Seoul forum calls for international rules for cyber warfare

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://english.yonhapnews.co.kr/national/2013/11/12/23/0301000000AEN20131112007100315F.html

EOUL, Nov. 12 (Yonhap) -- As cyberspace is increasingly considered a viable
new battle field, security advisers and experts who attended a regional
defense forum on Tuesday discussed the need to establish an internationally
acceptable code of conduct in cyber warfare.

The cyber issue took center stage in the three-day Seoul Defense Dialogue,
which brought together 180 senior military officials and security experts
from 23 nations to discuss security issues in the Asia-Pacific region and
ways to step up regional cooperation.

Senior officials and security advisers from 23 nations attend the Seoul
Defense Dialogue held in Seoul on Nov. 12, 2013 at Westin Chosun Seoul.
(Yonhap)

During the sessions in the forum, panels discussed the role of the military
within the government of the national cyber security and direction of
international rules on cyber security.

"It is now quite obvious that cyber warfare presents a new and maybe
potentially a more destructive form of threat than conventional warfare,
although the implications of this form of threat are still not fully
understood and appreciated," said Jia Qingguo, professor of the
international studies school at Peking University.

Jia said experts on cyber, law and international relations should work
together to study the full implications of cyber warfare to identify a
clearer definition of cyber warfare and establish engagement rules.

"Those who engage in cyber warfare should make necessary efforts to avoid
attacking civilian infrastructures that may harm the civilians," he said.
"Major countries should work together to develop an agreement on a code of
conduct in cyberspace and a set standards to judge its compliance on the
basis of the results of the discussions."

   The Chinese professor addressed the challenge when restraining the
powerful countries that are tempted to use their technological edge to
launch pre-emptive attacks for what he called "self-claimed legitimate
reasons."

   "If the U.S. can tap people throughout the world and get away from the
Snowden case, as it appears to suggest, it would also be tempted to launch
cyber attacks on others when it deems them necessary," Jia said, in a
remark sharply pointed at the U.S. spy scandal in the biggest intelligence
leak by former National Security Agency agent Edward Snowden.

Lim Jong-in, professor at the graduate school of information security at
Korea University, said several nations recognize cyberspace as a new
battlefield, and they are aggressively seeking military measures of cyber
threat including establishing cyber commands. According to a recent
cooperative survey, 114 out of 193 countries have national cyber programs.

Seoul especially faces greater threat of hacking attempts, Lim said,
mentioning several attacks masterminded by Pyongyang in the past years.
South and North Korea are technically in a state of war as the 1950-53
Korean War ended in an armistice, not a peace treaty.

"The probability of a cyber war in South Korea is higher than at any other
countries, so the importance of a military role of national cyber security
in South Korea is higher than in other countries," Lim said.

While there are growing calls to take national-level countermeasures
against cyber threat, Lim said concrete and specific roles and
responsibilities of the military are not being discussed enough in many
countries.

"It is true that the probability of an actual warfare is lower than that of
cyber crime or other forms of cyber threats, and the risk of a cyber war is
exaggerated a bit. But the risk of cyber warfare should not be ignored,"
Lim said, giving as an example a Stuxnet-style cyber attack on weapons
facilities.

A version of the Stuxnet comptuer virus was used to attack Iran's nuclear
program in 2007.

While senior military officials leaning toward a greater military role in
tackling the growing cyber threat against governments and the private
sector, some experts questioned the appropriate extent of the military
involvement in national cyber security.

"Cyber security will need to be a discipline that everyone in a country
takes seriously, not something that citizens and private companies can
expect to outsource to the military," said Ian Wallace, visiting fellow for
cyber security at the Brookings Institution.

"Any country that depends too heavily on the military for cyber security
will likely find themselves reducing the incentives for the private sector
to develop longer-term solutions for themselves."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.