Cyber attacks on government and industry computer networks are a threat to individual nations and global stability. The Munich Conference on Security Policy has addressed those issues and it calls for a kind of Geneva and Hague cyberspace convention.
The last ten years have seen a surge in cyber attacks against strategic national interests in many countries. These attacks have different objectives according to who is carrying them out. The most dangerous of all these threats arguably comes from organized cybercriminality, industrial espionage, political, diplomatic and military intelligence gathering, critical national infrastructure system analysis and, albeit to a much lesser degree, malicious hacking by cyberpolitical pressure groups - 'hacktivists' of various persuasions.
That is why this year's Munich Conference on Security Policy, held last week in Germany, as it has been every year since its inception in 1962, addressed the issue. Those present at the conference included UK Prime Minister David Cameron, German Chancellor Angela Merkel, US Secretary of State Hillary Clinton and Russian Foreign Minister Sergei Lavrov.
There have been several high-profile examples of serious cyber attacks this last few years, and they include;
Stuxnet. This highly sophisticated malware is suspected to have been the reason why critically-important centrifuges in Iranian nuclear plants sped up their rate of operation until they damaged themselves and allegedly retarded Iran's nuclear plans by anything up to 4 years. It is not known who introduced it into the Programmable Logic Controllers used to run the centrifuges although the finger is being pointed at both Israel and the United States.
Stuxnet did not only infect Iranian computers. It also infected thousands of other computers all over the world. Whether this was by accident or design is not known either, although the evidence available points to the former. This event has serious military, political and geopolitical implications and, seeing as Stuxnet could also be used to attack a variety of industrial interests, it concerns business too.
Economic and industrial interests. It is being reported that hackers have gained widespread access to the computer networks of at least five major oil and gas companies over the last two years and that they have stolen information on industrial secrets, details of oil exploration plans and bidding contracts. This operation, dubbed 'Night Dragon' by computer security firm McAfee, who uncovered it, is suspected to have originated in China and that it could be state-run, as there is evidence of infiltrations being piloted from computers in several Chinese towns during Chinese office hours. This does not constitute proof however, as attacks may appear to come from one computer, whereas the computer had been hijacked from elsewhere.
Critical national infrastructure. The US government acknowledged in 2009 that its national power grid computer network had been hacked into, apparently by both Russian and Chinese agents. This operation seems to have been designed to find potential weaknesses in the system. Although no damage was done, the visitors left behind hidden software capable of bringing the system down in the event of serious international tensions or war and it has geopolitical ramifications.
Us Cyber Command
Cybercriminality. Britain has listed cybercriminality as a major threat in its National Security Strategy and is working with the European Union to increase cooperation on investigations involving national crime rings, which are responsible for the laundering of billions of dollars' worth of criminal profit to the extent where it is becoming a non-negligeable financial burden on economies. The United States and other countries are also seriously concerned by this problem.
Pressure groups - 'hacktivists'. Although they are not a major threat at this time, they are potentially capable of wreaking havoc. Probably the only reason why they haven't done so as of today is that the penalties that the hackers would face in case of serious damage or potentially dangerous actions are extremely heavy. An example of this is the well-known group, Anonymous. This loosely-knit organization was behind the attacks on companies such as PayPal and other companies which had stopped providing payment services to WikiLeaks during the Diplomatic Cables incident. They have now widened their activities and have recently attacked government sites in countries facing sensitive issues such as Yemen, Tunisia and Egypt. This represents a dangerous shift in this organisation's operational objectives.
These and other cybersecurity concerns are why the conference decided that it was time to address them.
The conference website contains a fascinating overview of the issues which suggests that as the threats are of a planetary nature it may be time to develop more closely-coordinated international institutions to address them in a consensual manner, implying that the present situation, which sees each country legislating and fighting against the various threats on an individual basis, should be reviewed. This detailed overview calls for the involvement of Interpol on an international scale, more interactivity between the public and private sectors and the harmonization of legislation.
Another contribution came from the influential EastWest Institute, which is based in New York. Their message is unambiguous, and they say that "ensuring security in cyberspace is vital to our national security, our well being and our prosperity." The Institute - composed of experts from Russia and the United States - recommends cyber war "Rules of Engagement" to codify and deal with cyber threats, adding that the world needs to extend "the Geneva and Hague conventions in cyberspace."
These initiatives are long overdue and are thus to be welcomed, despite the probability that efforts to implement any international systems designed to coordinate efforts to fight back more efficiently against cyber attacks may find themselves accused of infringing on Internet neutrality and privacy rights.
Those are totally legitimate concerns. Which means that although it is time to fight cyber attacks, the battle must be waged with the support of the Internet community and world citizens at large.
This entails openly discussing and explaining the issues and the risks with the world public in order that fighting what are obvious threats be acknowledged by all as being a common endeavor with common goals to protect the national security of countries, the rights of individuals, and world peace.
This opinion article was written by an independent writer. The opinions and views expressed herein are those of the author and are not necessarily intended to reflect those of DigitalJournal.com