Industry, military experts discuss murky cyberwar issues

Countries are grappling to define cyberwarfare and how they can respond under international law

Nations increasingly touched by cyberattacks are still in the very early stages of figuring out how to deal with incidents that could escalate into critical national security threats.

From DOS (denial-of-service) attacks on Web sites to hacking attempts on power grids and financial and military systems, experts are warning that the next wars will be kicked off by electronic blitzes from non-state actors and that nations haven't worked out clear strategies.

But academics, experts from private companies and government officials are discussing those issues this week in Tallinn, Estonia, at the first-ever Conference on Cyber Warfare. It's hosted by the Cooperative Cyber Defense Center of Excellence (CCDCOE), launched in May 2008 to help NATO countries deal with ever-growing cyberthreats.

"Cyberattacks are here to stay," said Jaak Aaviksoo, Estonia's defense minister, during a keynote speech on Wednesday. "They are not disappearing."

Estonia experienced a devastating cyberattack in 2007 following a decision to move a statue memorializing Russian soldiers who fought during World War II. Pro-Russian hackers took down bank and school Web sites via DOS attacks on Estonian networks.

Subsequently, Georgia experienced similar attacks following its conflict with Russia last year. And earlier this week, Iranian news Web sites and those belonging to political organizations were hit with DOS attacks following the contested re-election of President Mahmoud Ahmadinejad.

A multitude of issues are under discussion at the CCDCOE's conference: how nations can legally respond under international law to cyberattacks, how nations should render assistance to one another and simply what is the definition of a cyberattack.

None are likely to be resolved quickly, said Estonian Army Lieutenant Colonel Ilmar Tamm, director of the CCDCOE.

"The situation changes so rapidly," Tamm said. "We have to be really conscious on the conclusions we recommend, and nations have to be understand the potential consequences of what they adopt on the legal side, the policy side."

The CCDCOE is funded by its seven nation members, which include Estonia, Latvia, Lithuania, Germany, Spain, Italy and the Slovak Republic. The U.S. is not a member but has assigned a civilian with the U.S. Navy to the CCDCOE. Turkey, Hungary and the U.S. have expressed interest in joining CCDCOE.

The CCDCOE does not advise NATO operationally but is instead a think tank that is working in policy areas related to cyberwarfare such as tactics, protection of critical national infrastructure, policy and legal issues, Tamm said. The organization produces research papers, some of which are public and some of which are only for benefit of NATO countries, he said.

On the technical side, CCDCOE also does research on botnets, or networks of compromised computers used in aggregate to carry out malicious activity, as well as ways to automate network analysis tasks such as log files and intrusions.

At the request of NATO, it is also working on a paper that defines concepts around cyberwarfare, Tamm said.

Getting all nations on the same page is crucial. The global nature of the Internet has hampered cybercrime investigations since hackers can route, for example, a DOS attack through countries that have poor law enforcement, said Kenneth Geers, a U.S. Navy civilian analyst assigned to CCDCOE.

"The cyberproblem is real, and it demands an international response, but nobody knows quite how best to improve the international response because nation states and organizations themselves have so many questions about cybersecurity," Geers said.

Another looming issue is the development of offensive cyberwarfare skills that could be used in the event of an attack, but that is not CCDCOE's domain.

"We do know that a number of NATO nations are developing offensive capabilities," Tamm said. "They have reason to do that."

It is clear, however, that organizations such as the Taliban are using the Web effectively, said Johannes Kert, an adviser to Estonia's defense minister and chairman of the CCDCOE's steering committee.

The Taliban and Al Qaeda have created Web sites in order to spread ideology, recruit members and teach bomb-making techniques as well as to promote attacks that have been executed. However, NATO has been focused on cyberdefense rather than offense, Kert said.

"This is a field where we clearly lose today as NATO," he said. "This is a question NATO should start to discuss."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags cyber attackscyber security

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?