Schneier Recommends Nuclear-Style Cyberwar Hotlines, Treaties 123
strawberryshakes writes "Cyberwar is the new nuclear war. Bruce Schneier says governments should establish hotlines and treaties outlining the protocol surrounding cyberwar, just as they would for any other war. He wrote in the Financial Times (paywalled, but available through Google), 'A first step would be a hotline between the world’s cyber commands, modelled after similar hotlines among nuclear commands. This would at least allow governments to talk to each other, rather than guess where an attack came from. More difficult, but more important, are new cyberwar treaties. These could stipulate a no first use policy, outlaw unaimed weapons, or mandate weapons that self-destruct at the end of hostilities. The Geneva Conventions need to be updated too. Cyber weapons beg to be used, so limits on stockpiles, and restrictions on tactics, are a logical end point. International banking, for instance, could be declared off-limits. Whatever the specifics, such agreements are badly needed.'"
Cyber weapons = Nuclear weapons (Score:2, Interesting)
Look at the stuxnet attack on Iran last month. If that country had a more developed nuke program a hostile neighbor (country X) could have had the opportunity to co-opt their systems and launch against Israel. Israel would immediately engage in a retaliatory strike and country X would be the winner (assuming they are anti Iran and at least neutral in their relations with Israel).
Country X in this case just became a nuclear power without ever facing embargoes, or hostility from the US.
Re:Oh, please. (Score:3, Interesting)
Gimme a break. When I see a hacker kill off 100,000 people, then I'll take that statement seriously.
Jesus Christ, hyperbole is becoming the norm these days.
QFT! Last time I checked a DDOS isn't capable of evaporating several hundred square miles like an ICBM with 6x600kT warheads. I think our leaders and 'thinkers' need to play around with a google maps mashup here [carloslabs.com], and see some friggin' clarity!
Re:Oh boo hoo... (Score:4, Interesting)
I think the ISP's will be much more effective in fixing any problems, possibly by blocking all traffic from the offending country, if it comes down to that.
This is "cyberwar" (their word, not mine) we're talking about. General Hayden, the former Director of the NSA, spoke at Blackhat on the topic this summer. He said that the Internet today resembles a vast indefensible plain, and that an enemy attack can come from anywhere. He thought (hoped?) a kind of "geography" would eventually evolve on the internet, allowing for tactical maneuvering, permitting the kind of strategies warriors like to fight and defend from. You're alluding to a similar type of thinking, where if the attack comes from China, you pull the cable on the back of your router marked "From China".
It's that kind of thinking that's unfortunately going to fail at cyberwar.
If I'm attacking your country's systems, I'm not coming from China. I'm hopping hacked servers and networks from China to Estonia to Russia to France to London to New York. If it's a DDoS attack, I'm not commanding a million Chinese PCs to send you SYN packets, I'm sending one instruction to a command and control network to tell an army of zombies across the country and globe to send you SYN packets. Or I'm activating the hostile commands buried in my counterfeit Cisco routers spread across your country by cheapo eBay resellers.
The best defense against info-warfare is to have a good alternate strategy. Twitter may not need backups, but Wall Street does. Industrial plants and the electrical grid need air gaps (and obviously a lot more protection than they have today.) The armed services need an isolated network. So does the intelligence community. The first, second, and third jobs of cybercommand should be creation of these defense plans.