International Telecommunication Union   ITU
 
 
Site Map Contact us Print Version
 Monday, May 10, 2010
Should there be a Geneva Convention for fighting cyberwar?

The term "cyberwar" has been bandied about in recent years as a catchall term for the hackers stealing credit card numbers or spreading spam, but also much more nefarious schemes such as breaking into a electricity grid. At a recent cybersecurity conference, one Microsoft security executive said we might need global rules on how to fight such threats.

Scott Charney, vice president of Microsoft's Trustworthy Computing Group, spoke at the Worldwide Cybersecurity Summit in Dallas last week and said there needs to be a distinction between cybercriminals merely stealing money and cyberwar, possibly conducted by nation-states, that is aimed at crippling a target in another country, such as a power grid or an oil pipeline. An Associated Press report on the conference, which was picked up by the Seattle Post-Intelligencer newspaper, quotes Charney as saying that international treaties designed to fight cyberwar are difficult to establish because of the murky nature of what "cyberwar" is.

The United Nations last month rejected a Russian proposal for a new cybercrime treaty, leaving in place a 2001 treaty that Russia opposes because it gives foreign governments too much leeway to pursue cybercriminals across borders.

"Lots of times, there's confusion in these treaty negotiations because of lack of clarity about which problems they're trying to solve," Charney said.

In a paper that accompanied his talk, Charney also wrote that if the concern is that countries need to brace for a cybersecurity "Pearl Harbor," that it needs to be made clear on what type of attacks governments can respond. "If the concern is an electronic Pearl Harbor, perhaps part of the response is an electronic `Geneva Convention' that protects the rights of noncombatants."

The notion of an electronic Pearl Harbor has come up before on this blog. I wrote about it after attending the RSA Conference 2010 in San Francisco in March. There a panel of cybersecurity experts warned that a cyberattack could occur that could cripple U.S. infrastructure if we're not prepared for it. Richard Clarke, a national security advisor to the previous three U.S. presidents, also proposed a cyber security treaty, but lumped together criminal cyber attacks and state-sponsored attacks.

 

Full Story