“Cyberwar, we’re doing it completely wrong,” said Marcus Ranum (@mjranum), CSO for Tenable Network Security who doesn’t believe it’s being treated seriously. “People don’t ask, ‘What’s the geopolitical background under which such attacks could take place?’”
Before his presentation at the 2012 RSA Conference in San Francisco, I spoke with Ranum about his concern with how we’re handling cyberwar preparations since it doesn’t operate like regular war. The big difference between regular war and cyberwar is that most of the targets for cyberwar will be civilian infrastructure, said Ranum.
“You could argue that out of the gate cyberwar is going to be war crimes,” said Ranum. “If you’re talking taking out an electronic infrastructure preparatory to a ground attack you’re talking about shutting down their hospitals and shutting down their businesses, shutting down their stock exchange, shutting down their street lights, and screwing people’s lives up. These are all contrary to the civilized laws of how wars are supposed to be fought.”
“We, the security practitioners, could find ourselves in the position of being like the nuclear weapons scientists who were in the 1960s,” warned Ranum, “They’re now kind of going, ‘Uh oh, what did we start rolling here?’”
Stock photo of “Destroy” button courtesy of Shutterstock.