Interview: US says cybersecurity covered by law

Christopher Painter, coordinator for cyber issues for the State Department, declined to comment on a Wall Street Journal report suggesting that the Pentagon was considering a policy to classify some cyberattacks coming from another country as acts of war. He said most of the reports were based on "things that are not released, haven't been released or haven't been discussed."

He did, however, say that President Barack Obama's recent cybersecurity strategy covered a myriad of different aspects, ranging from international freedoms to governance issues and challenges facing the military.

"We don't need a new treaty," he told The Associated Press as he arrived for an international cybersecurity summit in London. "We need a discussion around the norms that are in cyberspace, what the rules of the road are and we need to build a consensus around those topics."

Hundreds of international delegates from governments and the private sector converged for the two-day conference to try to agree on the basics - how to enforce cybersecurity regulations across borders, what to do about countries that don't want to be regulated, how to protect government and company data and who will ultimately control cyberspace?

Shawn Henry, executive assistant director of the FBI, said enforcing laws across borders was key in catching cybercriminals - many of whom have the same goals.

"You have crime syndicates or individuals looking to steal money, you have foreign government's looking to steal state secrets and you have terror groups looking for a way to cause disruptions," he told the AP. "Luckily, we've had quite a few successs recently."

The FBI works with local law enforcement agencies in some 75 different countries, often embedding with local officers.

Michael Rake of BT Group PLC, one of the world's largest telecommunications companies, warned that world powers are being drawn into a high-tech arms race, with many already able to fight a war without firing a single shot.

"I don't think personally it's an exaggeration to say now that basically you can bring a state to its knees without any military action whatsoever," Rake said. He said it was "critical to try to move toward some sort of cyber technology nonproliferation treaty."

The suggestion drew a mixed response from cyberwarriors gathered in London for a conference on Internet security, although at least one academic praised it for highlighting the need to subject online interstate attacks to some kind of an international legal framework.

Cyberweapons and cyberwarfare have increasingly preoccupied policymakers as hacks and computer viruses grow in complexity.

Recent high-profile attacks against Sony Corp. and Lockheed Martin Corp. have made headlines, while experts described last year's discovery of the super-sophisticated Stuxnet virus - thought to have been aimed at sabotaging Iran's disputed nuclear program - as an illustration of the havoc that malicious programs can wreak on infrastructure and industry.

"You can close vital systems, energy systems, medical systems," Rake said. "The ability to have significant impact on a state is there."

The threat grows every day. Natalya Kaspersky, co-founder of anti-virus software provider Kaspersky Lab ZAO, said Internet security firms were logging some 70,000 new malicious programs every 24 hours. Shawn Henry, executive assistant director of the FBI, said that last year alone his agency arrested more than 200 cybercriminals.

How to deal with that threat was the topic of the two-day summit organized by the EastWest Institute, an international think tank which gathered hundreds of law enforcement officials, business leaders, academics and security consultants for talks in the British capital.

Rake's proposal for a nonproliferation treaty lacked detail, but it was one of several calls for some kind of an international treaty governing cyberspace. Hamadoun Toure, head of the United Nations telecommunications agency, said that "we all know that the next war, if it was to take place, would take place in cyberspace."

He added that the best way to win such a war was to ensure that it didn't happen in the first place.

But those working in the field were divided about the wisdom of any cybersecurity treaty. Francis Delon, France's secretary-general for national defense and security, said it was too early for work toward an international pact because policymakers were still coming to grips with the risks.

The question was one of "pure pragmatism," he said. "The ground's just not ready for it."

More information:
The EastWest Institute: http://www.ewi.info/

The Telecommunication Union's response center: http://bit.ly/llCTv3

©2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.