Cyber warrior: Vladislav Sherstuyuk, a retired four-star Russian general who leads the Institute of Information Security Issues at Moscow State University, announced a new cyber security research collaboration on Monday.
Veni Markovski
Two researchers propose a novel form of "arms control" at a conference in Germany.
Cyber attacks can come from governments, terrorists, thieves, or bored high school students. This makes the cyber security equivalent of "arms control" difficult to achieve. But a pair of researchers yesterday proposed methods of deterrence that they believe could work in cyberspace.
"There has been a lot of discussion lately about the analogy of cyber warfare to nuclear warfare. But it is not a good analogy in some ways--the technology should drive us in different directions," said Tom Wingfield, a law professor at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany, at a cyber security conference organized by Russian researchers.
Wingfield and James Bret Michael, a computer scientist at the Naval Postgraduate School in Monterey, CA, argue that surveillance on computer networks and other forms of intelligence can often provide the clues needed to expose a potential hacker, and this exposure may often serve as enough of a deterrent.
"With public deterrence, you shine a light on a malefactor before he attacks or soon after--so it's visible to the press and the public and his own people. In some cases that's the right answer," Michael said. "In others, you can use a nonpublic approach."
"Sometimes just being identified is enough to prevent an attack from taking place, because hackers depend on anonymity and surprise to succeed," Michael says. And such methods can work no matter how the underlying attack technologies advance.
The conference was sponsored by the Institute of Information Security Issues at Russia's leading university, Moscow State University. At the event, Vladislav Sherstuyuk, a retired four-star Russian general who heads the Institute, also announced a new research collaboration that includes government officials from Russia and China and academic institutions including the Indian Institute of Information Technology, Allahabad, and the State University of New York at Albany.
The agreement will "undertake common research on international information security," he said. While the collaboration was partly symbolic, it reflects increased concern worldwide over the potential for computer attacks to wreak havoc. "It's clear that cyber security has risen to the top tier of security issues around the world," said Greg Rattray, chief internet security advisor to ICANN, the U.S. based organization that assigns Internet names.
Fighting crime is the first step to avoiding cyberwar, he tells a Russian panel.
Information technology's next grand challenge will be to secure the cloud--and prove we can trust it.
Cyber-defense and capture-the-flag contests will help train future defenders of cyberspace.
This is an interesting tactic. They will use social forces to stop hackers by bringing down the hammer of peer pressure upon them. Sort of how in the old days petty criminals were put in the stocks so the community can exact justice. I wonder what the possible dangers might be if the hacker does something particularly heinous that would cause his life to be in danger if people found his identity...
Lock out uncooperative countries
The rest of the world should lock out Russia, India, and China from the internet. Make them go through special portals that screen all their traffic. Any country that didn't also lock them out would join them in the lock-out. Problem solved. Suddenly they will be begging to cooperate.
Wont work for the million reasons everyone said 20 years ago when this was first proposed.
One thing is for sure hacking is a necessity in a computer age. It wont go away in fact its best if it got better. Which means the computer professionals that join the market will be better. I dont like it, but its not the hackers thats the problem but the system.
It has been proven 100% you cannot secure a multinational multifunctional service. Even if the internet was 100% secure it wouldnt be. A paradox you say, but no. As mentioned above Russias mafia owns banks and can legally move money within the secure network, same goes for every bank. So waste of time identifying hackers in the first place or you might as well put a red dot on every nation on the planet.
The only true solution is better insurance, not doing your banking on the internet, not connecting military installations to it.
Ive seen what happens when the legitimate industry hackers inform the companies of flaws...they are tacken to court, or given court orders to keep it quiet and the problems arent fixed...or denied or fixed at great length. In a nut shell the industry doesnt give a hoot. They just need to make a show to the insurance companies is all. If anyones read the Visa document related to the storage pf peoples information, its horrifying. I spoke to their top man or one of them and yes he's the bees knees but my goodness the industry is about as young and incompetent as the space program in America in 1959.
In fact the best strategy maybe to legalise it. Form a top 100 list in each country and a top 100 for the world and give prizes out for the best hackers to hack the planet. As long as they recieve enough money to survive they can hack as much as they like and inform companies of their findings.
Being number 1 should be 1 million, and number 100 should get 50k a year. The list is based on evidence of holes etc, and no duplications.
The problem is that people with egos, find out companies dont give a toss and are willing to give away millions and deny everything.
If anyone thinks the problem is going to go away by naming them...oh wait for it...youre mad.
But the suggestion is good, means people are still thinking about it, even if companies arent doing anything about it.
By analogy they legalised prostition in Germany and it became more open, more recognised, better understood and some good came of it.
Hackers are some of the smartest people in the world, dont tell them they are, though ego stroking will help them hack more, try helping them to help the industry. Pay them and thank them.
Manufacturing in the United States is in trouble. That's bad news not just for the country's economy but for the future of innovation.
Our list of the 50 most innovative companies, including the following:
On Twitter
Become a Fan on Facebook
Subscribe to the Feed
ms
190 Comments
Deterrence
The real problem is that it is very difficult to determine the true source of a cyberattack. Without knowing the source, what kind of deterrence is really possible?
If the source could be determined, then no new international agreements would be required for a deterrence strategy: the US could merely create a new doctrine (as were created the Monroe Doctrine and Bush Doctrine), declaring how we would retaliate against the source of a cyberattack.
Reply