Is Denial-of-Service an Act of War? Clear Definitions Said Needed for Cyberdefense
LONDON -- Last year’s cyberattack on Estonia sparked much governmental soul-searching about the need for cyberdefense, but key questions remain unresolved, speakers said Monday at the Cyber Warfare 2008 conference. Opinion is split on whether such denials-of-service (DOSs) and other disruptions are attacks, and, if so, whether to deem them warfare, speakers said. When definitions are so hazy, words begin to matter a great deal, said Col. Glenn Zimmerman of the U.S. Air Force Cyber Task Force.
Sign up for a free preview to unlock the rest of this article
If your job depends on informed compliance, you need International Trade Today. Delivered every business day and available any time online, only International Trade Today helps you stay current on the increasingly complex international trade regulatory environment.
Much debate over defining warfare centers on the fact that many military cyberoperations intertwine with civilian operations, Zimmerman said in an interview. Military actions can’t be considered in a vacuum, making policy development challenging, he said.
A key issue is what constitutes an attack, Zimmerman said. The media call any event an attack, a “tremendous oversimplification,” like calling every billboard defacement an attack, he said. “Attack” needs a stricter definition, he said. Another defense roadblock is the lack of standards for countries to use in dealing with cyberevents, Zimmerman said. Many question whether what happened in Estonia was actually warfare, he said.
The U.S. Air Force characterizes cyberspace as a physical domain consisting of electromagnetic spectrum and the electronics used to access and exploit it, Zimmerman said. From a combat perspective, it’s the same as air, land, sea and space, he said. But there’s dissent in that area, too, since that definition is not held universally, he said. And while the Air Force deems wireless systems part of cyberspace, some limit it to computer networks, he said.
Cyber warfare is conflict among computers and information systems, said Douglas Towers, director of the U.K. Ministry of Defense’s Defense Security Standards Organization. In radio communications, a country failing to decode enemy communications would pretend to be the enemy by spoofing its transmissions or, if that couldn’t be done, jam their signals, he said. Radio jamming equals DOS in cyberspeak, he said.
But there is debate over whether one nation’s DOS attack on another should be declared an act of war, Towers told us. He considers it a conventional act of war akin to jamming, he said, but the legalities are unresolved.
NATO will unveil a strategy for countering cyberattacks at a Wednesday meeting for heads of state in Bucharest, the International Herald Tribune reported. The proposal will include creating a central cyberdefense agency, it said. The Council of Europe also will propose guidelines for computer crime investigators, including a controversial strategy to force service providers to give authorities a list of the kinds of information they could offer, the IHT reported.