Cyber Terror Hotline

Title: Bruce Schneier: We Need ‘Cyberwar Hotlines’ To Match Nuclear Hotlines
December 3, 2010
Computer World

Abstract: Security expert Bruce Schneier has called for governments to establish ‘hotlines’ between their cyber commands, much like the those between nuclear commands, to help them battle against cyber attacks.

Cyber security is high on the national agenda, and is regarded as a top threat to the UK’s security. It is also top a concern for other nations around the world. Last month, the EU announced plans to cybercrime centre by 2013, and it agreed with the US to set up a working group on cybersecurity. Meanwhile, NATO also adopted its Strategic Concept Charter, which outlines plans to develop new capabilities to combat cyber attacks on military networks.

Schneier, writing in the Financial Times, said that a hotline between the world’s cyber commands would “at least allow governments to talk to each other, rather than guess where an attack came from.”

He said that this would be a starting point and that more importantly, governments need to establish cyberwar “treaties”.

“These could stipulate a no first-use policy, outlaw unaimed weapon, or mandate weapons that self-destruct at the end of hostilities. The Geneva Conventions need to be updated too,” he said.

Another suggestion was to declare that international banking was off-limits, but Schneier added: “Whatever the specifics, such agreements are badly needed.”

Although he admitted that enforcing such agreements would be difficult, Schneier said that governments had to at least make an effort to do so.

“It’s not too late to reverse the cyber arms race currently under way. Otherwise, it is only a matter of time before something big happens: perhaps by the rash actions of a low level military officer, perhaps by a non-state actor, perhaps by accident,” he warned.

Earlier this week, the UK government revealed that selling GCHQ’s expertise is one of the options it is considering for bridging the gap between the public and private sectors' intelligence capabilities, in order to strengthen the UK against cyber attacks (Computer World, 2010).

Britain In Talks On Cybersecurity Hotline With China And Russia
Date: October 4, 2012
Source: Guardian

Abstract: Britain has begun tentative talks with China and Russia about setting up a hotline to help prevent cyber-emergencies from spiralling out of control.

The discussions are at an early stage but they reflect anxiety from all sides that a calamity in cyberspace, whether deliberate or accidental, could have devastating consequences unless there is a quick and reliable way for senior officials to reach each other.

The US has been talking to the Chinese about a similar arrangement and the ideas will be among several raised at an international conference on cybersecurity in Hungary on Thursday.

The event will involve 600 diplomats from up to 50 countries and is a follow-up to a conference in London last year. One of the aims of the negotiations is to agree rules of behaviour in cyberspace at a time when states have become aware of the potential to attack, steal from and disrupt their enemies online.

China and Russia have been arguing for a more restrictive, state-controlled future for the internet and for formal arms-control-type treaties to govern what countries can and cannot do.

But they have been challenged by European countries and the US. The UK has said there is no need for treaties and that controls on the internet would restrict economic growth and freedom of speech.

Some progress has been made in reconciling the two positions, diplomats say, but the gulf between them is still huge, and the negotiations are continuing at snail's pace.

With the cyber arena evolving so quickly, and with the US and the UK saying cybertheft now represents a genuine threat to western economies and national security, the need for a hotline is pressing.

"At the moment, we don't really have sufficient information-sharing arrangements with some countries such as Chinaand the Chinese computer emergency response team," said a senior Foreign Office official.

"There isn't a form of crisis communication. If we can build that sort of partnership and relationship then the normative framework develops around that. If you ask for assistance, you get a response. That develops into an obligation to assist. One isn't naive about that, but I don't think the Chinese or the Russians enjoy uncertainty, not knowing who to turn to, who to talk to."

The official said the existing protocols and procedures were not robust enough for the type of emergencies that could materialise in cyberspace. "In theory, there are lists of people who to call, but I think they need to be tested and relied upon."

The foreign secretary, William Hague, and the cabinet secretary, Francis Maude, will be in Budapest for the two-day conference. They will announce that the UK is to establish a new £2m cyberhub at one of country's leading universities, which will provide guidance to the government and companies about where to invest money for initiatives in cyberspace abroad. The money will come from the £650m set aside for cybersecurity in the strategic defence and security review.

The official said talks with China were slow going and that there had not been any fundamental shift in Beijing's position. "Through initiatives such as its draft code of conduct, [China] has promoted a vision of cyberspace which has got much more sovereignty and government involvement in it. They have got particular points that they want to get across to the international community" (Guardian, 2012)