RSA: How Real is the Threat of Cyberwar?
Security experts debate whether we're already in a cyberwar, the role of government and potential solutions.
SAN FRANCISCO -- Are we already in a cyberwar? A panel of high-profile security experts debated the threat and solutions to the cyberwar challenge during a keynote session here at the RSA Security Conference Wednesday.
"I've heard so many times that some event is the first cyberwar it's getting old," said session moderator James Lewis, director and senior fellow at the Technology and Public Policy Program at the Center for Strategic and International Studies.
Lewis noted, for example, that some have characterized the recent WikiLeaks incident as the first volley in a new era of cyberwarfare.
But the panel dismissed that notion and explained why it's important to understand what cyberwar is and isn't.
"I would consider something that destroys major systems an act of cyberwarfare," said former U.S. Secretary of Homeland Security Michael Chertoff, who now runs his own security consulting practice. Chertoff also noted that the "war" label in a true instance of cyberwar is more than justified.
"You could have a cyber attack that is as consequential to the economy as a war" in the conventional sense would be, said Chertoff. He also noted that war requires a difference response and expectation of help. For example, citizens might be more willing to give up certain rights, like privacy in a war scenario, versus criminal attacks like the theft of intellectual property.
Chertoff said the government needs to do more to establish a structure of official response to cyber attacks, including clear lines of responsibility.
"We have to resolve the legal architecture to defend ourselves. I'm not an advocate of an 'Internet kill switch' if we could even have something like that, but we need something," he said.
Other panelists emphasized the need for the private sector to step up its investment in security and work more closely with government to prepare for cyber attacks. Mike McConnell, a former U.S. Director of National Intelligence (from 2007 2009), said he thinks the U.S. government needs to share more detailed information about how serious the threat of cyberwarfare is.
"That would cause companies to invest more in security," said McConnell, currently an executive vice president and leader of the intelligence business at Booze Allen Hamilton.
But security author Bruce Schneier disagreed. "Companies will take that as an incentive only up to the value of their companies," said Schneier, and not to the extra level that might be needed.
While noting that progress has been made in many areas of national cybersecurity, the panelists seemed resigned to the likelihood that it will take a major incident for the U.S. to take the appropriate steps to better secure our computing infrastructure.
"There will be attacks and we'll overreact because that's what we do," said Schneier.
Lewis joked that he's suggested we need a TSA for laptops to which Schneier quipped in response, "That'll be entertaining. You'll get a full body scan when you boot up."
Schneier also emphasized that even though new cyber attacks are reported every day, security keeps evolving. "I don't think we're stuck, we're getting better every year," he said. "We're doing surprisingly well."
The Insider Threat
Stepping back from the threat of cyberwarfare, McConnell said the security industry is only just beginning to realize the seriousness of insider threats that can compromise a company's or any organization's security.
"WikiLeaks highlighted the insider threat," said McConnell. "Most of all our thinking for 25 years has been about perimeter security. Even if it's a well-meaning whistle blower, systems can be compromised on the inside."
Said Schneier: "WikiLeaks is not surprising to anyone here. The State Department learned what the music and video industry learned ten years ago it's easy to move digital files. I think we're seeing some new business models emerge around secrecy because you can't give access about something to a thousand people and expect it to stay a secret."
Chertoff agreed. "Insider issues require different solutions," he said.
Keep up with security news; Follow eSecurityPlanet on Twitter: @eSecurityP.
September 29, 2010
Department of Homeland Security convening officials from half a dozen other agencies and departments as well as a gaggle of foreign countries to test readiness and coordination mechanisms in response to a major cyberattack.