LAS VEGAS – Attribution is one of the biggest problems on the internet when it comes to cyberwarfare. How do you hold a nation responsible for malicious attacks if you can't determine whether the activity was state-sponsored?

Retired General Michael Hayden, former director of the National Security Agency, said Thursday that one solution being discussed in government is to simply forget about trying to determine if the source of an attack is state-sponsored and hold nations responsible for malicious activity coming from their cyberspace. His words were greeted with applause from the audience of computer security professionals.

"Since the price of entry is so low, and ... it's difficult to prove state sponsorship, one of the thoughts ... is to just be uninterested in that distinction and to actually hold states responsible for that activity emanating from their cyberspace," said Hayden during his keynote address at the Black Hat security conference. "Whether you did [the attack yourself] or not, the consequences for that action [coming from your country] are the same."

Asked later for examples of what the consequences to a nation might be, he suggested some kind of cyberexile, or a response that would thwart the flow of the internet from the suspect country in a way that would slow their cybercommerce and ability to communicate.

Hayden, who is currently a principal at the Chertoff Group, a security consultant company founded by former Homeland Security Secretary Michael Chertoff, focused his talk on cyberwarfare and acknowledged that the term is thrown "pretty much at anything unpleasant."

He said the U.S. military doesn't consider intelligence attacks acts of war but the kind of "normal espionage thing that routinely happens between states."

"Without going into great detail, we're actually pretty good at this, and the Chinese aren't the only ones doing this," he said.

Outside of this, the U.S. and international community haven't made much progress in determining what would actually constitute an act of war in this domain, but he said there have been some initial discussions about the idea of having global agreements to restrict certain kinds of activity. He cited denial-of-service attacks as an example of one type that could be restricted under a kind of Geneva Convention agreement on the rules of cyberwar.

"That is such an easily available weapon that we [might decide we] ought to stigmatize its use so that adult nations don't do it and they don't allow it to happen from their sovereign space – that's one thought," he said.

He also said ideas have been raised about forming the cyber equivalent of demilitarized zones for sensitive networks, such as the power grid and financial networks, that would be off-limits to attack from nation states. He acknowledged that this contradicts the view in kinetic warfare where attacks on power grids and other infrastructures are considered legitimate targets.

In a press conference following his talk, Hayden was asked about cyberespionage and whether the United States considers collateral damage that could occur as a result of such activity by the United States, such as an incident that reportedly occurred in the early '80s in Russia.

In 1982, the United States reportedly sabotaged the Siberian pipeline through a logic bomb planted in software, causing an explosion. The United States learned from a Russian scientist that the Soviets were stealing data on U.S. technology, so the CIA hatched a plot to insert the logic bomb into software headed to Russia to operate pumps, valves and turbines on the Siberian natural gas pipeline.

At a pre-programmed time, the malware caused excessive gas pressure to build on the valves, resulting in an explosion that was captured by orbiting satellites. Although there were no human casualties, there might have been under different circumstances if the explosion had occurred in a populated area.

Hayden acknowledged during his keynote that there are problems with anticipating consequences of cyberwarfare attacks.

"You can never do anything in this domain without something going pop in [the physical world]," he said. "At the end of the day, it really isn't a videogame and something's going to happen in somebody's physical space."

He added that in considering the possibilities for collateral damage from a cyberattack, generally the military considers whether the good that is perceived to come out of an action greatly outweighs the possible unintended consequences. But with cyberattacks, the consequences can be much less predictable.

"When you do this, are lights still going to be on on the eastern seaboard?" he said. "When you do something in the cyberdomain, you're asking a policy maker to accept a risk that's probably a little less measurable than a parallel operation outside of cyberspace.... The thinking on cyberstuff is so immature that, if we're not careful, they'll become the special weapon of the 21st century like nuclear weapons were [in the last century] that you really had to have the president in the room before you could use them."

Hayden was asked about WikiLeaks and the possible repercussions that will come from the secret-spilling site publishing 77,000 intelligence documents on the Afghanistan war.

"This is an interesting aspect of a cyberwar [that] would not exist in physical space," he said. "So, how now do we deal with this? Can we sustain espionage? Will it be possible for America to spy if this cultural trend is not modified or muted ...? We have less control of our secrets than some other states."

Hayden said the intelligence community will likely push back against open intelligence-sharing initiatives that evidently made this and other documents published by WikiLeaks vulnerable to leaking. After the 9/11 terrorist attacks, the government made the sharing of intelligence easier in order to combat criticism that people responsible for defending the country didn't have the information they needed. As a result, intelligence reports and documents were made available to a much wider group of people in the government and military.

Hayden said "it's going to take very strong leadership" to ensure that there isn't a knee-jerk reaction that simply closes access to intelligence going forward."

Photo courtesy U.S. government

See also: