forms of malware that attack industrial control kit, perhaps indiscriminately.

The rules of cyberwarfare seek to establish protected domains – such as hospital and schools – that are off limits for attack. Proportionality in response to attacks and identifying the source of attacks is also likely to enter the debate.

British government sources told the BBC that they were not convinced of the need for a treaty governing conflict in cyberspace, while they conceded the need for a discussion on proportional response – and, more particularly, on attributing the source of attack. It is far more difficult to identify the source of a cyber-assault, which can easily be launched from networks of compromised PCs in third-party countries, than the origins of a conventional military assault, which is often proceeded by the gathering of troops and tanks.

Government sources told BBC Newsnight: "How strongly should a state respond to an attack when you do not know who did it, where they did it from or what the intention was? In conventional military terms these questions are easier to answer – not so in the cyber-world." ®

The essential guide to IT transformation

More from The Register

next story
GCHQ protesters stick it to British spooks ... by drinking urine
Activists told NOT to snap pics of staff at the concrete doughnut
Britain's housing crisis: What are we going to do about it?
Rent control: Better than bombs at destroying housing
What do you mean, I have to POST a PHYSICAL CHEQUE to get my gun licence?
Stop bitching about firearms fees - we need computerisation
Top beak: UK privacy law may be reconsidered because of social media
Rise of Twitter etc creates 'enormous challenges'
Redmond resists order to hand over overseas email
Court wanted peek as related to US investigation
Ex US cybersecurity czar guilty in child sex abuse website case
Health and Human Services IT security chief headed online to share vile images
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.