We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Intelligent Machines

Exposing Hackers as a Deterrent

Two researchers propose a novel form of “arms control” at a conference in Germany.

Cyber attacks can come from governments, terrorists, thieves, or bored high school students. This makes the cyber security equivalent of “arms control” difficult to achieve. But a pair of researchers yesterday proposed methods of deterrence that they believe could work in cyberspace.

Cyber warrior: Vladislav Sherstuyuk, a retired four-star Russian general who leads the Institute of Information Security Issues at Moscow State University, announced a new cyber security research collaboration on Monday.

“There has been a lot of discussion lately about the analogy of cyber warfare to nuclear warfare. But it is not a good analogy in some ways–the technology should drive us in different directions,” said Tom Wingfield, a law professor at the George C. Marshall European Center for Security Studies in Garmisch-Partenkirchen, Germany, at a cyber security conference organized by Russian researchers.

Wingfield and James Bret Michael, a computer scientist at the Naval Postgraduate School in Monterey, CA, argue that surveillance on computer networks and other forms of intelligence can often provide the clues needed to expose a potential hacker, and this exposure may often serve as enough of a deterrent.

“With public deterrence, you shine a light on a malefactor before he attacks or soon after–so it’s visible to the press and the public and his own people. In some cases that’s the right answer,” Michael said. “In others, you can use a nonpublic approach.”

“Sometimes just being identified is enough to prevent an attack from taking place, because hackers depend on anonymity and surprise to succeed,” Michael says. And such methods can work no matter how the underlying attack technologies advance.

The conference was sponsored by the Institute of Information Security Issues at Russia’s leading university, Moscow State University. At the event, Vladislav Sherstuyuk, a retired four-star Russian general who heads the Institute, also announced a new research collaboration that includes government officials from Russia and China and academic institutions including the Indian Institute of Information Technology, Allahabad, and the State University of New York at Albany.

The agreement will “undertake common research on international information security,” he said. While the collaboration was partly symbolic, it reflects increased concern worldwide over the potential for computer attacks to wreak havoc. “It’s clear that cyber security has risen to the top tier of security issues around the world,” said Greg Rattray, chief internet security advisor to ICANN, the U.S. based organization that assigns Internet names.

In another sign that multinational talks are expanding on cyber security, the attendees at the conference included a delegation from the Chinese government as well as the White House senior director for cyber security, Chris Painter. Painter declined to be interviewed.

Russia, along with China and India, is a major source of cyber crime, and the U.S. has been trying to get Russia to allow law enforcement access to Russian networks to investigate crimes like bank fraud. Russia wants to forge an agreement akin to a nuclear arms treaty, but favors stopping short of law enforcement access.

While the stalemate was not broken yesterday, the gathering was a step forward in terms of forging ties. “The U.S. needs to work with Russia because it is one of the hotbeds of crime and hacker activity,” said Sanjay Goel, a computer scientist at the SUNY Albany, who runs a computer forensics lab and who signed on with the Russian research collaboration. “You need to engage with the people who are in a position to be able to fight cyber crime.”

Wingfield noted that countries who want to defend themselves face high hurdles. The threat of a cyber attack can be enormous, but might not be defined under international law as an “armed attack,” which would allow for an armed response. Clearing up the law in this area will provide a further means of deterrence, he said. But forging international agreements will take years and will require a progressive set of technical and diplomatic discussions, said John Mallery, a research scientist at MIT’s computer science and artificial intelligence laboratory.

“There is no international code of conduct for cyberspace,” said Charles Barry, a senior research fellow at the Center for Technology and National Security Policy at National Defense University, in Washington, DC. “Coalescing common rules will be long and arduous, requiring continuous dialogue among nations, the private sector, and international stakeholders.”

Keep up with the latest in cyber security at EmTech Digital.
Don't be left behind.

March 25-26, 2019
San Francisco, CA

Register now
More from Intelligent Machines

Artificial intelligence and robots are transforming how we work and live.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.