US says cybersecurity covered by law

LONDON - America's new cyber czar said Wednesday that international law and cooperation - not another treaty - were enough to tackle cybersecurity issues for now.

Christopher Painter, coordinator for cyber issues for the State Department, declined to comment on a Wall Street Journal report suggesting that the Pentagon was considering a policy to classify some cyberattacks coming from another country as acts of war. He said most of the reports were based on "things that are not released, haven't been released, or haven't been discussed."

He did, however, say that President Obama's recent cybersecurity strategy covered many different aspects, ranging from international freedoms to governance issues and challenges facing the military.

"We don't need a new treaty," he told the Associated Press as he arrived for an international cybersecurity summit in London. "We need a discussion around the norms that are in cyberspace, what the rules of the road are, and we need to build a consensus around those topics."

Hundreds of international delegates from governments and the private sector converged for the two-day conference to try to agree on the basics: how to enforce cybersecurity regulations across borders, what to do about countries that don't want to be regulated, how to protect government and company data, and who will ultimately control cyberspace.

Shawn Henry, executive assistant director of the FBI, said enforcing laws across borders was key in catching cybercriminals - many of whom have the same goals.

"You have crime syndicates or individuals looking to steal money, you have foreign governments looking to steal state secrets, and you have terror groups looking for a way to cause disruptions," he told the AP. "Luckily, we've had quite a few successes recently."

The FBI works with local law enforcement agencies in some 75 countries, often embedding with local officers.

Michael Rake of BT Group P.L.C., one of the world's largest telecommunications companies, warned that world powers were being drawn into a high-tech arms race, with many already able to fight a war without firing a single shot.

"I don't think personally it's an exaggeration to say now that basically you can bring a state to its knees without any military action whatsoever," Rake said. He said it was "critical to try to move toward some sort of cyber technology nonproliferation treaty."

The suggestion drew a mixed response from cyberwarriors gathered in London for a conference on Internet security, although at least one academic praised it for highlighting the need to subject online interstate attacks to some kind of an international legal framework.