Governments and the security industry need to develop rules of engagement to boost international cyber security, according to Jim Stikeleather, chief innovation officer at Dell Services.
Stikeleather was speaking to CBR after talking at the EastWest Institute Worldwide Cybersecurity Summit, held in Dallas, Texas. The conference brought together 400 representatives from 30 countries to discuss the best ways of dealing with global cyber security threats. The aim was to establish how the public and private sector can jointly combat web-based threats.
Cyber safety has been high on the agenda of businesses as well as government bodies recently. In March this year Google announced it was going to stop censoring search results in China after an attack believed to have originated there targeted its services.
The US government has also come under attack on a number of occasions. In 2008 several thousand military computers were infected by malware, although no sensitive information was compromised and Barack Obama also admitted that during his successful presidential campaign his computer systems were hacked, with the attackers gaining access to travel plans and policy papers.
“The conference shows that there is a will to change on cyber security,” Stikeleather told CBR. “What’s needed is a universal agreement, like rules of engagement for cyber war or rules for cyber espionage. People are now realising the potential damage that can be done. Hacking used to be for inconvenience but it’s now a whole industry.”
While rules of engagement have been drawn up around air, land and the oceans, Stikeleather admits that a borderless space such as the Internet would be much harder to control. “The challenge is how to establish jurisdiction in a jurisdiction-less place,” he said, adding that cyber crime is generally dealt with on a national basis, despite being an international issue.
Stikeleather was reluctant to spell out a worst case scenario in terms of the potential damage a cyber attack could cause, but he said that various parts of a national infrastructure could be targeted, including power grids, water suppliers or even nuclear bases.
He said that the security industry can do its bit by ensuring that next generation security technologies are built into infrastructures. “What we have today is not going to work long-term. Operating systems, computers, networks and so on were not designed to be secure and can only secure up to a point. The limitations are not necessarily bad but they are there. Next generation technologies need to be built into hardware, software and networks,” he said.
Before that, however, it’s up to governments and the private sector to draw up a set of standards – what Stikeleather calls “rules of the game” – to form a universal agreement on the future of cyber security.
Jim Stikeleather was CTO at services provider Perot Systems prior to its acquisition by Dell. Perot had strong links with the EastWest Institute which have continued now that it is part of the Dell organisation.