Source: Gerry Blackwell, eSecurityPlanet:
It’s about time the international community came to grips with long festering issues around cyber warfare and cyber espionage, issues that were raised again recently by the attacks on Google and others in China.
We need a Geneva Convention for the Internet domain.
Enterprise IT security professionals also need to step up and confront the implications of these latest attacks.
Now maybe both things will happen.
Google’s uncompromising response to the organized and apparently politically motivated attacks on its infrastructure and users in China was exactly the right one and just the spur to global action needed.
The first significant action came on cue late last week with Secretary of State Hilary Clinton demanding an explanation from the Chinese government.
Much more has to happen before any real progress can be made, but Clinton’s statement keeps pressure on the Chinese. They might be able to brush off Google. Brushing off the U.S. government will be another thing.
Clinton weighing in also keeps cyber espionage at the top of the information security agenda in the West, and in the public eye, where it most certainly belongs.
This is not the first time China has been at the center of a storm of protest over alleged cyber espionage.
A year ago, a team of Canadian investigators exposed what it dubbed GhostNet – organized deployment of spy bots on computers owned by hundreds of government and non-government organizations around the world, including the Tibetan government in exile in Lhasa, India. Even the Dalai Lama’s personal computer was infected.
The Canadian team led by SecDev.cyber, an Ottawa-based security consulting firm, and The Citizen Lab, a University of Toronto research institute, were able to trace the source of infections to specific DSL IP addresses on Hainan Island—where Chinese military intelligence is known to have signals operations.