This is a follow-up posting to my previous posts on “First Strikes in Cyberwar”, “Learn APT Remediation Basics” and “The Realities of Advanced Persistent Threats”. It also has implications for the discussions we had based upon on Haileys’ posting titled “Retaliation as A Security Strategy”.

The Upcoming Tallinn Manual

Last year at BlackHat I met and spoke with General Keith Alexander, director of the NSA and commander of the U.S. Cyber Command. This year at DEFCON  he presented and made an argument to the attendees (ethical and non-ethical hackers and IT professionals and researchers), that the U.S. government could use their help in defending both the country and the Internet. The goal of his talk was to attempt to demystify the NSA and seek the help of cyber-experts in defining a new Internet infrastructure. One that is easier to defend and monitor against cyber-threats and for the development of new security standards.  This may also be related to the discussion on the Point2Security site related to the ”Cybersecurity Act Thwarted in Senate” posting by Hailey.  As I commented in a reply to that posting, I am hoping that this is the government reaching out to the experts to help develop realistic policy.

Last year at BlackHat, General Alexander was a Key Note speaker. He spoke about the difficulty he and his cyber command had with the attribution of cyberattacks and then deciding, which attacks warranted an armed response.

It seems that a new non-binding manual called the “Tallinn Manual” will shortly be published, and it will begin to draw the boundaries needed to define when an armed response may be justified under the international laws of armed conflict (See the IEEE article “Declaration of War”).

This is taking the discussion we had about Hailey’s  posting titled “Retaliation as A Security Strategy” to new higher level.  In this new manual they will be attempting to define when a cyberattack can be deemed an “armed attack”. This term has special meaning in international law and not all cyberattacks will necessarily rise to the level of an “armed attack”.  This is important because a conventional armed response (guns, missiles, troops, etc.) could be what occurs after a cyber “armed attack”.

It is very important to remember that before 9/11 even though our intelligence community was telling us about Al Qaeda and the threat they posed no one took the threat as that serious and the necessary preventive measures to prevent 9/11 were not put in place. I hope that we are not doomed to repeating history again.  Some of the highest U.S. military leaders supported and advocated for the new Cybersecurity Act, yet it did not get through the Senate.  Thankfully, people like General Alexander see the reality of the threat and they are doing everything they can to prepare adequately for the eventuality of cyberattack.

The Small Business Preparedness for Cyberattack

Given the trends in cyberwar and the formulation of the Tallinn Manual, I think it is more than appropriate for small business to also prepare for cyberattacks.  I will repeat my quote from one of Intel’s most famous leaders, Andy Grove, said “Only the paranoid survive.” I think all of us from individuals to companies and government must take the threat of cyberwar and cyberattacks more seriously. We cannot guarantee that we will be able to detect and prevent every attack but certainly there is enough expertise and knowledge to prevent the currently known attacks.  We must take a hard look at cyber threats and cybersecurity and then determine if we are adequately prepared to defend ourselves from cyberattacks. Let’s not let our current successes in preventing cyberattacks lull us into complacency but rather let us be prepared as best as we can for what seems to be coming.