U.S. should seek world cooperation on cyber security, says ex-CIA director
Friday, July 30, 2010 11:16LAS VEGAS — The U.S. needs to consider working with other leading nations to develop rules of engagement in cyberspace, retired general and former director of the CIA Michael Hayden said during a keynote address at the Black Hat conference here on Thursday.
As the country with the largest stakes on the Internet, the U.S. has been somewhat reluctant to engage in such discourse because of concerns that any international negotiations will force it to reveal or limit its cyber capabilities, Hayden said.
[ It's estimated cyber crime costs U.S. businesses each $3.8 million per year. | Keep up on the day's tech news headlines with InfoWorld's Today's Headlines: First Look newsletter. ]
However, the complexities involved in defining cyber conflict, and in developing an effective deterrence and response strategy, are driving the need for at least some high-level engagement with other nations, he said.
“We have been really late to any international debate on arms limitation in cyberspace,” Hayden said. “Our voice in this is going to get weaker as days go by.”
The goal with any international negotiations should be to establish broad international norms for the Internet, rather than focus on any arms control, Hayden said. One example would be to have a norm that prohibits the launching of denial of service attacks against assets in another country, except during an armed conflict, he said.
DoS attacks, for example, are “such an easily available weapon that we really ought to stigmatize [its use]” and provide for sanctions against countries that allow it from within their borders, he said.
Similarly, attacks against power networks and those in the financial services sectors would be ruled as off-limits because of the devastating consequences the cyber crime could have, he said.
“We would all agree that [such attacks] are like chemical weapons,” which should never be used, he said.
Sanctions could then be developed for violations of established rules, said Hayden, who also acknowledged that enforcement and attributions issues could pose a big challenge to the effective implementation of such agreements.
Discussions about the need for the U.S. to consider international engagement in cyber security issues come even as policy makers are struggling to come up with a comprehensive strategy for dealing with cyberwar.
