...the security of cryptographic systems, but said cryptographic systems themselves could still be undermined.
"We really can't rely on crypto systems," Schneier told ZDNet.co.uk. "War is historically waged in every theatre — land, sea, air — and that now includes cyberspace. War happens everywhere, and war will now have a cyberspace component." Schneier questioned the capabilities of cyber-terrorists to shut down critical national infrastructure systems, however, as those systems have controls such as manual overrides.
Alan Paller, director of the SANS institute, said at a separate RSA Conference forum that greater data-sharing was required in order to counteract the effects of politically motivated attacks on information systems.
"Our one great failure is information sharing," said Paller. "It's really bad. I was talking to the CEO of a major bank recently, and asked him if the bank shared information with governments. He said he shared information with [the UK Centre for the Protection of Critical National Infrastructure]. I asked him if he shared the information with US sectors, and he said 'Oh never, never'."
Speaking to ZDNet.co.uk after the forum, Paller said that, while he disliked the term "cyber cold war", countries were developing cyberwarfare capabilities.
War is historically waged in every theatre — land, sea, air — and that now includes cyberspace
Bruce Schneier
"Right now, 25 countries have military cyberwarfare teams," said Paller. "By 'warfare' I mean spying and stealing data — not blasting people yet. And yes, we are giving up more of our privacy [as a result]." Sun's Diffie questioned this loss of privacy, asking: "Are we going to have to surrender everything to internet policing methods, or can we find systems barrier methods which will give individuals some degree of autonomy and security?"
Welch, however, said threats to critical national infrastructures currently came from terrorists more than countries, saying he did not "see nation states at this point as a high threat".
"In China and Russia the capability exists [to attack critical national infrastructures], but I can't imagine how nation states would be motivated to do that," said Welch, adding: "It's very clear that we've seen lots of probing, so those who could potentially cause harm do understand how our networks operate. All it takes is some motivation served by shutting down the system. My perception is that terrorists have objectives, and they weigh the risks versus the probability of success. If they wanted to create short-term chaos they probably would not be motivated to attack the critical national infrastructure — it would likely be part of an organised concerted attack that shut down multiple networks."
