Get the latest news alerts: at Twitter.

Local Tech Wire

"Lots of times, there’s confusion in these treaty negotiations because of lack of clarity about which problems they’re trying to solve," Scott Charney, vice president of Microsoft Corp.’s Trustworthy Computing Group, told The Associated Press before a this week put on by the

In a paper, Charney calls for rethinking definitions.
"If the concern is an electronic Pearl Harbor, perhaps part of the response is an electronic ‘Geneva Convention’ that protects the rights of noncombatants,” he said in a speech at the event.

An excerpt from Charney’s paper:

In a world of such diverse threats and increasing allegations of cyber crime, economic espionage, military espionage, and cyber warfare, it is critically important that governments and cyber security professionals think differently about malicious cyber events and how to respond to them.

The starting point is breaking down attacks by attribution and category. With regard to “the who” (and, inferentially perhaps, “the why”), there may be strong attribution, some probability of attribution (high to low), or no attribution. With regard to categories, there are four: cyber crime, military espionage, economic espionage (and other areas where nation-states are in philosophical disagreement on normative behavior) and cyber warfare.

Each level of attribution and each category of attack raises unique issues regarding response with one exception. Defensive measures are always appropriate and nothing prevents someone from adopting stronger security measures, such as adopting multi-factor authentication. Strong defenses are not enough, however, as offense almost always beats defense on the Internet.

So although stronger defenses might deter some who will seek easier targets (much like locking one’s door encourages a burglar to seek a less-protected house), persistent, well-funded and motivated adversaries are not readily deterred by defenses, especially because defenses have proven insufficient in so many cases.

For the complete paper,