The security mindset of governments is changing. Debate over the efficacy of current cyberwar policy and the merits of an offensive approach continues to dominate headlines. NATO
recently issued a
manual outlining the rules of
cyber warfare and how international law applies to online attacks by the state.
Prior to this, President Obama’s Presidential Policy Directive also endeavored to lay out the rules for cyber engagement to carry out offensive and defensive cyber-operations to protect US state and civilian network.
Do these moves signal a change in approach from a primarily defensive strategy in securing systems to an ‘offense’ mentality? If so, will all 28 NATO members be able to abide by these rules? What mechanisms are there for cyber-warfare monitoring, handling complaints between states, or ensuring that heightened sentiments don’t end with a military situation?
We may well be at the precipice of war. Recently, the networks of banks and some broadcasters in South Korea were hit in what is suspected to be a cyberattack by North Korea. The attribution remains unclear and but the incident remains a major cause for global concern.
On the ground level, too, our global research of the information security profession found that cyber-terrorism, hacktivism, organised crime and state sponsored acts featured among the top security concerns of infosecurity professionals.
Attackers are using more sophisticated malware and advanced persistent threats (APTs), which are becoming increasingly difficult to detect with current security technologies. The most common attack methods include stuxnet-like malware, zero day vulnerabilities, stolen digital certificates.
All this begs the question; are we managing our critical infrastructure adequately, and should our focus remain on this aspect in order to contain cybercrime? Few easy answers are emerging as our use of the Internet continues to develop faster than our ability to secure it.
While we commend NATO’s efforts in bringing out the rule book (a collaboration of 20 international legal experts), in reality, a greater international collaboration is needed. There needs to be more co-operation and participation from governments (preferably without political agendas), corporations and information and software security professionals to develop a comprehensive strategic response if we are to withstand the incessant onslaught of cyber-attacks.
We must focus on developing new capacities at the country and global level in areas that range from workforce and skills development, legal frameworks, law enforcement, formal education and societal instincts. In doing so, we will create a strong foundation upon which security can evolve and keep pace with technological developments.
As for the professionals in the trenches, the global infosecurity community already plays a major role in establishing a common understanding of the issues involved and facilitating a collective approach to overcoming the cyber security challenges. But we can be much more active in this effort.
We are interested in your views on what you see as the challenges in developing a global collaboration for security. Feel free to get in touch: [email protected] ; or discuss the issues with us on LinkedIn.
Guest author, W. Hord Tipton, CISSP-ISSEP, CAP, CISA, CNSS, Executive Director of (ISC)2