“cyberwarfare” is such a broadly used term that it might be hurting efforts by countries to agree how to cooperate on Internet security.
“Lots of times, there’s confusion in these treaty negotiations because of lack of clarity about which problems they’re trying to solve,” said Scott Charney, vice president of Microsoft Corp.’s Trustworthy Computing Group, before a speech at the Worldwide Cybersecurity Summit.
Cyberwar is a catchall phrase: It’s often used to refer to everything from purely financial crimes to computer attacks that could kill people by blowing up an oil pipeline.
If the “war” metaphor is problematic, there could be an important consequence. It might shift responsibility onto the government, in the minds of some in private industry, for fighting the attacks. Instead, experts at the Dallas summit said, it should be a joint effort, particularly when it comes to control systems for critical infrastructure.
“As soon as you say `war,’ people think, `That’s a government problem,'” said James Isaak, president of the IEEE Computer Society. “And if that’s not the nature of the problem we’re dealing with, that’s a disservice.”
Charney, of Microsoft, believes cyber threats should be better differentiated. He proposes four categories: conventional computer crimes, military espionage, economic espionage and cyberwarfare. That approach, he argues, would make it easier to craft defenses and to discuss international solutions to each problem.