ByPOSTED: 17 Oct 2014 20:48 UPDATED: 17 Oct 2014
Professor Isaac Ben-Israel, Chairman of the Israel Space Agency and Israel National Council for Research and Development, says it may be years yet before rules governing cyber warfare to make it more “human” can be thrashed out on an international level.
SINGAPORE: While there are the Geneva Conventions to turn to when there are wars between states or armed conflict, there are no such rules governing the online space, said Professor Isaac Ben-Israel, Chairman of Israel Space Agency and Israel National Council for Research and Development.
He noted that there are currently no rules or international norms that dictate how state actors or private organisations should react when a cyber attack takes place, and this encourages more attacks as the perpetrators are not identified and punished. He was speaking at the Vertex Innovation Forum on Cyber Security and Financial Technology held in Singapore on Friday (Oct 17).
The Geneva Conventions and their additional protocols form the core of international humanitarian law, which regulates the conduct of armed conflict and seeks to limit its effects. They protect people not taking part in hostilities and those who are no longer doing so.
Asked what needs to be done to create such rules, Prof Ben-Israel said: “There needs to cooperation and dialogue on the international level. Cyber warfare, by its nature, is international.
“There are talks underway in this aspect, but everything is political. Even the Geneva Conventions took dozens of years of negotiations to happen, so it’s probably going to take some time” for rules regarding cyber warfare to be instituted, he added.
He was also keen to stress that having such rules will not eliminate virtual attacks or warfare, but it would help moderate and make these attacks “more human”.
The Stuxnet attack originated from a computer worm designed to attack industrial programmable logic controllers. It was reportedly used to target the Natanz nuclear facility in Iran to cripple its uranium enrichment capabilities.
The professor said that in this attack, compromising the target’s information was not the end goal. Rather, it was about damaging physical infrastructure – which in this case were the centrifuges in the facility.
He said this also shows cyber warfare is not always conducted via the Internet or any network in particular. The Natanz facility was not linked up to any Internet or private military networks, so the malware could not have been sent via a computer network. It was more likely delivered via humans, or even pre-programmed in the hardware used by the facility such as a computer chip, he suggested.
Lastly, he disputed that cyber warfare only targets computers, noting that the Stuxnet attack targeted controllers of the centrifuges and not client devices such as PCs or laptops.
TIGHT SECURITY-PRIVACY BALANCING ACT
As such, for governments to protect themselves and the state from online attacks, the only secure defence is to have sensors all over the network – meaning monitoring citizens and organisations in the physical geography of the country.
This, in turn, creates a “huge tension” between securing the country’s virtual space and protecting people’s privacy. Such extensive monitoring can only be conducted by the state, but distrust over their motivations mean that such deployments are usually publicly criticised and rejected, Prof Ben-Israel said.
Private organisations like banks would also resist, given that it would impede on business operations. As such, any oversight and national security strategy on a country’s critical infrastructure would require the buy-in and trust of the private sector, he said.
Prof Ben-Israel believes governments need to take a proactive stance in fostering such an environment of trust, in order to better defend itself against online attacks.
- Argus Cyber Security nabs $4 mln Series A – Thomson Reuters’ peHUB (press release) (pehub.com)
- Former China mining head extradited (bbc.co.uk)
- Israeli Company is Taking the Challenge in Countries Defined as High Risk for Travellers (pr.com)
- Automotive Cyber Security Pioneer Argus Secures $4M Series A Funding (vcaonline.com)