The world is in the early years of a cyber war arms race in which ordinary citizens are being caught in the “blast radius” as nation states attack corporations in rival countries, revered cryptographer Bruce Schneier warned today.
The current CTO of Resilient Systems told attendees at his keynote during Infosecurity Europe 2015 that so much current discussion is being focused on surveillance and privacy that we run the risk of failing to address potential shortcomings in cyber war capabilities.
“We need to understand cyber war better,” he argued. “There’s lots of back and forth; countries not attacking each other but companies within countries – which we’ll see more of. Nations are building up for cyber war.”
However, politicians should resist the urge to descend into “saber rattling” rhetoric on the issue – as they did during the recent Sony/North Korea attacks – as this can dangerously skew the debate, Schneier warned.
Although nations are building up for conflict in cyberspace, it is the “democratization of tactics” which represents an immediate danger to public and private sector organizations.
For example, it’s no longer possible to detect if a major cyber attack was a result of a “nuclear powered government” or a “couple of guys in a basement,” Schneier claimed.
Attribution is also a major problem, especially when it comes to governments needing public approval for retaliatory actions.
“Cyber weapons don’t come with return addresses,” argued Schneier.
“The US government took three weeks to announce North Korea had attacked Sony. Three weeks is not going to cut it, and providing evidence is really tricky, especially in a world where secret evidence is more and more prevalent.”
Critical national infrastructure firms in particular could be found wanting if hit by a serious attack.
“There are some real serious market failures which will require government intervention to work at all,” Schneier warned.