Many of us have asked this question, as on page one of the newspapers was, "Attacks on computer systems of a NATO heads of state will trigger the alliance case. It would be the first alliance case since September 11, 2001, and only the second ever. On Wednesday, the Handelsblatt wrote "One thing is solved, heavy cyber attacks are likely a popular means of warfare in the 21st Century ".
background of the excitement is Stuxnet , a Computer worm attacks, the world's industrial control systems, has and thus enables the remote control and sabotage of industrial facilities, power plants, or oil pipelines. Objectives and origin of the worm are still unclear. In Iran, the worm was in a nuclear plant, and also in China, Pakistan and India, this worm spreads. Finally, it was reported that in Germany are infected computer.
Although up to now nothing "bad" happens, the case Stuxnet the subject of IT security placed on the agenda. The discussion of how we deal with this issue is still in its early stages. As rapporteur for IT security in the Interior Committee, I've obviously thought made to do so.
In Germany, the Federal Office for Information Security (BSI) for the security of communications infrastructure in charge, it has also issued to Stuxnet a recommended action. In the military sector, the Federal Office for Information Management and Information Technology of the Bundeswehr, and also referred the matter to the Strategic Reconnaissance Command's department of information and computer network operations with the issue. Until now, discussions in Germany about IT security and above all in terms of Internet crime and domestic political and constitutional implications of the security. Basically, it is
difficult to judge the character of cyber-attack, and equally difficult to make adequate institutional arrangements. As with many modern techniques, we are dealing here with "dual use" technologies, ie they can be used both for military and civilian needs. An arms race to cyberspace, we would also not notice until we were already with us. States could establish that the existing potential without resorting to classical military build international control mechanisms will be. Imagine as well that non-state actors such as terrorist groups, organized criminal hacker attacks delegate could.
Cyber attacks are largely anonymous, and the attacker can strike from anywhere. Distance to the destination has become so insignificant. The preparation of attacks may go unnoticed and be prepared in peace, the attack itself is then quick, unexpected and highly efficient. Since the localization and identification of perpetrators are very difficult, the offender also has a good chance to avoid prosecution.
How do we deal with such developments? Key question is whether we understand cyber attacks as a military or a civilian threat, and whether we think it necessary to adapt the existing structures in Germany accordingly.
In the United States the issue is mitterlweile seen from a security and military perspective. The U.S. has with USCybercom a decidedly for the defense and implementation of computer attacks its own IT-competent command of the army. 2009 President Obama has announced to spend $ 30 million for defense against cyber attacks. Currently in the U.S. held the largest ever cyber-maneuver, in order to determine how best to handle cyber attacks.
2007 Estonia was the victim of a series of attacks on critical information infrastructures, which severely affected the capacity of government and industry. The EU has subsequently Measures taken: 2009 a five-point plan to protect critical information infrastructures are situated. After becoming aware of Stuxnet came the proposal to crack down on cyber criminals. EU interior Commissioner Malmström, the threat of attacks on the Internet as estimated "enormous". NATO also has been 2008, "Cyber Defense Plan ." During the negotiations on the new strategic approach is being discussed at a greater weight of the body's own capacity in the field of IT security. The NATO summit in Lisbon on 19 and 20.11. is certainly the signs are of cyberwar. But whether the establishment of a common defense strategy -structure and is decided at the moment seems doubtful. The prevention of cyber-attacks is in principle possible but requires a degree of offensive capacity. This means that include a military concept, as in NATO would be the case, an attack component and strategy would have. This seems to me in the face of the consensus principle of NATO is difficult to communicate. The international legal assessment of such novel attacks is still at the beginning. So if on cyber-WAR, that war is spoken, it must be secured clear to what extent and in what situations, a State also must defend actively.
will also evaluate whether cyber attacks fall under the prohibition of force by the United Nations if, for example, the failure of critical systems or theft of data goes. This is primarily because the word "violence" is not defined. Even when self-defense law (Chapter VII, Article 51) are unclear, for example, whether a preemptive strike in self-defense is allowed if it is clear that an attack is imminent.
These questions are all very controversial, mainly because the authorship of attacks - and the responsibility of the State - can often not be clarified.
What steps can we take now? Examples would be: Improved national coordination responsibilities for defensive measures in case of an attack, increased international cooperation, both bilateral and multilateral basis complementary to the negotiations in the security organizations, better cooperation between government and industry, and the procurement latest technologies, education and training in the use of communication and information technologies.
I think we should not now speak of "war". The report the BSI on the "situation of IT security in Germany 2009" confirms a serious threat to Germany. Almost everyone depends on "cyberspace" or even from him, and attacks may therefore political, have social, economic and military consequences, as well as great destruction potential. How to deal with cyber attacks, depends primarily on what is the target of the attack, and where the attack comes from. Just because these two points are difficult to determine, there is much need for discussion. The question is how much power we want to give in this context, the law enforcement authorities. One thing is clear: We do not install a European NSA!
We have to deal so closely with the subject, but to speak of a war I feel right now for the first time too far.
- Jimmy Schulz 
0 comments:
Post a Comment