When someone is in your network your at war – when someone steal your identity your at war, when someone steals you intellectual property your at war.
Stuxnet change the face of warfare. Cyber warfare is very different from conventional warfare. Missile or aircraft takes time to respond cyber warfare happens in seconds. We live with the UN charter that regulate the actions between states. So if someone launches a distributed denial of service attack, you are not supposed to retaliate with a nuclear missile into an industry complex. It’s issue is one of proportionality.
But what can be done about organized crime and their international cyber operation, – stealing credit card numbers from another country who’s responsibility is it? What do you do about a black hat Chinese or Iranina hackers who have been accused of pirating trade and defense secrets from different countries? And the political aspect of China who is a trading partner, while Iran may be an enemy per say. We are civilized, military targets are permissible under international law, attacks of innocent civilians or non-military targets are prohibited. When a governments goes through a civilian contractors do they lose status as a civilian and become a military target. When a private citizen launches an attack (hack), what is the country of origin responsible? Do they arrest them. Look at the current Lulzsec (cyber crewz ) arrest all over the world.
My friend Joel Harding wrote on his blog – http://toinformistoinfluence.com/
What is cyberwar?
What is an attack in cyberspace?
How do the laws of armed conflict apply in cyberspace?
How do conventional laws apply in a virtual world?
Someone posited that anytime someone penetrated their network, that was considered cyberwar. I disagree, that would be an intrusion.
Someone said by stealing the information in my network, that would be considered cyberwarfare. I disagree, that would be theft of intellectual property or a cyber crime.
Someone claimed that denying, degrading or destroying data on a network would be cyberwar. I admitted, that would be bad, but by no stretch of the imagination would one single incident be considered a cyberwar. Yes, it honestly would depend on the targeted network. Doing this on the WhiteHouse.gov domain would definitely be considered an act of war, whereas at tinyminds.com (I made that up) it would probably be a pain in the butt.
But What Mr. Harding fails to understand is that Seante.gov has already been hacked, the CIA was already hacked. So I stand by my remarks – When someone is in your network your at war – when someone steal your identity your at war, when someone steals you intellectual property your at war.
It’s only the response to the act (hack) and the politics and the economics of the actors that make it an actionable matter for the military or a compony or a civilian. Warfare has changed in the last 10 years and cyber warfare is only beginning to show it’s ugly head. The international laws (agree by all) that we have today will need to be a world solution so everyone knows the consequences of starting a war in cyberspace.
My 2© cents – gatoMalo_at_uscyberlabs_dot_com