SINGAPORE--Society, organizations and governments must gather to define what are the new norms of behavior in the Internet era, as the lack of such definition has been the main cause of prevalent security issues today.
This was the view raised by delegates at the Cyber Security Asia conference held here Wednesday, who also noted the ambiguity of defining cyberattacks as acts of war.
Michael Wilks, Microsoft's Asia-Pacific regional director of public safety and national security, offered the perspective that other than employing technologies to protect against cybercrime, society has yet to define a "normal mode of behavior" on the Internet.
Society cannot exist without rules but most rules today were established before the age of digitization, explained Wilks, who was speaking in a panel discussion at the conference. Hence, there is a need for civil societies to kickstart debates on how to achieve "normality" on the Internet, he said.
The world has come to the age of the Internet and debates of online behavioral norms is necessary, he noted, citing a Boston Consulting Group study which said 2 billion people were now connected to the Internet and another 1 billion expected to come on board next year. This would mean that half the world's population would access the Internet.
People and companies must continue to have discussions until these norms have been established as most security issues today stem from society's inability to define Internet-driven norms, Wilks urged. He added that organizations such as United Nations should step up as a "debating forum" and start this discussion.
"The world is waiting for leadership and civil response to define Internet norms," he said. "It is necessary and I don't see an alternative solution."
Michael Rothery, first assistant secretary of the national resilience policy division at the Australian government's Attorney-General department, added that nation states have "limits" when passing laws concerning the Internet in the interest of civil society.
He also called for "stronger representatives" from society to step up and join the debate because defining Internet behavioral norms is no longer just "a state-based solution".
However, e-Cop CEO Walter Lee disagreed that behavior norms needed to be redefined, noting that in reality, the "rules of cyberspace" had already changed and were no longer the same as they were previously.
Lee noted that just as democratization empowers individuals, the cyberworld empowers Internet users.
The new generation of Internet users are the ones establishing and redefining rules of the Internet, he added.
"We should not over-politicize this issue," he said. "The debate should instead move to how we can evolve systems and society to cater to governments."
Cyberwarfare difficult to define
During the panel discussion, Tom Parkhouse, cyber security staff officer of U.K.'s Ministry of Defence, also highlighted that describing cyberattacks as an act of war was "the easy answer". He remarked that access to cyberspace has been made more precise, cheaper and more anonymous, and nations and societies are now facing an adversary that is "technologically advanced".
"The concept of warfare is meaningless," Parkhouse said. "War is all about exerting power on another to achieve your end-result, but we have digitized and have insecure systems that can be exploited at risk."
e-Cop's Lee noted that while the threat of cyberwafare is "very real", and already happening for consumers through cloud computing and social networks, it is still difficult to define because its presence lies in the virtual world and is still at different stages of development.
Manik Jolly, commander of the Indian army's cyber security cell, added that in the cyberworld, users do not know who cyberattackers are. Yet, in the nature of warfare, every country has equal status, hence, making the cause of cyberattacks complicated to identify.
Wilks noted that the definition of war differs at any point of time, and there are now issues which separate advanced nations from emerging markets.
Reiterating his point on how there are no established rules in cyberspace, the Microsoft executive noted that it is precisely this reason that cyber warfare is difficult to define.
He also warned about the danger of militarizing cyberattacks in order to defend a nation, as the society has yet to see what is the most effective way of defending against cybercriminals.