Former US cyber diplomat wants tougher 'consequences' for state-backed hacks
Security

Former US cyber diplomat wants tougher 'consequences' for state-backed hacks

Nation states need faster and more effective ‘consequences’ for those launching cyber attacks against them, former US State Department lead cyber diplomat Chris Painter says.

Painter, who previously served in the White House as the National Security Council senior director for cybersecurity, said the public and private sectors need to “think creatively” about what tools can be used in response to “bad actors”.

“In the nation state realm we don’t really do consequences very well. My worry with that is if you don’t take action, swift action, you create an expectation, a norm, that whenever that bad action is done it’s acceptable,” Painter said at an Australian Information Security Association event in Sydney Thursday.

“That’s bad for all of us in the long term. So how can we up our game with deterrents? Can we think of deterrent tools – consequences – we can bring that are short term, but cause pain and are reversible, so if you change your action we can pull it?”

While some of those consequences could be within the cyber realm – a ‘hack back’ – there were also diplomatic and economic deterrents that could and should be used, Painter said.

Painter was with the State Department when Sony Pictures was hacked in 2014, resulting in the theft of terabytes of sensitive documents, including a salary spreadsheet for 6000 employees, internal emails, pre-release copies of films and vast amounts of personnel data. It also broke thousands of the organisation's computers by using a destructive type of malicious software that wipes files.

After a two-week investigation the US Federal Bureau of Investigation, in a relatively rare move, claimed publicly that North Korea was responsible for the incident.

The following month then US President Barack Obama authorised new economic sanctions against people and organisations linked to the rogue state.

“[But] it’s a limited tool set. It means we need to figure out more creatively what other tools are out there. We have to come up with better consequences,” Painter said.

Read more:Macquarie Government’s cloud certified for use with classified data

In all cyber attacks, attribution can be a problem, he continued.

“When the North Korea Sony attack happened, we knew it was North Korea. And everyone knew it was North Korea before we said it was. And then when we said it was, everyone said it wasn’t! We revealed some of why we knew. But we did not reveal everything. No government ever will,” he said.

But governments shouldn’t be too hung up proving responsibility, Painter added.

“As a criminal prosecutor you have to prove beyond reasonable doubt. That doesn’t mean no doubt. It’s a high standard but it’s not absolute,” said Painter, who when Assistant US Attorney prosecuted famed hacker Kevin Mitnick.

Read more:ServiceNow joins government’s secure cloud list

“When a country looks at all the evidence and makes an attribution decision – whether they do publicly or not – that’s a political decision,” he said. “What’s the right level depends on the circumstance.

“You don’t want to be wrong obviously. But you don’t want to be so hamstrung that you end up responding to something a year later. Because that is not a deterrent. A deterrent is timely and it’s credible. And a year later it’s not.”

Offensive capabilities

Last week, the Australian government launched its first International Cyber Engagement Strategy, in which it recognised that states have “legitimate rights to develop and use cyber capabilities” but urged they be used in accordance with international law and norms of acceptable behaviour.

Read more:ASD seeks exec to lead investigations of cyber intrusions

The document says Australia has the capability to attribute malicious cyber activity to "several levels of granularity" down to specific states and individuals.

If hit by malicious cyber activity, the strategy explains that Australia could respond with “law enforcement or diplomatic, economic or military measures”, which could include “offensive cyber capabilities that disrupt, deny or degrade the computers or computer networks of adversaries”.

This week it was revealed a hacker exfiltrated non-classified information about Australia's Joint Strike Fighter programme and other military hardware last year.

Government agency, the Australian Cyber Security Centre said the attack on the defence contractor was carried out by a "malicious cyber adversary".

Speaking on ABC Radio, Minister for Defence Industry Christopher Pyne admitted: "I don't know who did it".

IDG Insider

PREVIOUS ARTICLE

«Intel launches AI-driven anti-money laundering solution

NEXT ARTICLE

Meem review: Back up iOS devices while they charge with this unique cable»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?