Cyber weapons will never be completely eliminated but bi-lateral agreements between countries about the use of these weapons could establish boundaries, according to RSA executive chairman Arthur W. Coveillo.
Speaking at a press briefing during the RSA Asia Pacific & Japan conference, Coveillo told Computerworld Australia that governments and the public need to start viewing cyber weapons with the "same level of disgust" given to the use of chemical or nuclear weapons.
"I'm not naive to suggest that we are going to eliminate the possibility of cyber weapons any more than we have eliminated nuclear weapons. If we can get the world to agree that this would be an incredibly bad thing for all of humanity, we will be a lot better off," he said.
Coveillo pointed out that the United States Department of State released a document (PDF) on cyber stability which suggested the use of bi-lateral agreements.
"Agreements – formal or informal – on what constitutes the limits between state-sponsored exploitation and armed attack would greatly assist national decisions on redress and response by targeted nations," read the document.
"Specifically, while recognising that the distinctions between different levels of attack are ultimately political, it would be useful to identify explicit criteria for different levels of attack based on military, economic, social and technical considerations," the document said.
However, Coveillo did not think a world-wide treaty on cyber weapons would work.
"We have a Kyoto Treaty around global warming and a number of nations have signed it. How's that working out for us? Not so good."
He said that international governments needed to communicate with each other better about the use of cyber weapons.
According to Coveillo, the Edward Snowden leaks are "not helping" because governments don't trust each other.
"Independent of that, industries and security vendors have started to exchange information. The problem is that we have too much of a good thing. We're sharing so much information that we're not doing it in a coherent way."
For example, he said that companies may receive a security data feed from one vendor, followed by an industry group's data feed.
"We're not getting enough actionable information or in a way that's useful to us, it's just a data dump."
Read more: Changing times in the CSO suite
- We must end cyber warfare: RSA's Arthur Coveillo
- New laws won't increase spying: govt
- Cyberwarfare unfreezing a new Cold War warns McAfee CSO
RSA post the 2011 breach
Coveillo was asked by Computerworld Australia what the company had done to improve its defences since the March 2011 breach where hackers compromised RSA's SecureID token technology.
At the time, RSA sent out a letter to customers which confirmed that information taken from the company in March had been used as an element of an attempted broader attack on US defence contractor Lockheed Martin.
"The lessons [from the breach] were that we had to be better and faster at analysing the data," said Coveillo.
"There are two good things that came out of that breach. The first is that we were fast enough to know that at least we had been breached and that no customer suffered a loss as a result of our breach.
“Second, it created a sense of urgency within RSA to do even better with the capabilities we bring to market. I can go into a customer now and say I have something that no other vendor has: Empathy."
Coviello added that Lockheed Martin is a "go-to-market" customer for RSA products.