How can nation states win the unfolding cyberwar?

Hawkishness and 'Swiss' neutrality go head-to-head at RSA Conference 2017

Army tank

Nation state hacking is putting democracy and civilian welfare at risk, but there is little consensus on how to deal with this issue.

In two contrasting talks at RSA Conference 2017, Michael McCaul, chairman of the House Homeland Security Committee in the US, and Brad Smith, Microsoft chief legal officer, struck markedly different tones when discussing how to approach these issues.

In his keynote, McCaul said: "It's clear to me that our adversaries are turning digital breakthroughs into digital bombs ... our cyber rivals are overtaking our defences."

"The combatants are everywhere and the phones in your pockets are the battle space," McCaul continued. "Our democracy itself is at risk. Last year, there's no doubt in my mind that the Russian government tried to undermine and influence our elections.

Advertisement
Advertisement - Article continues below

"The crisis was the biggest wakeup call yet that cyber intrusions have the potential to jeopardise the very fabric of our republic."

McCaul pointed to several issues making things harder for those trying to defend against attacks, including a lack of resources.

"There are more cyber outlaws than cyber sheriffs to round them up. A lot of hackers out there should be behind bars, but law enforcement agencies at all levels are struggling to keep up with the volume and complexity of network intrusions.

"Today, in some cases, the United States government is fighting 21st Century threats with 20th Century technology and a 19th Century bureaucracy," he claimed.

McCaul also said there's "a real paradox between national security and digital security".

"Nowhere is this more obvious than with the terror threat," McCaul claimed. "We have a new generation of terrorists who are recruiting over the internet and using virtual safe havens to escape detection and force their propaganda on a global internet scale.

"We have the brutal attacks in Paris and Brussels as tragic examples and reminders of how terrorists stay under the radar by using end-to-end encryption on their phones to cover their tracks."

However, McCaul said governments "must resist the temptation to go after [them] with simple knee-jerk responses".

"We cannot undermine encryption ... it's the bedrock of our internet security. But at the same time we can't allow groups like ISIS to remote control terrorist attacks using the darkness of the web," he added.

Nevertheless, the US "must respond to attacks decisively" if it's to win the war against these varied adversaries, he said.

Advertisement
Advertisement - Article continues below

"We're feeling tectonic shifts on the virtual ground beneath us and our current cyber plans just won't cut it," said McCaul. "Our ability to win the war in cyberspace depends on our ability to deliver consequences by striking back when appropriate."

McCaul's somewhat hawkish tone was in stark contrast to Smith's keynote, however.

Microsoft's Smith called for a digital Geneva Convention and an equivalent of the International Atomic Energy Association (IAEA) to protect civilians.

"We suddenly find ourselves living in a world where nothing seems off limits to nation state attacks. Conflicts between nations are no longer confined to the ground, sea and air, as cyberspace has become a potential new and global battleground," said Smith.

This, he said, is something that needs to change, with the introduction of new international norms.

"Just as the world's governments came together in 1949 to adopt the Fourth Geneva Convention to protect civilians in times of war, we need a Digital Geneva Convention that will commit governments to ... [protecting] civilians on the internet in times of peace."

As for the digital IAEA equivalent, Smith said: "This organisation should consist of technical experts from across governments, the private sector, academia and civil society with the capability to examine specific attacks and share the evidence showing that a given attack was by a specific nation-state. Only then will nation-states know that if they violate the rules, the world will learn about it."

Finally, there's an important role for the tech sector to play. It must be a neutral "digital Switzerland", said Smith, meaning tech companies agree never to help governments of any stripe attack civilians and civilian infrastructure.

"This commitment to 100% defense and 0% offense has been fundamental to our approach as a company and an industry. And it needs to remain this way in the future," he concluded.

Features editor Jane McCallion is on the ground at RSA Conference 2017 in San Francisco all week. Follow her on Twitter for live updates and bookmark our dedicated page for more coverage from the business security conference.

Advertisement
Advertisement - Article continues below
Advertisement
Related Resources

Application security fallacies and realities

Web application attacks are the most common vulnerability, so what is the truth about application security?

Download now

Your first step researching Managed File Transfer

Advice and expertise on researching the right MFT solution for your business

Download now

The KPIs you should be measuring

How MSPs can measure performance and evaluate their relationships with clients

Download now

Life in the digital workspace

A guide to technology and the changing concept of workspace

Download now

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/business-strategy/collaboration/354160/microsoft-teams-surpasses-20-million-daily-users
collaboration

Microsoft Teams surpasses 20 million daily users

20 Nov 2019
Visit/laptops/34813/microsoft-surface-pro-7-review-slightly-faded-glory
Laptops

Microsoft Surface Pro 7 review: Slightly faded glory

15 Nov 2019
Visit/business-strategy/34796/view-from-the-airport-microsoft-ignite-2019
Business strategy

View from the airport: Microsoft Ignite 2019

12 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

4 Nov 2019
Visit/strategy/28115/the-pros-and-cons-of-net-neutrality
Business strategy

The pros and cons of net neutrality

4 Nov 2019
Visit/domain-name-system-dns/34842/microsoft-embraces-dns-over-https-to-secure-the-web
Domain Name System (DNS)

Microsoft embraces DNS over HTTPS to secure the web

19 Nov 2019
Visit/social-media/34844/can-wikipedia-founders-social-network-really-challenge-facebook
social media

Can Wikipedia founder's social network really challenge Facebook?

19 Nov 2019