by Staff Writers

Davos, Switzerland (AFP) Jan 29, 2010

China, the United States and Russia are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities, according to the head of web security firm McAfee.

Dave DeWalt, chief executive and president of the US firm said the traditional defensive stance of government computer infrastructures has shifted in recent years.

"This movement from a defensive posture to a more offensive posture is just very obvious," he said on the sidelines of the World Economic Forum in Davos, Switzerland.

McAfee said it has identified at least five countries with cyberweapons, including the United States, China, Russia, Israel and France.

"We're now seeing 20 plus countries, governments arm themselves for cyber-warfare, cyber-espionage, cyber-offensive capabilities," said DeWalt.

"There's an arms race going on in cyberspace," he told AFP.

DeWalt is not the first to sound alarm bells about cyberwarfare. The UN telecommunications agency chief Hamadoun Toure warned in October that the next world war could take place in cyberspace.

Pointing to the recent attack on Google, DeWalt noted that it illustrated a shift from espionage and attacks on government infrastructure to an offensive on structure that is "commercial in nature."

Google had threatened to pull out of China due to cyberattacks which it claimed originated in the Asian giant. The complaint has escalated into a major diplomatic row.

DeWalt said the attack on Google was "really one of the first government on commercial, and potentially highly sophisticated cyberespionage really focusing in on highly intellectual property companies like Google, Adobe."

The attack, dubbed Operation Aurora, has hit over 30 companies and the number of victim firms could still grow, said DeWalt.

But it was just one of "a series of highly escalated attacks in the last 12 months."

McAfee has seen a "more than 500 percent increase in net new malware" -- harmful software such as spyware, viruses or trojans -- in the past 12 months.

"That's more malware than we have seen in the past five years combined," said DeWalt.

McAfee's latest report compiling a survey of some 600 IT security executives found that 60 percent of those who responded believe representatives of foreign governments were involved in infiltrations of their infrastructure.

Some 36 percent said the United States posed the biggest threat to their infrastructure while 33 percent named China.

The survey also found that attacks are costing 6.3 million dollars a day, or 1.75 billion dollars a year, around the world.

Service outages brought about by attacks on web infrastructure are most costly for the oil and gas sector.

"As nation states and very sophisticated criminal organisations have piled into cyberspace to engage in activities designed to steal secrets or interrupt services, the private sector is increasingly caught in the crossfire," said Stewart Baker, who authored the report.

Despite the potential damage, governments appeared to be lagging behind in taking measures to get private sector to protect their web infrastructure.

Only China appeared to be "developing a relationship with their industry... in getting companies to adopt particular security standards," said Baker, who is a visiting fellow at the Centre for Strategic and International Studies in Washington.

UN chief calls for treaty to prevent cyber war

Davos, Switzerland (AFP) Jan 30, 2010 - The world needs a treaty to prevent cyber attacks becoming an all-out war, the head of the main UN communications and technology agency warned Saturday.

International Telcommunications Union secretary general Hamadoun Toure gave his warning at a World Economic Forum debate where experts said nations must now consider when a cyber attack becomes a declaration of war.

With attacks on Google from China a major talking point in Davos, Toure said the risk of a cyber conflict between two nations grows every year.

He proposed a treaty in which countries would engage not to make the first cyber strike against another nation.

"A cyber war would be worse than a tsunami -- a catastrophe," the UN official said, highlighting examples such as attacks on Estonia last year.

He proposed an international accord, adding: "The framework would look like a peace treaty before a war."

Countries should guarantee to protect their citizens and their right to access to information, promise not to harbour cyber terrorists and "should commit themselves not to attack another."

John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to "express reservations" about such an accord.

Susan Collins, a US Republican senator who sits on several Senate military and home affairs committees, said the prospect of a cyber attack sparking a war is now being considered in the United States.

"If someone bombed the electric grid in our country and we saw the bombers coming in it would clearly be an act of war.

"If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are getting closer to saying it is an act of war," Collins said.

Craig Mundie, chief research and strategy officer for Microsoft, said "there are at least 10 countries in the world whose internet capability is sophisticated enough to carry out cyber attacks ... and they can make it appear to come from anywhere."

"The Internet is the biggest command and control centre for every bad guy out there," he said.

The head of online security company McAfee told another Davos debate Friday that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities.

Mundie and other experts have said there is a growing need to police the internet to clampdown on fraud, espionage and the spread of viruses.

"People don't understand the scale of criminal activity on the internet. Whether criminal, individual or nation states, the community is growing more sophisticated," the Microsoft executive said.

"We need a kind of World Health Organisation for the Internet," he said.

"When there is a pandemic, it organises the quarantine of cases. We are not allowed to organise the systematic quarantine of machines that are compromised."

He also called fo a "driver's license" for internet users.

"If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance."

Andre Kudelski, chairman of Kudelski Group, said that a new internet might have to be created forcing people to have two computers that cannot connect and pass on viruses. "One internet for secure operations and one internet for freedom."


http://www.spacewar.com/reports/China_US_Russia_in_cyber_arms_race_...