Foreign Secretary William Hague has suggested nations should adopt rules of engagement for cyber war. He also offered to host a conference later this year here in the UK to examine theses issues and detailed some of the cyber attacks that had targeted the government.
Speaking at the Munich Security Conference today, Hague said the growing threat of Internet-based attacks means it is now time to discuss how nations should behave in cyberspace.
"In Britain, we believe that the time has come to seek international agreement about norms in cyberspace," he told the conference. "We believe there is a need for a more comprehensive, structured dialogue to begin to build consensus among like-minded countries and to lay the basis for agreement on a set of standards on how countries should act in cyberspace."
The reliance these days on computer networks to control so many aspects of day-to-day life has created new vulnerabilities that criminals – state sponsored or not – may look to exploit.
"It has opened up new channels for hostile governments to probe our defences and attempt to steal our confidential information or intellectual property. It has promoted fears of future ‘cyber war’,” he said.
Hague went on to detail how the UK government has been the target of cyber attacks recently. In December faked emails claiming to be from the White House bypassed a number of the government’s filters. Recipients were directed to a link which downloaded a variant of Zeus, Hague said.
"The UK Government was targeted in this attack and a large number of emails bypassed some of our filters. Our experts were able to clear up the infection, but more sophisticated attacks such as these are becoming more common," he added.
Just last month staff at the Foreign Office received an email related to a visit they were organising. "In fact, it was from a hostile state intelligence agency and contained computer code embedded in the attached document that would have attacked their machine. Luckily, our various automated systems identified it and stopped it from ever reaching my staff,” Hague explained.
Frank Coggrave, general manager, EMEA, Guidance Software, told CBR that while it’s good governments are taking cyber threats more seriously, a ‘rules of engagement’ approach would be difficult to implement.
"The very fact that the issue of cyber warfare has moved up the security agenda highlights the seriousness with which governments are treating the threat of cyber attacks," he said.
"We have to remember that it’s a complex challenge; these attackers have more resources, and only have to get it right once to cause significant damage," Coggrave added. "As a case in point, Stuxnet heralded a new kind of attack which was targeted at national infrastructure. There are many theories around its origins but the reality is that these cyber attacks have been designed to be unattributable. So can we establish global policies or ‘rules of engagement’ against an unknown enemy?"
Mark Darvill of AEP Networks added that, "Rules of engagement for cyber war could not have come soon enough," but "across the world, it is private companies and not the public sector that run the majority of the critical infrastructure, such as energy and telecoms grids. They must deploy the highest grade security measures possible to protect themselves against the new evolving threats. They need to think like the military and strengthen their security measures to ensure security in cyberspace and ultimately our national security."