A senior US government expert on cybersecurity has called for the establishment of international cyber warfare standards to combat the actions of the “small group” of countries, including Russia and China, engaging in adversarial online behaviour.
Speaking at a panel at the UK government’s cybersecurity event CYBERUK in Glasgow, Scotland, yesterday, Rob Joyce, senior cyber security advisor at the US National Security Agency (NSA), said that other nations needed to take action against countries engaging in cyber warfare activities.
“There’s a small set of countries who are not behaving within international norms,” he said.
“It’s a short list and we’ve got to get comfortable as nations going out and saying ‘these countries are behaving in ways that are unacceptable’.”
NSA expert hits out at Russia and China over cyber warfare activities
Joyce, who was speaking at a panel of the Five Eyes intelligence alliance, which also included representatives from the UK, Canada, Australia and New Zealand, was in no way hesitant about naming the countries involved. He citied the activities of four nations: Russia, China, Iran and North Korea.
“If you look at the countries who have blatantly come out and attacked other countries in cyberspace, or countries who are stealing wealth to avoid sanctions – they’re literally bank robbing in the cyber realm – it’s a small group. You can name them on one hand,” he said.
“Russia is attacking neighbours and influencing people with their national intent to shape policies and to achieve advantage.
“We’ve seen the Chinese stealing intellectual secrets that impact our economies. We’ve watched Iran attack near neighbours and put safety systems at risk. And North Korea out there stealing banking information. “
Cyber warfare standards: establishing rules of engagement
Joyce’s comments echoed concerns previously raised by other members of the cybersecurity community, including Israel Barak, former Israeli Defense Forces red team founder and CISO at cyber security company Cybereason, who highlighted the lack of rules of engagement in cyber warfare last year.
“In the physical realm, there’s a certain understanding of what the balances are in terms of what is that sliding scale,” Barack said.
“Armies or military organisations know that if they launch an operation of type one they can expect the retaliation of type two. In cyberspace, these rules haven’t been written yet.”
While cyber warfare activities have previously been dealt with behind closed doors, western governments have become more bold in naming and shaming in recent years, with the UK last year calling Russia out on its cyberattack activity.
However, establishing an international set of standards for appropriate responses to cyber warfare remains an as-yet-unrealised goal – but one countries may see as increasingly vital, as Joyce explained:
“One of the things we’ve got to realise in the internet age is there’s so much at stake for the things we’ve connected and the things we rely on, whether it’s critical infrastructure or our financial wellbeing.”