Global cyber arms race engulfing Web – Defence official

Reuters: A global cyber arms race is engulfing the Internet and the best way to counter the rapidly escalating threat is combining the efforts of US agencies, private firms and international allies, cyber security officials said.

Cyber experts from across the US government, speaking at a conference at Georgetown University, said organised crime, espionage and security activity on the Internet pose a rising threat to US intellectual property, military superiority and critical infrastructure.

“What we’re looking at is a global cyber arms race,” said Rear Admiral Samuel Cox, director of intelligence at US Cyber Command, which was set up 18 months ago to protect Pentagon computer networks and conduct offensive cyber operations if the president orders them.

“It’s not proceeding at a leisurely or even a linear fashion but in fact is accelerating. I wouldn’t claim that it’s following Moore’s law, but the curve looks kind of similar,” he said, referring to a computer industry rule of thumb that computer processing power doubles every couple of years.

Howard Schmidt, cyber security coordinator at the White House, said more than $8 trillion worth of transactions were carried over wired and wireless networks each year.

“This is not just a national security issue,” he told the conference. “It’s a national security, public safety as well as economic.”

Officials said the most effective way to counter the threat is to adopt an approach that promotes collaboration among government agencies and reaches out to private industry as well as international partners.

“To really operate effectively in cyberspace ... it’s really a team sport,” said Steven Schleien, the principal director for cyber policy at the Pentagon.

That’s why the Defence Department has been working with private companies and allies like NATO, Japan and South Korea to discuss information sharing and coordinated responses to incidents on the Internet, he said.

NATO wants to bring all of the civilian and military networks in the organisation under the wing of the NATO Computer Incident Response Capability by the end of 2012, which would allow a coordinated response to cyber attacks.

The US has begun discussions on cyber security with Japan, South Korea and New Zealand, and is working closely with the Britain and Australia on a “full spectrum” of cooperation in cyberspace, Schleien said.

The United States does not view arms control treaties as a means of dealing with the problem but would like to see the international community agree on norms of behaviour for cyberspace, he said.

“This is not an area where arms control works. I don’t know what we would monitor. I don’t know how we would verify anything in terms of cyber weapons or cyber tools,” Schleien said.

Discussions on norms of behaviour would begin to address the issue of how to fight proxies who carry out Internet attacks on behalf of governments, and “hactivists,” who attack computer networks for their own political ends.

“How do you deal with hactivists from your soil?” Schleien asked. “Are you responsible as a sovereign nation for what comes out of your country?” The issues are sensitive and complex. A US non profit group, for example, concluded Russian civilians acting with advance notice of Russian military intentions carried out cyber attacks in the 2008 Russia-Georgia conflict. Some websites used to organise those attacks were hosted in the US.