Former Department of Homeland Security Secretary Michael Chertoff spoke at the RSA Conference (always an important event) in London on October 14, 2010. So far, I have been unable to obtain a full text of the speech, but there is important coverage in the media.
The Register ran an article entitled "Fight cyberwar with cold war doctrines, says former DHS chief."
Cold war doctrines on how to respond to nuclear attack need to be applied to the 21st century threats of cyber attacks and espionage, according to former US Homeland Security secretary Michael Chertoff. … "I'm not saying that you need to respond to virtual attacks with real attacks but I do think it's important to define when and how it might be appropriate to respond," Chertoff explained. "Everyone needs to understand to rules of the game," he added.
The BBC has a longer article, entitled "Call to define rules of cyber war:"
The need for such a doctrine was as pressing now as it was in 1950s, he said, when the emergence of nuclear weapons rendered irrelevant earlier policies governing when and why conflicts were fought.
That vacuum was filled by the policy of deterrence which defined what response could be expected from the US depending on how its territory or citizens were threatened.
"It was very clear to an adversary the consequences of an attack," he said.
* * *
By defining a doctrine, he suggested, all nations would be encouraged to police domestic networks better to avoid incurring a strong response.
"The greatest stress you can have on security is when there is uncertainty," he said. "We are now in a state of uncertainty."
The need to develop response scenarios and an over-arching doctrine was becoming pressing, he said, as those involved in hacking for money carried out ever more attacks.
Without seeing the full text, it is perhaps unfair to critique Mr. Chertoff's remarks. I do not know who, if anyone, he proposed to make and enforce these rules. If such rules were to be made by a treaty, what would make the treaty different from the Kellogg-Briand Pact (or "General Treaty for the Renunciation of War") that in 1928 (effective 1929) was signed by the major powers which would soon be fighting each other to the death in the Second World War? Presumably, some sort of enforcement mechanism is needed for a treaty to be effective.
Also, attribution was tremendously easier during the Cold War. If rules for cyber war are to be enforced, some sort of user identification or authentication regime must be imposed on Internet traffic. Is anonymity on the Internet a destabilizing influence that will result in cyber war? What do you think?
Leave a Reply