Sign in with
Sign up | Sign in

Former Head of DHS Calls for Cyber War Rules

By - Source: Tom's Guide US | B 27 comments
Tags :

Michael Chertoff spoke recently at a security conference in the United Kingdom and said that the uncertainty behind cyber war protocol is a weakness that could possibly be exploited by enemies.

"It's the least understood threat and the one where our doctrine is least developed," the BBC quotes Mr Chertoff as saying.

"The greatest stress you can have on security is when there is uncertainty," he later added. "We are now in a state of uncertainty."

Chertoff is right in saying we need to establish a set of rules for how we respond to cyber security, especially as reports of cyber attacks become more common. Chertoff believes a big issue is that people committing these kinds of crimes are unaware of the consequences they face if they are caught. In light of Stuxnet, and other more sophisticated types of cyber warfare, it might be nice to know what the government plans on doing if the U.S. comes under attack.

"It's a real problem and it's growing," Chertoff said. "If we do not address it then we are going to be confronted by an event that's so catastrophic that it cannot be shrugged off."

Read the full story on the BBC.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
Top Comments
  • 20 Hide
    Hupiscratch , October 16, 2010 3:25 AM
    It doesn´t make sense putting "cyber war" and "rules" in the same sentence.
  • 16 Hide
    Anonymous , October 16, 2010 4:12 AM
    There are no rules in war!
Other Comments
  • 7 Hide
    applegetsmelaid , October 16, 2010 2:06 AM
    Creating rules results in guerrilla warfare as a counter.
  • Display all 27 comments.
  • 20 Hide
    Hupiscratch , October 16, 2010 3:25 AM
    It doesn´t make sense putting "cyber war" and "rules" in the same sentence.
  • 9 Hide
    NuclearShadow , October 16, 2010 3:43 AM
    Give me one war where any "rules" or laws were actually followed?
    A so called "cyber war" would be no different.
  • 0 Hide
    Onus , October 16, 2010 3:48 AM
    A cyber attack should be considered an act of War. Trace the source, issue an ultimatum, and if it happens again, even once more, hurt them. Bad.
  • 16 Hide
    Anonymous , October 16, 2010 4:12 AM
    There are no rules in war!
  • 0 Hide
    alyoshka , October 16, 2010 5:59 AM
    Why does the world keep ending up in the Die Hard Part 4????
    There is a Cyber war and it's certainly got it's rules, the only difference is that these rules aren't actually written down and signed by a senate to their own whims and fancies, it's a rule of logic and maths.....
    That's the basic rule..... we ought to learn from machines we've created.....
    lol
    They don't kill each other.... they just put them off temporarily :) 
  • 0 Hide
    KingArcher , October 16, 2010 6:08 AM
    It not rules to follow. It's more like trying to define something that has not yet been defined. To bring about policies on how to handle such a situation and to prevent it.
  • 5 Hide
    LORD_ORION , October 16, 2010 11:18 AM
    The solution is obvious, we need enough computers to be able to take down the internet 100 times over.

    Worked for nukes.
  • 3 Hide
    LORD_ORION , October 16, 2010 11:19 AM
    Oh and Jack Sparrow had it right....

    There is only one rule "What a man can do and can't do"
  • 2 Hide
    Anonymous , October 16, 2010 11:55 AM
    the only rule i know of in any sort of war is dont lose
  • -1 Hide
    zmbcat , October 16, 2010 2:15 PM
    Sorry for that comment, accidently sent out some blabel:D .

    Anyway, this reminds me of old star trek episode, where they came upon 2 civilizations, that agreed on fighting "virtual war", calculating the outcome of attacks by computers and then making the people who supposedly would have died, to suicide.
  • 0 Hide
    wild9 , October 16, 2010 3:16 PM
    3 consecutive spam attacks..I dunno about you guys but I can live with text verification codes for comments. These spammer's are just taking the piss now.
  • 3 Hide
    ryan156 , October 16, 2010 5:34 PM
    Most countries follow the Geneva convention to a large extent with regards wars. (Tha Falklands war between Britain and Argentina was relatively civilised it could be said, neither side harming prisoners or civilians etc.)Would not be much for most countries to agree to guidelines such as not attacking networks that'll directly endanger civilian lives (power stations that run hospitals and so on.)

    However, this is more likely regarding protocol for response. What is a proportional response to a cyber attack? If a country like Iran took out a US military satellite by a computer virus what is the proportional response? Do you attack militarily or in a cyber manner?
    This is the sort of debate that often had to be held during the cold war, for instance:

    Fires in west Berlin, east Berlin fire brigade cross boarder to help (without being invited) Do you start a war over that?
    Police come with the Fire Brigade to help with riots and looting from this fire? Red button time?
    East German troops are mixed in with the Police? Now?
    The troops are invited to stay by the West Berlin Government to maintain law and order (they were probably blackmailed into agreeing to approve this yet there is no proof) Button?
    The troops in their usual redistributions are slowly replaced with Russian troops?

    and so on and so forth
  • 5 Hide
    nottheking , October 16, 2010 9:26 PM
    Indeed, many people don't quite understand what "rules of war" mean. They seem to think along the lines of "don't kill them TOO hard," and hence think the idea silly.

    Rather, it's all about what's justified. Yes, the countries of the world (though not the terrorist organizations) do follow the rules of warfare. Soldiers are punished for murdering or raping civilians, or otherwise attacking/stealing from them. Chemical, biological, and nuclear weapons aren't used. Certain groups, like the Red Cross, cannot be targetted.

    Why do militaries follow this? Because they fear the retaliation should they do so. They might already be at war, but they don't suddenly want all of the world's counties against them, and all given justification to use even nukes against them; it's an unwinnable situation. It's like robbing a bank to steal money, but then having the whole army come after you.

    The open question here is where cyber-warfare comes in. For those not unfamiliar with the situation, Stuxnet is a novel, unprecendented and first-of-its kind "virus" that explicitly targets and disables/destroys certain factories. It's so complex, powerful, and stealthy that it was floating around for months before it was discovered, and mutates fast to avoid detection. Chances are >99% it was developed by a military body, and it appears to specifically target Iran.

    So is this virus an act of war? Is it allowable as a form of warfare? What retaliation is justifiable in response to it: merely counter-cyber attacks, limited air strikes, invasion, or nukes? These are questions that we don't have an answer to.
  • 3 Hide
    nottheking , October 16, 2010 9:53 PM
    LORD_ORIONThe solution is obvious, we need enough computers to be able to take down the internet 100 times over.Worked for nukes.

    Actually, even at the height of the nuclear arms race, the USA and USSR combined could only nuke perhaps ~10% of the world's land area. (4% if you include water!) And note that such wouldn't be total destruction of said area, either; just as some buildings and people inside Hiroshima and Nagasaki survived the nukes, so would the same happen again.

    LORD_ORIONOh and Jack Sparrow had it right....There is only one rule "What a man can do and can't do"

    Actually, the same can't quite apply to war once you remember that the world has more than two countries. Where would Japan have been in WW2 had they not found themselves fighting the Americans, and then later the Russians, instead of just Britain and China? Or how much harder a time would Washington have had in 1780 had Britain not been also having to fight against the Spanish, French, and Dutch at the same time as well?

    The rules of war are enforced by threat of escalation. If you're invading another country, your chances of winning suddenly go to zero if everyone else declares war on you. Hence, your goal is to AVOID that happening; the rules of warfare allow for that, and thus limit what a person can do.
  • 2 Hide
    mediv42 , October 17, 2010 2:10 AM
    the article didnt say he was calling for "rules of war" in cyberwarfare, it sounded like he was calling for more rules in how we will respond to cyber attacks - how far we will go to catch perps, how they will be punished, etc. its different from rules of war
  • -4 Hide
    chickenhoagie , October 17, 2010 6:09 AM
    if cyberwars were based around rules, there would be no cyberwar to begin with.

    Hacker: well, the website uses 'https' protocol, so i guess I'm not allowed to hack it..damn.

    sounds more like an oxymoron to me.
  • 1 Hide
    randomizer , October 17, 2010 8:40 AM
    "it might be nice to know what the government plans on doing if the U.S. comes under attack."

    Wasn't that the (publicised) point of Obama's Internet kill switch?
  • 1 Hide
    mrmotion , October 17, 2010 2:11 PM
    notthekingActually, even at the height of the nuclear arms race, the USA and USSR combined could only nuke perhaps ~10% of the world's land area. (4% if you include water!)


    78% of all statics are made up on the spot. Who cares if its only 10%? That 10% will be the most populated and important spots in the world. Not only that but that same 10% will create enough fall out to take out another 50%(yeah i pulled this number out of my ass too) of land mass.

    There are rules to every war, even if you think it doesn't have any.
  • 2 Hide
    nottheking , October 17, 2010 10:52 PM
    chickenhoagiesounds more like an oxymoron to me.

    That's because you didn't bother to think on the subject. Just read my prior comments. To simplify it even more for you: rules determine just how HARD the US would come down on that hacker.

    Coincidentally, we've had no nuclear war for quite some time, and it's not for lack of nukes. Guess rules do something after all!

    mrmotion78% of all statics are made up on the spot. Who cares if its only 10%? That 10% will be the most populated and important spots in the world. Not only that but that same 10% will create enough fall out to take out another 50%(yeah i pulled this number out of my ass too) of land mass.

    Actually, if you pay attention to what I write around here, you'd know I do NOT make up any statistics; I never have the need to when I'm fully capable of acquiring real, truthful, correct, and factual ones. If I made a statement of a statistic, it's because I did the research and math beforehand, so I resent your utterly baseless acusation. Let's just take the following, real statistics:

    - The average yield of the world's nuclear bombs at any point was generally UNDER 1 megaton, since most nukes are/were "tactical" ones, as small as the 20-ton Davy Crockett Nuclear Rifle.
    - A 1 megaton bomb has a blast radius of approximately 5 miles/8 kilometers. This gives is a blast area of 201 km². (3.141592 x 8²)
    - At their peak, the USA had 31,700 warheads in 1966, the USSR 40,723 in 1986, for 72,423 total. Note that these were far different years; the highest worldwide (INCLUDING Britain, France, and China) peaked at only 65,056 in 1986.
    - Using the larger figure anyway, we get a total potential blast area of 14,557,023 km² (201 x 72,423) for all bombs combined. Earth has 148,940,000 km² of land, 510,072,000 km² of total surface. So that's 9.8% of the land area, or 2.9% of the total surface. (4% was a typo; I meant to round it to 3%)

    Note that the above figure merely totals the amount of land that'd be touched by ONE bomb, and said radius is gonna contain a lot of survivors, since the edge is where the 50/50 death rate will occur. Even at a linear slope, that'd suggest only a 75% kill rate. In reality, it'd be a steep drop-off, and would likely kill far fewer; estimates place the Little Boy's kill rate on Hiroshima at 25-50%.

    And obviously, the effects of fallout are vastly overstated; with a conventional air-burst weapon, the amount of surface destruction is maximized, but there isn't much long-lived radiation. The typical fallout will cut down by 90% after 7 hours, and then divide by 10 every 7-fold increase in time after that; a total of two weeks after the bombing the radiation levels would reach 1/1000th, a tiny fraction of the original. This lack of widespread fallout deaths is evidenced by the distinct lack of large numbers of nuclear casualties in the areas OUTSIDE of Hiroshima and Nagasaki; and the fact that both cities are well and thriving today.

    And even in the USA alone, there are some 19,429 cities, towns, and other municipalities. With very few exceptions, you're going to need at least one bomb per. And of course, larger cities will need more than one; Jacksonville, FL, for instance, will need at least 10.

    So even assuming 20,000 bombs or so wipe out all cities in the USA (or even all of the USA!) you've... Used up 27.6% of all those bombs to affect 62% of the USA's population. With the USA having 310.5/6,872.2 million of the world's people, or 4.52%, that means you've merely AFFECTED ~2.8% of the world's people. Again, working back and assuming you could always target cities like this, this means the entire stockpile would be able to affect 10.1% of the world's people. And of course, once you factor in that there will be survivors, that means only 2.5-7.5% of the world's population. So that's indeed a lot; comparable to the death rate of WW2, where ~55 million out of 2,300 million died, or 2.4% of the world's population. That's severe, but hardly a "wipe out the civilization" scenario.

    Now let it be known I certainly don't make up statistics on the spot. ;) 
Display more comments
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS