The words Hague cyber warfare Treaty appeared fleetingly in my twitter stream this morning.
This really intrigued me. It brought visions of uniformed generals sat around a table at the United Nations signing fancy bits of paper. Over their shoulders were clouds filled with botnet armies – millions of compromised computers waiting for the command to strike, glaring ferociously at their opposite numbers.
There is a wonderful wealth of information out there on cyber warfare and security. For example according to Lt. Gen. William T. Lord, the US Air Force chief information officer, cyberattackers have shifted their tactics from trying to breach firewalls to penetrating applications and said the service has serious application vulnerabilities. “We have over 19,000 (information technology) applications in the Air Force,” he said, noting that Electronic Systems Center’s IT Center of Excellence at Maxwell Air Force Base-Gunter Annex, Ala., examined about 200 of them. “All of them had over 50 vulnerabilities.”
The incredible pace of introduction of new technologies is a serious problem to the military which likes to take years to develop and test anything it buys. It used to be that the army would be first to get advanced technologies that would one day filter down to peaceful applications. These days it is the other way round. The army must presumably end up using applications that have had little or no security testing but are considered worth the risk (I’m not speaking from personal knowledge or experience here).
The United Nations has in fact been giving this some due consideration – it would be negligent of them not to, fair play. Last week the UN published a document updating its position re disarmament and cyber warfare was covered in pages 12 – 20 (out of 42).
In the document the UN discusses possible solutions:
- The security of confidential as well as less significant information and networks
A. Security updates should be applied to all systems
B. A comprehensive disaster recovery planning should take place, which includes provisions
for extended outages. - The creation of an international treaty which includes:
A. A concrete definition of cyber warfare which is ratified by all signatories
B. A limitation on the usage of cyber weapons - The establishment of an annual international platform, in which experts in the computer and
cyber field from different countries may foster dialog with one another regarding the issue of
providing measures to regulate cyber warfare - Increased effort in raising awareness about the cyber warfare and the threats it poses for the
world in its entirety
Most of this, treaty apart, is obvious stuff and to be honest suggests that the UN doesn’t really know what to do about it. Does anyone? I would be hugely surprised if many government really signed up to it. After all why would a government (naming no names) want to deny itself the ability to attack Iran’s nuclear programme using bloodless electronic means?
In any case nobody would trust anyone else not to develop cyber warfare tools – it would be nigh on impossible to police. This is unfortunately in my view a battle war that is being fought but that nobody can win. I bet the proposed annual international conference would be a very interesting one to attend though maybe not as interesting as the meetings that they don’t tell us about.
We’re all doooomed!