RSA: Cyber War Mass Hysteria Is Hindering Security

International cyber threat initiatives are in danger of becoming overblown, the US government’s security chief told the RSA Conference in San Francisco.

” Cyber war is a terrible metaphor,” said the US government’s cybersecurity czar Howard Schmidt. “Don’t make it something it’s not.” Internet attacks from hackers, spies and terrorist groups deserves serious attention, he said, but this should not be “to the extent of mass hysteria”.

Cyber-war hype is a distraction

Other thinkers seemed agreed on this. Bruce Schneier, security chief at the BT Group, said that this mass hysteria is being stoked up by government initiatives creating the impression of a “cyber arms race”. He does not believe that a cyber war is raging but that heavy-handed responses to issues such as the Stuxnet attacks are creating that impression.

Schneier believes that the headline-hitting attacks are distracting security professionals from building a foundation for security. These hyped-up events are distractions from the more critical work of protecting power grids, financial systems and medical networks, he warned.

Last month, AT&T technical lead Bill Cheswick told eWEEK Europe: “I think the word is wrong, because in some sense it is war but it is fury and sound signifiying little. It is just espionage.”

Deputy Securetary of Defence stokes the fire

The reactions formed a response to a keynote speech from William Lynn, US deputy secretary of defence, which may have stoked fears of cyber-war: “The threat is moving up a ladder of escalation, from exploitation, to disruption, to destruction.”

Lynn claimed that spy agencies have gained accessed to weapons system designs and other military plans, source codes and intellectual property from businesses and universities. Lynn sees this theft of information as the major threat, dismissing current attacks on networks as being relatively unsophisticated and short in duration.

Schneier’s fear is that we are on the verge of an IT arms race. “We haven’t seen offensive cyber weapons companies, but they are coming,” he said. “Big defence contractors are working on this – you know they would be dumb not to.”

He fears that this may lead to ill-designed software “weapons” that might be accidentally released. Just as Stuxnet was allegedly designed to attack the nuclear programme in Iran but it escaped into the wild and brought problems for other organisations.

“We are in the midst of a cyber war of words. Let’s quit pointing fingers and start cleaning up the infrastructure,” he said.