Sergey Nivens - stock.adobe.com
The world needs a new millennial generation of leadership that has been born into a world of technology and can grasp both the promises and the threats, if we are to avoid open cyber warfare between nation states, according to RSA’s former executive chairman, Art Coviello.
“I can be optimistic that the security solutions necessary to protect us are rapidly coming online. As a father to children of the millennial generation, I am also optimistic that they will find the right path. I just hope and pray they are students of the past,” said Coviello, in exclusive remarks shared with Computer Weekly’s sister title, France’s LeMagIT.
Coviello, who since retiring from RSA is a venture partner at Rally Partners, a Silicon Valley venture capital investment firm, referred to the words of the philosopher George Santayana, who said: “Those who cannot remember the past are condemned to repeat it.”
He suggested that as the threat of state-developed cyber weapons becomes clearer, it seems that the world has, by and large, forgotten about the destructive power of conventional weapons, from the mustard gas used in the trenches of the First World War, to the atom bombs that ended the Second.
“Have we forgotten the inhumanity of such weapons when Assad uses them on his own people? Have we forgotten the unfathomable devastation and after-effects of nuclear warfare with the repudiation of so many treaties designed to limit the use of weapons of mass destruction? Will we need the next level of horror to realise what can happen with the proliferation of cyber weapons?” he said.
“And, have we forgotten the brutality of fascism with the assault on democracy by far right extremists who use social media the way fascists used propaganda with their constant and relentless drumbeat of lies?
“I hate to present such a dystopian view of things, but the alarm must be raised,” said Coviello.
Responsible behaviour in cyber space
Coviello was speaking as a group of countries came together at the end of September to issue a joint statement on advancing responsible state behaviour in cyber space. Besides the anglophone Five Eyes alliance, the declaration was signed by Belgium, Colombia, Czechia, Denmark, Estonia, Finland, France, Germany, Hungary, Iceland, Italy, Japan, Latvia, Lithuania, the Netherlands, Norway, Poland, Romania, Slovakia, South Korea, Spain and Sweden.
Almost a year after the Paris Call, which was signed by 50 countries, although not Russia or the US, the statement – which can be read in full on the website of the US State Department – said that even while recognising the benefits that cyber space has brought to citizens, state and non-state actors were using it as a platform for “irresponsible behaviour” to disrupt daily life and services, undermine governments and international bodies, and damage free and fair competition between enterprises.
The international community – driven through the UN – has coalesced around an evolving framework to govern responsible state behaviour and made it clear that the international rules-based order should guide state behaviour online.
Art Coviello, Rally Ventures
The signatory countries to the statement underscored their commitment to uphold the international rules-based order and work towards its adherence, implementation and further developments, supporting cyber security capacity building to help countries implement the framework to protect themselves. They also reiterated that human rights apply and must be respected online.
“As responsible states that uphold the international rules-based order, we recognise our role in safeguarding the benefits of a free, open and secure cyber space for future generations. When necessary, we will work together on a voluntary basis to hold states accountable when they act contrary to this framework, including by taking measures that are transparent and consistent with international law. There must be consequences for bad behaviour in cyber space,” wrote the statement’s authors.
“We call on all states to support the evolving framework and to join with us to ensure greater accountability and stability in cyber space.”
Cyber weapons a worrying threat
Coviello said that while the aims of the statement were laudable, there were still problems with it. “It comes overwhelmingly from the countries which have the most to lose, are governed by rule of law, or border Russia and have much to fear,” he said.
“Far too many other countries don’t think the same way, and even if they say they do, don’t act that way. In fact, technology (especially cyber) has become and will continue to be the great equaliser for the adversaries of the more advanced militarily and/or economic powers, especially if those adversaries choose not to play by the same rules.
“So, I am not optimistic that statements like this, unaccompanied by a treaty and an enforcement capability, will get much of a result,” he said.
Coviello added that he was increasingly worried about the development of cyber weapons for military use, saying there was no reason to think that, given the example of history, civilian populations would be somehow exempt from such attacks.
Read more about cyber weapons
- CISOs must start thinking about how to engage with intelligent, adaptive, non-human attackers, says Trend Micro’s Rik Ferguson.
- Security researchers have discovered an attack campaign infrastructure designed to scan, brute-force and infect tens of thousands of MS-SQL and PHPMyAdmin servers.
- Weapons technology is among the latest targets of a highly adaptable cyber espionage group that uses a wide range of publicly available and custom attack tools, presenting a challenge to network defenders.