RSA executive chairman Arthur W. Coviello has called for an end to cyber warfare before an international incident happens.
Speaking at the RSA Asia Pacific & Japan conference in Singapore, Coviello acknowledged that China and the United States have had a long and, at times, "interesting relationship."
"That relationship has been deteriorating lately due to the fact that both countries are engaged in digital activities that the other finds offensive," he told delegates.
"The Chinese complain about the National Security Agency [NSA’s] digital intelligence gathering. The US complains about Chinese cyberespionage designed for economic gain. In May , the US Justice Department took it up a notch by indicting five Chinese military officers for this type of activity. As a result, the nascent work on cyber crime prevention that had been developing between the two countries ground to a halt. Trust me, both nations are the poorer for it."
In addition, Coviello said long-standing relationships between the US and European countries, such as Germany, have become strained due to a "growing cloud of distrust" about each other's digital agenda.
On 8 July, an employee with Germany's intelligence agency, Bundesnachrichtendienst (BND), was arrested for allegedly acting as a double agent for the US. The BND employee allegedly received money to pass information to a US contact.
In October 2013, German officials alleged that US intelligence agencies may have spied on German Chancellor Angela Merkel’s mobile phone.
According to Coviello, the current online situation is not to "anyone's benefit" - unless you are a cyber criminal or hacktivist.
"Let’s begin to create the rules of engagement, the rules of the road for the digital highway. We must work with our governments to establish national and international policies that are appropriate for this interdependent age. We have to do this or we risk losing the potential, if not the very sustainability, of the digital world," he said.
- AusCERT 2014: Security in a world of surveillance
- New laws won't increase spying: govt
- Privacy International files complaint against Australian Signals Directorate
Coveillo shared four principles that could serve as a "potential foundation" for the digital rules of engagement.
"First, we must renounce the use of cyber weapons, and the use of the Internet for waging war," he said.
"The genie is out of the bottle on the use of cyber weaponry, and unlike nuclear weapons, cyber weapons are easily propagated and can be turned on the developer. Paraphrasing a famous quote, those who seek military advantage riding the back of the tiger will end up inside," said Coviello.
He added that the world did not need to "stumble into a cyberwar" and compared the current situation to the events which began World War I. In June 1914, Austrian Archduke Franz Ferdinand was assassinated by Bosinan Serb extremist Gavrilo Princip.
"Think of an incident like the assassination of the Austrian Archduke. Now think about how easy it would be today for extremists or terrorists to cause a kinetic cyber incident; in other words, a cyber incident that causes physical destruction."
According to Coveillo, people must develop the "same abhorrence" to cyber war as nuclear and chemical war.Read more: Australia needs to lead cybersecurity collaboration
"We must also cooperate internationally in the investigation, apprehension and prosecution of cyber criminals," he said.
"The only ones deriving advantage from governments trying to gain advantage over one another on the Internet are the criminals. Our lack of immediate, consistent and sustained cooperation, globally, gives them the equivalent of safe havens."
Thirdly, governments should ensure that economic activity on the Internet can proceed and that intellectual property rights are respected around the world.
"The benefits to all of us from productivity improvements in commerce, research, and communication are too valuable, to not achieve agreement on the rule of law. Rule of law must prevail over selfish national interests," said Coveillo.
Finally, people must "respect, and ensure the privacy of all individuals."
"Our personal information has become the true currency of the digital age and while it is important that we are not exploited, it is even more important that our fundamental freedoms are protected," he said.
However, he added that with personal freedom comes responsibility.
"Governments have a duty to create and enforce a balance that embraces individual rights and collective security." According to Coveillo, this balance must also be based on a "fair governance model and transparency."
"We have the power to secure the digital world if we choose to. For the sake of our collective future, we can do no less," he said.
Hamish Barwick travelled to RSA Conference APAC & Japan as a guest of RSA
Follow Hamish Barwick on Twitter: @HamishBarwickChanging times in the CSO suite Read More:
- Three elements that every advanced security operations center needs
- Sony hack is a corporate cyberwar game changer
- Perimeter security no longer enough: RSA