International law covers threats, cyber chief says
Official sees no need for treaty, only cooperation
LONDON — America’s new cyber czar said yesterday that international law and cooperation — not another treaty — are enough to tackle cybersecurity issues for now.
Christopher Painter, coordinator for cyber issues for the State Department, declined to comment on a Wall Street Journal report suggesting that the Pentagon was considering a policy to classify some cyberattacks coming from another country as acts of war. He said most of the reports were based on “things that are not released, haven’t been released, or haven’t been discussed.’’
He did, however, say that President Obama’s recent cybersecurity strategy covered myriad aspects, ranging from international freedoms to governance issues and challenges facing the military.
“We don’t need a new treaty,’’ he said as he arrived for an international cybersecurity summit in London. “We need a discussion around the norms that are in cyberspace, what the rules of the road are, and we need to build a consensus around those topics.’’
Hundreds of international delegates from governments and the private sector converged for the two-day conference to try to agree on the basics: how to enforce cybersecurity regulations across borders, what to do about countries that don’t want to be regulated, how to protect government and company data, and who will ultimately control cyberspace.
Shawn Henry, executive assistant director of the FBI, said enforcing laws across borders was key in catching cybercriminals — many of whom have the same goals.
“You have crime syndicates or individuals looking to steal money, you have foreign governments looking to steal state secrets, and you have terror groups looking for a way to cause disruptions,’’ he said. “Luckily, we’ve had quite a few successes recently.’’
The FBI works with law enforcement agencies in some 75 countries, often embedding agents with local officers.
Michael Rake of BT Group, one of the world’s largest telecommunications companies, warned that world powers are being drawn into a high-tech arms race, with many already able to fight a war without firing a shot.
“I don’t think personally it’s an exaggeration to say now that basically you can bring a state to its knees without any military action whatsoever,’’ Rake said. He said it was “critical to try to move toward some sort of cyber technology nonproliferation treaty.’’
The suggestion drew a mixed response, although at least one academic praised it for highlighting the need to subject online interstate attacks to some kind of an international legal framework.
Recent high-profile attacks against Sony Corp. and Lockheed Martin Corp. have made headlines, while experts described last year’s discovery of the super-sophisticated Stuxnet virus — thought to have been aimed at sabotaging Iran’s disputed nuclear program — as an illustration of the havoc that malicious programs can wreak on infrastructure and industry.
The threat grows every day. Natalya Kaspersky, cofounder of the antivirus software provider Kaspersky Lab ZAO, said Internet security firms are logging 70,000 new malicious programs every 24 hours. Shawn Henry, executive assistant director of the FBI, said that last year alone his agency arrested more than 200 cybercriminals.
How to deal with that threat was the topic of the two-day summit, organized by the EastWest Institute, an international think tank.