Cyberwarfare seen evolving ahead of rules of engagement

Strict definitions of warfare are elusive when actors include nation-states, criminals and rogue actors

As the rhetoric heats up over cyberwar -- including warnings that attacks on the U.S. are imminent and alarms that the U.S. has escalated the risk via malware attacks on Iran's nuclear program -- the rules of engagement are missing in action.

The current framework of international law and treaties doesn't adequately address cyberconflict, Jody Westby, CEO of Global Cyber Risk, said Monday at the Techonomy 12 conference.

Westby said that customary international law should be extended into the cyber domain and define a certain amount of a nation's critical infrastructure that should be "declared sacred and off limits for attack." She also argued that there should be an agreement outlawing "irregular forces," which in this context would include botnets.

But other members of a panel at the conference, being held in Tucson, Arizona, argued that the virtual and covert nature of cyberattacks make it difficult to trace them and hold actors responsible.

"Defining what's legitimate and what's not legitimate is easier said than done," said RSA executive chairman Art Coviello. And defining actions as war is problematic, especially given that nations have spied on each other "forever."

"When does spying end and economic warfare begin? And when does spying end and actual warfare begin?" Coviello asked.

And the players differ as well, Coviello added. "We're used to having wars between and among nation-states. Where does criminal behavior end and warlike behavior begin?"

Cybercriminals have a big-data problem, Coviello said: They possess more credentials than they can monetize. And they can make more money selling credentials from an executive at a defense contractor than they would by attacking that individual's bank account.

Among nation-states there is an emerging de facto understanding of the tit-for-tat rules of warfare: "You take out my power grid, and I take out your dam." But when malicious actors are also criminals, "hacktivists" and terrorists, these groups won't abide by these rules, Coviello said.

Coviello's concern now is the evolution from intrusion to disruption, as with the recent distributed denial-of-service attacks on New York banks.

While the U.S. military has a cybercommand, it's currently constrained from protecting entities outside of the .mil domain, Westby said.

And in the midst of concern over cyberattacks taking the form of economic warfare, lack of cooperation between business and government is also a problem, said John Kao, chairman of the Institute for Large Scale Innovation.

"There's an issue of trust; if I'm a company and I get hacked or robbed, I may or may not be totally forthcoming about what happened. There's the question of how to create rules of engagement for collaboration that don't exist," Kao said. "There's been crescendoing attacks against U.S. financial institutions, and CyberCom monitors this, but the rules of engagement in terms of how it communicates with the commercial sector haven't been defined."

While the panelists decried fear-mongering by politicians and warnings of a "cyber Pearl Harbor," Coviello referred back to a famous quote by Nicholas Negroponte calling the Internet both overhyped and underestimated. Cyberwarfare may be overhyped relative to the risk posed by a bad actor with a nuclear or biological weapon, but he warned that we may underestimate the extent to which a cyberattack could disrupt confidence, and by extension the economy.

Join the PC World newsletter!

Error: Please check your email address.

Tags artsecurityCoviellogovernmentrsa

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Elizabeth Heichler

IDG News Service
Show Comments

Cool Tech

D-Link TAIPAN AC3200 Ultra Wi-Fi Modem Router (DSL-4320L)

Learn more >

D-Link PowerLine AV2 2000 Gigabit Network Kit

Learn more >

Crucial® BX200 SATA 2.5” 7mm (with 9.5mm adapter) Internal Solid State Drive

Learn more >

Xiro Drone Xplorer V -3 Axis Gimbal & 1080p Full HD 14MP Camera

Learn more >

ASUS ROG Swift PG279Q – Reign beyond virtual world

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >


Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Family Friendly

ASUS VivoPC VM62 - Incredibly Powerful, Unbelievably Small

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Stocking Stuffer

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Lexar Professional 2000x SDHC™/SDXC™ UHS-II cards

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Best Deals on PC World

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.


Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?