Cyber attacks can come from governments, terrorists, thieves, or bored high school students. This makes the cyber security equivalent of “arms control” difficult to achieve. But a pair of researchers yesterday proposed methods of deterrence that they believe could work in cyberspace.
“There has been a lot of discussion lately about the analogy of cyber warfare to nuclear warfare. But it is not a good analogy in some ways–the technology should drive us in different directions,” said Tom Wingfield, a law professor at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany, at a cyber security conference organized by Russian researchers.
Wingfield and James Bret Michael, a computer scientist at the Naval Postgraduate School in Monterey, CA, argue that surveillance on computer networks and other forms of intelligence can often provide the clues needed to expose a potential hacker, and this exposure may often serve as enough of a deterrent.
“With public deterrence, you shine a light on a malefactor before he attacks or soon after–so it’s visible to the press and the public and his own people. In some cases that’s the right answer,” Michael said. “In others, you can use a nonpublic approach.”
“Sometimes just being identified is enough to prevent an attack from taking place, because hackers depend on anonymity and surprise to succeed,” Michael says. And such methods can work no matter how the underlying attack technologies advance.
The conference was sponsored by the Institute of Information Security Issues at Russia’s leading university, Moscow State University. At the event, Vladislav Sherstuyuk, a retired four-star Russian general who heads the Institute, also announced a new research collaboration that includes government officials from Russia and China and academic institutions including the Indian Institute of Information Technology, Allahabad, and the State University of New York at Albany.
The agreement will “undertake common research on international information security,” he said. While the collaboration was partly symbolic, it reflects increased concern worldwide over the potential for computer attacks to wreak havoc. “It’s clear that cyber security has risen to the top tier of security issues around the world,” said Greg Rattray, chief internet security advisor to ICANN, the U.S. based organization that assigns Internet names.