Op-Ed: US and Russia hold talks to limit cyber war

Posted Dec 12, 2009 by Paul Wallis
Having the US and Russia back on speaking terms has had at least one positive further effect. They’re talking about ways of limiting military use of the net. This has many practical applications and major benefits for the world, if they get it right.
File image
The talks are taking place against a background of real problems. Government and civilian websites receive huge numbers of cyber attacks in various forms every day. These attacks are an eclectic collection of hacking, DOS attacks and other useful ways of passing the time. The real threats come from more focused efforts by paid professionals.
Both parties have a lot to gain by getting together. The US problem is so serious that President Obama ordered a review, and a new approach to national policy is definitely under way. On the national level, Russia also has its own issues, and a thriving black market in dangerous software which is as much of a threat to Russia as anyone else.
Even the theory of limitations is a contentious issue. The US feels that combating cybercrime also covers creating better defences against military cyber attacks. The Russians are focusing on cyber weapons like logic bombs, a sort of internet IED which can cripple systems, and botnets, everyone’s favorite pests, which can include massive numbers of computers operating against targeted sites and systems.
The military version of cyber war has the potential to be as serious as a nuclear war in terms of creating chaos. It could crash power and water supplies, as well as trashing the global financial systems and information systems. Russia is in favor of an internet disarmament treaty, but the practical aspects are tougher than nukes ever were.
The specifically military form of cyber war has several levels which are at least theoretically within the scope of a treaty. Exactly where the line is drawn between “official” cyber war capabilities and unofficial groups which can easily operate independently is up in the air.
Also missing from this equation is China. China is regularly accused of everything on the net from systematic espionage up to and including the Wreck of the Hesperus, with that total lack of results which most net users find so appealing as the usual outcome.
There’s a disconnect here. China is perfectly capable of doing these things, but China's huge new economy is also highly vulnerable. Riding the cyber tiger is a potential own goal, and it’s unlikely China’s leaders are unaware of that fact.
China is also the potential source of a solution. The world needs the internet to be functional. A cyber war can crash whole nations in hours. The global version isn’t likely to be easily fixed, if it happens. Even local denial of service attacks can take days to fix. China, as the world’s factory, could be instrumental in developing and fitting anti-DOS and anti-crime software and hardware. People with zombie computers could even shut down their malware with the right tools. (As it is, most people with zombies don't even know they're affected.)
Another aspect which needs investigation is cloud systems. In theory, cloud systems, operating outside the vulnerable personal computer environment, can shut these things down remotely. They can also act as multiple redundant buffers against cyber attacks. They’re much harder to hack than home computers, easier to manage when they are, and far easier to coordinate realistically on a global scale. Any attack could only penetrate so far, and not even hit the net before being shut down, in this scenario.
Internet security companies could also benefit from a coordinated approach, with their software and concepts operating collectively rather than on a bit by bit basis. Their services would be very much in demand. The patents alone for this type of system would more than compensate for any market effects.
An international organization like the FBI’s IC3 would be a workable possibility. Many internet majors operate systems which could contribute to a true global system, like AOL and others. Everybody but criminals and misanthropes has a vested interest in making the net safe. Spam, scams, and DOS attacks are costing the world billions. This is a unique case in human history where the whole human race can get on the same page and achieve a lot.
The military option would be impossible in practice, and the crime element would be facing billions of watertight doors on systems, not just a few basic cracking exercises. Getting rid of the spam alone would make the internet a lot more efficient, and reduce the data loads enormously, freeing up capacity.
Privacy considerations would start with access rights, a new civil right for humanity. Interesting thought that it takes machines to enforce human rights, isn't it?