Cyber Warfare Needs Rules Of Engagement

Uploaded on 2018-11-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

'I think all of us would agree that cyber space is the new battle space'

OpenWorld Former intelligence leaders have called for international terms of engagement in cyber warfare and greater collaboration between the public and private sectors to defend critical infrastructure.

The comments came at a security-focused keynote at this year's Oracle OpenWorld conference in San Francisco, where, instead of the usual parade of enthusiastic customers, co-CEO Mark Hurd took to the stage with three former spies.

John Scarlett, who led the UK's MI6 between 2004 and 2009, said that when it came to cyber-attacks, there was “no sense of the rules of the game” and no international or legal structure. 

This lack of terms of engagement was central to the reemergence of the great tension and rivalry between different actors, he told the audience today.

However, he conceded that it is “hard to see how they [rules of engagement] can be developed and agreed on,” and questionable whether any state would trust the various sides to implement them honestly.

“We have to get our brains thinking differently,” Scarlett said, arguing that the old way of thinking about attacks and defense didn’t translate into cyber threats.

The long-expected Cyber Pearl Harbor

His comments came in response to Hurd’s opening question, which asked what a “9/11 cyber-attack” would look like, a term that the Brit spy said that he was “wary” of using.

Similarly, former head of US homeland security Jeh Johnson said that the term was “rather provocative”, while pointing out that it could sometimes take years to assess the full impact of a cyber-attack.

That said, he did suggest that the impact that Russian interference in the 2016 US elections had on democracy could be as significant as the terrorist attacks in New York.

Johnson said that the open, free society in the US, and the access to it via the Internet, was both the nation’s greatest strength and a major vulnerability.

“I think all of us would agree that cyber space is the new battle space,” he said, adding that the best form of defense in this respect was a good offense, and that this should be a national and international priority for both governments and industry.

“We need to do a better job of public-private partnerships on defense of cyber space and our critical infrastructure,” he said.

Meanwhile, Michael Hayden, who has led both the National Security Agency and the Central Intelligence Agency, said that the answers will not be obvious, and that the rapid pace of technological development can lead to changing definitions on what constitutes security.

For instance, Hayden said that he had come down on the side of Apple in the battle between it and the feds seeking to break the encryption on the San Bernadino killer’s iPhone.

This was not on privacy grounds, or on commercial grounds, he said, but “on a broader definition of security”. Law enforcement’s requests were legitimate, he said, but “the costs of conceding exception access outweighed the benefits” in this case.

Flexibility and Possible Fixes

Hayden emphasised that this wasn’t about setting one hard and fast rule, as different factors might warrant a different decision; rather he urged a discussion of the balance of privacy, security, freedom and liberty.

Oracle has spent its annual gabfest touting the security credentials of its autonomous database and “second-generation” cloud infrastructure, and the decision to bring the three former intelligence bosses on stage also comes as it is eyeing up the Pentagon’s $10bn JEDI cloud contract.

And so it could hardly miss the opportunity to give its technology a plug, no matter how painfully orchestrated it was to have Big Red’s chief corporate architect Edward Screven sitting alongside the former spies, ready to big-up his firm’s new tech.

The session ended with the more cynical members of the audience rolling their eyes as Screven opined that there was “no such thing as a civilian” in cyber warfare now, all IT professionals are on the “cyber battlefield”, but, with the technology Oracle has developed, “we can be much more effective at defending that threat”. 

The Register:

You Might Also Read:

Why Has The US Not Been Hit With A Devastating Cyber Attack?

« Australia And NZ Announce Joint Pacific Cyber Cooperation
Stuxnet 2.0 - Iran Says Israel Has Launched New Cyber Attacks »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Allen & Overy

Allen & Overy

Allen & Overy is an international law firm. Practice areas include Cybersecurity and Data Protection.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

FirstPoint

FirstPoint

FirstPoint has developed the market’s most advanced solution for securing cellular devices, including mobile phones and IoT products, by blocking malicious data leakage.

SOC.OS Cyber Security

SOC.OS Cyber Security

SOC.OS is an alert correlation and triage automation tool. It correlates and prioritises your alerts, boosting productivity, enhancing threat visibility and shortening mean time to respond.

CyberSafe

CyberSafe

CyberSafe is a Portuguese company with a focus on cybersecurity solutions and services including network security, managed security, incident response and forensic analysis.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

Talion

Talion

Talion aim to reduce the complexity involved in securing your organisation and to give security teams unrivalled visibility into their security operations, so they can make optimal decisions, fast.

NARIS

NARIS

NARIS is the leading provider of an integrated Governance, Risk and Compliance platform called NARIS GRC.

OneLayer

OneLayer

OneLayer provide enterprise grade security dedicated for private LTE/5G networks. We ensure that the best IoT security toolkit is implemented in your cellular environment.

SOOS

SOOS

SOOS is the easy-to-integrate software security solution for your whole team. Build, catch, and fix vulnerabilities with SOOS Software Composition Analysis.

Magna5

Magna5

Magna5 is a managed IT service provider focusing in network and server monitoring, backup and disaster recovery, cybersecurity, help desk and SD-WAN.

CodeLock

CodeLock

Codelock is a patent-pending solution that continuously provides software security at the code level, while providing advanced management insights with performance metrics and data analytics.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Heyhack

Heyhack

Heyhack is a SOC 2 Type II certified automated penetration testing platform for web apps and APIs.

Esentry

Esentry

Esentry systems is a managed security service provider with focus on continuous security monitoring, threat detection, threat analysis and cybersecurity compliance.

Pearls IT

Pearls IT

Pearls IT are a passionate team of security professionals, IT engineers, and tech enthusiasts dedicated to protecting data and enabling access to reliable computing technology for everyone.