back to article Ex spy bosses: Cyber-warfare needs rules of engagement for nations to promptly ignore

Former intelligence leaders have called for international terms of engagement in cyber warfare and greater collaboration between the public and private sectors to defend critical infrastructure. The comments came at a security-focused keynote at this year's Oracle OpenWorld conference in San Francisco, where – instead of the …

  1. Teiwaz Silver badge

    I wish they'd make up their minds

    One minute it's 'let's make the internet a safe space for children, with zero tolerance treatment of infringers' and turn it into a nice safe puritan shopping mall.

    The next, they're conceding to the necessity of declaring it a battlefield or conflict zone when it's convenient for whatever aims are on the table this week.

    Who'd want they kids out in that, porn and creepy uncle free or not (apart from the kinds of parents who used to let the TV brings their kids up).

    1. Anonymous Coward
      Anonymous Coward

      Re: I wish they'd make up their minds

      Are you sure that your apparently unitary "they" cannot be split into two different groups?

      Even without endorsing any particular view or proposed "solution", it seems quite natural to me that military/security types will predominantly see "battlefield" aspects and address those, whilst those with a social/public focus will instead promote a "safety" angle.

      1. Teiwaz Silver badge

        Re: I wish they'd make up their minds

        Are you sure that your apparently unitary "they" cannot be split into two different groups?

        Sure they are, I just fail to see confidence in 'Tufty Club' and a safe playground mentality when on the other hand the recreation area is laced with mines.

        Wait until some faction starts real underhand propaganda tactics. Fake news will just be community gossip.

    2. I ain't Spartacus Gold badge

      Re: I wish they'd make up their minds

      The other problem with that kind of thinking is that there is no "they". The internet (and in fact the world) is not controlled by any one group. That's the error the conspiracy theorists make.

      Sure we have big corporations and governments - and lots of those types meet at places like Davos and have a good old powow over the canapes. And being a group with a lot in common, they're often subject to groupthink. But they don't all agree on anything, even if they were as powerful as some people make out. There's nobody in charge of everything, and so there is no "they" to decide whether to make the internet safe for the kiddies or turn it into a global battlefield.

      1. GnuTzu Bronze badge
        Joke

        Re: I wish they'd make up their minds -- "not controlled by any one group"

        "...is not controlled by any one group..."

        Not that "they" aren't working on changing that.

        O.K. That was somewhat tongue-in-cheek, but I had to say it.

        1. I ain't Spartacus Gold badge

          Re: I wish they'd make up their minds -- "not controlled by any one group"

          GnuTzu,

          That's just what they want you to think...

      2. amanfromMars 1 Silver badge

        Make Up Your Minds Times .......... with Quantum AI Leap Operating Systems to ReProgram

        There's nobody in charge of everything, and so there is no "they" to decide whether to make the internet safe for the kiddies or turn it into a global battlefield. .... I ain't Spartacus

        Is there a Collective We communicating here and deciding on future extremely strange events for Global Presentation and Greater Universal Media Use, I ain't Spartacus?

        There's always Some Thing or Some One in Charge of Leading Control Commanders for Control of Leading Charges into Future Creative Events ..... Novel Noble Deep AIdVenturing Enterprise.

        Whose Cyber Portfolios do you Entertain and Enjoy. And do you have any Controlling System Stake within them which Permits and Provides First Person Singular, Second Person Plural and Third Party Collective Drive of Program and Projects Direction? Or are you just as a Paying Passenger being taken Along the Free Ride and Down Winding Perfumed Gardens Paths and Disenabled to Savour and Flavour All Coming Bounty?

        A extremely valuable and suitably horrendously expensive facility to effortlessly effectively supply and maintain with Advanced IntelAIgent Mentoring and Monitoring ....... from Further Advanced Deeper Intellectual Property Space Stations with Quantum Communications Nodes in Raw Core Lodes of Virgin Source.

        As a Place on Earth, would IT be a Heavenly Question?

        As a Place on Earth, would IT be a Heavenly Exclamation!

        As a Place on Earth, would IT be a Heavenly Fact.

        As a Place on Earth, would IT be a Heavenly Fiction.

        As a Place on Earth, would IT be a Heavenly Quorum of Interests Served and Servered Equally?!.

        :-) A little SomeThing for Captain Scarlett to mull and cogitate over if contemplating entering into the Play and Fray of Safe Cyber Security Spheres of Unbounded Influence.

        1. Anonymous Coward
          Anonymous Coward

          Re: Make Up Your Minds Times .......... with Quantum AI Leap Operating Systems to ReProgram

          Its hard to really know ‘how’ to respond amfM ...

          1. amanfromMars 1 Silver badge

            Make Up Your Minds Times ....... Re: Clouds Hosting Advanced Operating Systems with Alien Services

            Its hard to really know ‘how’ to respond amfM ... .... Anonymous Coward

            Can you imagine the same problem and conundrum, AC, for failing established security services, dipping their toes into novel deep and vital dark virtual waters which can in an instant expose their every weakness and vulnerabilities for rapid and rabid serial exploitation?

            And to know that swimming in such sees is unavoidable if one wants to establish and harden a clear advantageous lead in both the Present and the Future does require more than just an average type bear when drivering for IT in AI Bull Market Trading Spaces.

            And not just for Brave New Worlds with CHAOS in Absolute Command and Remote Control.

            1. amanfromMars 1 Silver badge

              An Almighty Enigma Requiring No Solution but Permanent AI BetaTesting

              The Abiding and Expanding Security Services and GCHQ Quandary in Advanced IntelAIgent Quagmires

              All Penetrations and Spooky Exploits leave an Indelible Trail of Tales to Follow with Leads IDEntifying Responsible Actors and Accountable Drivers.

              In Futures, Proceed Extremely Cautiously is the Safest and Soundest Secured Haven Advice ...... for there are No Hideaway Hideout Hiding Places to Pretend to Not Exist and Be Relatively Almightily Anonymous.

              Just ask John McAfee for Confirmation of the Truth in All of That ... Yeah, Been There, Done That, Got the T-Shirts.

              It is both illogical and harmful to one's future health and mental wellbeing to not accept the Future is completely different from the Past with Everything Changed and being Constantly Remodelled with Daily 0Day Changes for SMARTR Media Platformed Presentation. ...... Raw Naked Unveiled Revelation.

              And, is it true, if you Tilt at the Future with Windmills, are Colossal Storms Guaranteed to Shred All Sails and Thread All Tales?

              1. Anonymous Coward
                Anonymous Coward

                Re: An Almighty Enigma Requiring No Solution but Permanent AI BetaTesting

                The problem is, and always has been ‘how’, and that is what part of the story does one play?, as it’s seemingly always piggy between the man in the middle.

                Its not through lack of trying amfM, of that I can assure you, and remaining relatively anonymous and autonomous in depravity never was or is the intention :-(

                1. amanfromMars 1 Silver badge

                  Re: An Almighty Enigma Requiring No Solution but Permanent AI BetaTesting

                  Its not through lack of trying amfM, of that I can assure you, and remaining relatively anonymous and autonomous in depravity never was or is the intention :-( ... Anonymous Coward

                  'Tis an interesting stealthy stalking position, the situation and intention to be a Parallel Party as Unfortunate Unnecessary Collateral Damage rather than as a Leading Prime in Premeditated Collusion, AC.

                  And to XSSXXXX in the Full Light of All Evidence, Almightily Liberating and EMPowering.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: An Almighty Enigma Requiring No Solution but Permanent AI BetaTesting

                    The thing is amfM, there is no intention to do wrong to anyone, but inadvertently by following said directions of travel thats all that appears to occur, pre ordained is seemingly the order of the day, whichever direction is taken, paths will be adjusted accordingly.

                    All one can do is hope.

  2. YetAnotherJoeBlow

    Bureaucrats

    Have a read of the Tallinn Manual 2. It just astounds me of their arrogance to think that people will even read it let alone follow it. One of these days, maybe the governments who pay for this garbage might listen to those on the ground. I know of several people who could really open their eyes - that is if they even care.

  3. FuzzyWuzzys Silver badge

    Sound like a bunch of liberal hippies at a local anger management seminar. "Yeah, sure you can have a few battles and war or two online, but like you know, play nice and by the rules, right? Then everyone has a good time.".

    The problem is that rules of engagment might have worked fine in the 18th Century battlefield when only those with serious moolah could buy the kit and organise armies, plus the sense of honour among monarchs and the ultra-rich, however these days anyone with a £250 tablet and a copy of "Learn Python in 24 Hours" can be a black-hat if they wish. The script kiddies and "rogue actors" are not going to give "two rat's" about your rules of online engagment, they're just going to take down a financial company website or worse, the infrastruture of some country, and then sit back and have a bloody good laugh at the IT bods scrambling to patch the problem.

    1. I ain't Spartacus Gold badge

      Maybe. But nobody is massively worried about the script kiddies. What they're worrying about is things like the Russian government sponsored cyber-attacks on the whole internet infrastructure of the Baltic States that have happened during times of political tension. A several week long period where people were unable to effectively access government services online, made worse by the fact that the Baltics all decided to do lots of their government online, so they're much more reliant on it than say Western Europe or the US. Even though we're going in the same direction.

      What happens if some state has a major political falling-out with another, and decides to use a cyber-attack to disable their electricity system? It's never happened on that kind of scale yet, so we don't know how hardened those systems are or how much damage it would do, or how long it would take to recover? Are we talking a few billion of damage and a major inconvenience, or throwing a country into recession for a year?

      That's not to mention all the recent shennanigans on social media trying to influence elections. I suspect that this will have no more effect than propoganda did in the Cold War - it's just that social media is new and people weren't used to it and how it impacted on the way they saw news.

      1. Anonymous Coward
        Anonymous Coward

        "...some state has a major political falling-out with another..."

        @I_Ain't_Spartacus

        ...like the UK and Belgium????

        https://www.theguardian.com/uk-news/2018/oct/25/uk-refusal-cooperate-belgian-hacking-inquiry-condemned-gchq-belgacom

        This Guardian article is all about a UK attack on Belgian infrastructure in 2014:

        https://theintercept.com/2014/12/13/belgacom-hack-gchq-inside-story/

        THERE ARE NO "GOOD GUYS" IN THIS STORY!

        1. I ain't Spartacus Gold badge

          Re: "...some state has a major political falling-out with another..."

          We weren't attacking Belgium. We were spying on them. Or apparently using their telco's systems to spy on Africa and the Middle East. But maybe Belgium too.

          Not nice, of course, but nothing unusual. And no country with their own foreign intelligence agency is in any position to complain.

          The thing they're talking about creating is some kind of rules of war. Things you don't do because of the effects on civilians. And also because once people start retaliating in kind, things go downhill fast.

  4. amanfromMars 1 Silver badge

    Moving the Internetworking of Things on into the Virtually Real World of Surreal Existentialism

    I think all of us would agree that cyber space is the new battle space where words create, command and control and destroy worlds with the practically remote anonymous sharing of Future ACTions against which there are zero effective defence or attack vectors, and which a dogged denial of the situation with zero engagement with any completely new actors in the field renders those said completely new actors as stealthy de facto state leaders by virtue of the sin of omission and/or suppression of specific particular and peculiar easily made readily available information, which failed state bodies and stalking intelligence heads would rather remain either fully unknown or Top Secret/Sensitive Compartmented Information.

    You know .... the stuff Donald [Rumsfeld] and Ike [President Eisenhower] were more than a little wary and aware of ......

    Our military organization today bears little relation to that known by any of my predecessors in peacetime, or indeed by the fighting men of World War II or Korea.

    Until the latest of our world conflicts, the United States had no armaments industry. American makers of plowshares could, with time and as required, make swords as well. But now we can no longer risk emergency improvisation of national defense; we have been compelled to create a permanent armaments industry of vast proportions. Added to this, three and a half million men and women are directly engaged in the defense establishment. We annually spend on military security more than the net income of all United States corporations.

    This conjunction of an immense military establishment and a large arms industry is new in the American experience. The total influence -- economic, political, even spiritual -- is felt in every city, every State house, every office of the Federal government. We recognize the imperative need for this development. Yet we must not fail to comprehend its grave implications. Our toil, resources and livelihood are all involved; so is the very structure of our society.

    In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the militaryindustrial complex. The potential for the disastrous rise of misplaced power exists and will persist.

    We must never let the weight of this combination endanger our liberties or democratic processes. We should take nothing for granted. Only an alert and knowledgeable citizenry can compel the proper meshing of the huge industrial and military machinery of defense with our peaceful methods and goals, so that security and liberty may prosper together. ...........

    The prospect of domination of the nation's scholars by Federal employment, project allocations, and the power of money is ever present and is gravely to be regarded. .... http://avalon.law.yale.edu/20th_century/eisenhower001.asp

    Reports that say that something hasn't happened are always interesting to me, because as we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns – the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tend to be the difficult ones. .... https://en.wikipedia.org/wiki/There_are_known_knowns

    Would you agree with all of that, or deny the facts and live in an alternate reality and absolutely fabulous fabless fiction?

  5. Dave 15

    simple

    Dont connect your critical infrastructure and control systems to the internet. There really is no need. IF (and its a big if) you think you need to have centralised control (for someone to bomb) or communications (for someone to cut) between the power stations, fuel pumps, water gates or whatever it is then put some armoured cables buried deep underground in place.. it can be done, sure we did it before

  6. Aodhhan Bronze badge

    More Oracle Crap

    Every year Oracle touts how wonderful their technology is, and how they've jumped light years ahead of competition when it comes to security.

    This year is no different.

    I'm willing to bet nothing will change this year. Oracle will still over charge for its products, will still have more vulnerabilities than other systems, and will take a ridiculous amount of time to patch these holes.

    Fortunately, I work for an organization which has greatly reduced the amount of Oracle products in the enterprise.

    1. I ain't Spartacus Gold badge
      Happy

      Re: More Oracle Crap

      If there's one thing I've learned from years of reading the Economist, it's that Oracle are always at least twice as good as the competition in any graph on the back cover. Which proves they are the best!

      I guess I also know that expensive Swiss watches make you look really cool and cause you to do a lot of skiing, diving and eating posh food. Also you're buying them for your children - honest!

  7. gr00001000
    Big Brother

    The Internet battle

    Yes the Internet is the new battle space, and also the arena for influencing hearts and minds.

    So witness now how it is being ring fenced with favoured tech giant providers in national geographies, chiefly by the search provider/service provider:

    Yandex

    Ten-cent/Baidu

    Google

    In the years to come we could withness the regionailisation of the Internet and barriers put up around TLDs and address space.

  8. John Smith 19 Gold badge
    Unhappy

    when in doubt look for the PPE graduate.

    Internet standards should stop treating anyone as friendly.

    Everyone is a potential MITM attack.

  9. Simon B-52

    9/11 cyber attack

    A 9/11 cyber attack eh?

    Well that would definitely mean different things to different people, including Dan Rather.....

  10. Claptrap314 Bronze badge

    "There are no civilians"

    It's a shame that he did not recognize the failure of this phrase and clarify it.

    A "civilian" is someone who can rely on others for their protection.

    Is there ANY commentard who has not conceded that the end users are their own worst enemies because of their failure to protect themselves?

    If you know what he was saying, it is a truism. But if you don't, it's easy to dismiss it as military over-eagerness.

    Now, if we could just convince management that security matters...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019