On Feb. 16th, 2012, Richard Clarke (author of Cyber War: The Next National Security Threat and What to Do About It) wrote an article for the Wall Street Journal on the recent tit-for-tat cyberwar in the Middle East. That cyberwar was really just a series of DDOS attacks and web site defacements between Israeli and Arab hackers. In considering the Arab-Israeli cyberwar, Clarke suggested a new international framework for dealing with patriotic hackers.
First, Clarke argued that the relative ease with which these hackers shut down government and company websites suggests that Middle Eastern countries have not taken cybersecurity seriously. In comparison to governments in other regions, Clarke believes that Middle Eastern governments have not effictively educated, assisted, or regulated companies to improve their cyber-security. This inactivity "opened the way for citizen hackers to cause the mischief we see today."
Second, Clarke suggested that the Arab-Israeli cyberwar demonstarted the "lack of any effective international organization to assist in preventing cyber crime and de-escalating tensions among nations in cyberspace." Essentially, there is no effective mechanism for countries to talk to each other and defuse potential cyber war. To combat this, Clarke proposed a "Cyber Risk Reduction Center" modeled off the Cold War era Nuclear Risk Reduction Center. The Nuclear Risk Reduction Center was a nuclear hot-line between the US and the Soviets; its purpose was to prevent nuclear war by keeping a line of communication open. Similarly, the Cyber Risk Reduction Center would enable quick communications between nation-states to defuse a cyber-war before it can begin.
For example, if Saudi Arabia were to suffer another cyberattack on its stock exchange, it should be able to call the international cyber center, ask Israel to address the situation, and thereby diffuse hostilities. Clarke envisioned an "obligation to assist" that would require any Cyber Risk Reduction Center member to take responsibility for its citizens. If that country didn't honor its obligation to assist, it could face "financial damages or even outside filtering of message traffic . . ."
You can find the rest of the Wall Street Journal article here.
Leave a Reply