Cyber Warfare Needs Rules Of Engagement

Uploaded on 2018-11-23 in NEWS-Cybersecurity News, INTELLIGENCE--International, GOVERNMENT-Defence, FREE TO VIEW

'I think all of us would agree that cyber space is the new battle space'

OpenWorld Former intelligence leaders have called for international terms of engagement in cyber warfare and greater collaboration between the public and private sectors to defend critical infrastructure.

The comments came at a security-focused keynote at this year's Oracle OpenWorld conference in San Francisco, where, instead of the usual parade of enthusiastic customers, co-CEO Mark Hurd took to the stage with three former spies.

John Scarlett, who led the UK's MI6 between 2004 and 2009, said that when it came to cyber-attacks, there was “no sense of the rules of the game” and no international or legal structure. 

This lack of terms of engagement was central to the reemergence of the great tension and rivalry between different actors, he told the audience today.

However, he conceded that it is “hard to see how they [rules of engagement] can be developed and agreed on,” and questionable whether any state would trust the various sides to implement them honestly.

“We have to get our brains thinking differently,” Scarlett said, arguing that the old way of thinking about attacks and defense didn’t translate into cyber threats.

The long-expected Cyber Pearl Harbor

His comments came in response to Hurd’s opening question, which asked what a “9/11 cyber-attack” would look like, a term that the Brit spy said that he was “wary” of using.

Similarly, former head of US homeland security Jeh Johnson said that the term was “rather provocative”, while pointing out that it could sometimes take years to assess the full impact of a cyber-attack.

That said, he did suggest that the impact that Russian interference in the 2016 US elections had on democracy could be as significant as the terrorist attacks in New York.

Johnson said that the open, free society in the US, and the access to it via the Internet, was both the nation’s greatest strength and a major vulnerability.

“I think all of us would agree that cyber space is the new battle space,” he said, adding that the best form of defense in this respect was a good offense, and that this should be a national and international priority for both governments and industry.

“We need to do a better job of public-private partnerships on defense of cyber space and our critical infrastructure,” he said.

Meanwhile, Michael Hayden, who has led both the National Security Agency and the Central Intelligence Agency, said that the answers will not be obvious, and that the rapid pace of technological development can lead to changing definitions on what constitutes security.

For instance, Hayden said that he had come down on the side of Apple in the battle between it and the feds seeking to break the encryption on the San Bernadino killer’s iPhone.

This was not on privacy grounds, or on commercial grounds, he said, but “on a broader definition of security”. Law enforcement’s requests were legitimate, he said, but “the costs of conceding exception access outweighed the benefits” in this case.

Flexibility and Possible Fixes

Hayden emphasised that this wasn’t about setting one hard and fast rule, as different factors might warrant a different decision; rather he urged a discussion of the balance of privacy, security, freedom and liberty.

Oracle has spent its annual gabfest touting the security credentials of its autonomous database and “second-generation” cloud infrastructure, and the decision to bring the three former intelligence bosses on stage also comes as it is eyeing up the Pentagon’s $10bn JEDI cloud contract.

And so it could hardly miss the opportunity to give its technology a plug, no matter how painfully orchestrated it was to have Big Red’s chief corporate architect Edward Screven sitting alongside the former spies, ready to big-up his firm’s new tech.

The session ended with the more cynical members of the audience rolling their eyes as Screven opined that there was “no such thing as a civilian” in cyber warfare now, all IT professionals are on the “cyber battlefield”, but, with the technology Oracle has developed, “we can be much more effective at defending that threat”. 

The Register:

You Might Also Read:

Why Has The US Not Been Hit With A Devastating Cyber Attack?

« Australia And NZ Announce Joint Pacific Cyber Cooperation
Stuxnet 2.0 - Iran Says Israel Has Launched New Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Dataguise

Dataguise

Dataguise provides a data-centric security solution to detect, protect, and monitor sensitive data in real time across all data repositories, both on premises and in the cloud.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Foregenix

Foregenix

Foregenix are global specialists in Digital Forensics and information security including Penetration testing and Website Security.

I-Tracing

I-Tracing

I-TRACING are experts in IT security, specialized in legal compliance of information systems, security of information systems, and the collection of digital evidence and traces.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Very Good Security (VGS)

Very Good Security (VGS)

VGS is the modern approach to data security. Our SaaS solution gives you all the benefits of interacting with sensitive and regulated data without the liability of securing it.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

Atlant Security

Atlant Security

Atlant Security is a cyber and IT security company offering consulting and implementation services.

Match Systems

Match Systems

Match Systems provides blockchain investigations, KYC, KYT, AML, Due Diligence and compliance services.

Arcserve

Arcserve

Defend your data with Arcserve all-in-one data protection and management solutions designed to be the right fit for your business, regardless of size or complexity.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

Windstream

Windstream

Windstream is a leading provider of advanced network communications and technology solutions for consumers, small businesses, enterprise organizations and carrier partners across the US.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.