Interesting seminar today at Arcsight called “Hacking the Odds – Gaining a House Advantage over Modern Threats”. I must admit that it wasn’t at all what I was expecting. I thought it would be on modern defense techniques and tactics, but it ended up being an expo on cybercrime and defining cyberwar.
I was disappointed at first, but some interesting points did come out of the talk. First and foremost, defining Cyber War and what it is, is still a hot topic amongst policy makers. Dr. Prescott B. Winter of Arcsight (and former NSA Associate Deputy Director) had some very interesting points.
First and foremost, he compared cyberwar to physical war. In a physical war, we see troops in uniform forming up, arms preparations, ship and naval units moving into position. There are several tangible things that happen that we know lead to battle. You do not have that in Cyberwar. There are no early warning systems, no radar returns, no thermal images of the enemy advancing to attack. Also, it is hard to see which direction you are being attacked from in a cyber war. When Estonia faced cyber attacks in 2007, they had evidence pointing to over 100 nations where attacks came from, when in reality it was just the work of one nation.
Secondly, we are not the only nation having trouble defining cyberwar. With differences of opinions, policy and political stances, all the nations may never agree on set international rules and laws. Many times too, we are not facing a foreign country or rogue nation, but a lone hacker or cyber crime syndicate trying to make money.
This too brings up its own unique issues. How do you prosecute cyber crime? What may be illegal in one nation may not be in another. Also, if we have a hard time getting state, local and federal police to cooperate, how much harder is it when you get foreign police services involved? Then again what about when the case is taken to court? Cybercrime Expert Andy Crocker mentioned in the broadcast that when he was prosecuting a case in Russia that he used a Power Point presentation because the court was not up to speed on the technical issues of cyber crime. The result? The court argued for a week if Power Point presentations were legal in Russian courts.
To wrap up, I loved one of Dr. Winters analogies on policy. He said that we have strict policies on airplanes coming in and out of the US. Planes in disrepair are not allowed to fly over US cities. But, he said that we allow malicious foreign traffic on our systems every day.
Policy changes are indeed needed and quickly.