RSA: Defining cyberwar is just as hard as fighting it

RSA: Defining cyberwar is just as hard as fighting it

Summary: Are we in the midst of a cyberwar? And if we are, how do we go about "winning" it?


Are we in the midst of a cyberwar? And if we are, how do we go about "winning" it? Better yet, is a cyber war more like the "War on Drugs" or the "War on Terror" - wars that have no winner or loser and no end?

Cyberwar was the center-stage topic of the afternoon keynote at the RSA Conference in San Francisco today. And experts who know a thing or two about security - including Michael Chertoff, the Secretary of the U.S. Department of Homeland Security from 2005 to 2009 - were on stage to debate the significance of cyberwar and cybersecurity.

There was a general agreement that the word "cyberwar" is a scary word, largely because it's too encompassing. Consider the Google hacking attack out of China that made headlines in early 2010 as an example. Was that attack the result of a cyberwar? Or was it an act of espionage? Maybe it was just a bunch of students in China trying to make some sort of political statement.

The distinctions are important because they address the first obstacle in knowing whether or not a cyber attack should even be considered an act of war. Chertoff says we're not in a cyberwar now but that "we'd be foolish not to recognize that we could find ourselves in one." Certainly, a physical war in the 21st Century is sure to have a cyber element - but how major does that have to be? Chertoff said something that destroys a major system - such as taking down the electrical grid - would be an act of cyberwar. But can the act of spreading a virus through email spam really be in the same category?

And therein lies one of the biggest problems in the U.S. as a it relates to being prepared for the cyberwar. We're not prepared. Networks aren't secure. Companies and individuals treat network security - even something like putting a password on their WiFi networks - with a cavalier attitude.

So what's the answer? Legislation or policy out of Washington that regulates network security. Can you imagine a TSA for the Internet? Such a suggestion generated a lot of laughs from the keynote audience. But think about it.

If the U.S. faced a major cyberattack - one that took down the electrical grid and resulted in loss of life or one that attacked the banking system and led to an economic emergency, wouldn't there be an expectation for the government to step in. At that point, the question becomes: what is the government authorized to do and, more importantly, what is it capable of doing?

So where does that leave us? Panelist Mike McConnell, Executive Vice President at Booz Allen Hamilton, suggested that, unfortunately, we're just waiting for something bad to happen so we can react. We might get the legislation right, McConnell said, but "odds are we'll wait for a catastrophic event to occur and then we'll overreact."

But before we start getting into a panic about our cyber-readiness for a cyberattack in a cyber war, panelist Bruce Schneier, Chief Technology Security Officer for BT, warned that we are not just sitting back, waiting for something bad to happen. He said:

There are an enormous amount of things being done securely on the Internet. I don't think we're stuck. I think we're getting better every year.

And for those that don't believe it, consider that there are thousands of people in San Francisco this week having these discussions, showcasing their solutions and partnering to make the Internet safer.

Related coverage:

Topics: Browser, Networking, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "Weâ??re not prepared. Networks arenâ??t secure. "

    Cue the Microsoft trollers and the Linux fanboies.
  • RE: RSA: Defining cyberwar is just as hard as fighting it

    War is poor people dying so the rich can get richer. Maybe we could dispense with the whole thing.
  • RE: RSA: Defining cyberwar is just as hard as fighting it

    An obvious oversight in the article and possibly the conference is STUXNET. Refer to
  • RE: RSA: Defining cyberwar is just as hard as fighting it

    Is it too much to ask that tokens such as RSA and TED be spelled out once at the beginning of the article? What they stand for may not be common knowledge in a significant part of those reading the articles. In the end I just accept them as arbitrary symbols and get on with life.
  • RE: RSA: Defining cyberwar is just as hard as fighting it

    Rather easy if you know what you are doing.
  • RE: RSA: Defining cyberwar is just as hard as fighting it

    FIGHTING for Peace is like FORKING for virginity.

    That was a protest slogan from the 1970s. But it is as true today as it was then. The act of declaring a war on something or someone causes the "ENEMY" to fight for that thing just as hard as the Government fights to suppress it. Here is a prime example.
    Dubious Deal, Cloaked by National Security Claim -- FEB. 20 2011. This is a headline in the Post-Gazette. It seems that Dennis Montgomery sold the Government guys a bogus software package that was supposed to predict terrorist threats to the US. It didn't work and cost at a minimum $20 million. You can read about this on the net at "". When the Government hands out money to help fight a
    war on anything" The BAD GUYS" are gonna line up for a piece of the action and the Feds have a poor history of choosing who to be friends with. Lets put it this way. 'In any conflict the opposition is going to push back as hard as you push forward. Try this, walk up to a wall and push on it as hard as you can, OK. Did the wall move? No, did you move back? Yes. It's a physical and natural phenomenon that 'the harder you push on someone or something, the harder it or they will push back'. The smart bad guy will win because he can fight dirty and the Feds have to play by the rules. Examples of the fights that the Feds are loosing, War on; DRUGS, CRIME, Terrorism, Poverty, Hunger, Pollution, and many more. No we should not declare Cyberwar and pump millions into this "fight". The solution is 'catch someone committing a CyberCrime, Hang Em by the Balls'