Introducing Swiss Cyber Storm 2017 Speaker Clément Guitton
There have been a few statements by Swiss politicians lately, trying to funnel more money into the army to grow real cyber units with extensive attack capabilities. Initiatives as this have been around for a while and usually I do not bother, but the statements are growing more systematic in recent weeks. On top of it, they coincidence with the ongoing definition of the 2nd edition of the National Cyber Strategy (“Nationale Strategie zum Schutz der Schweiz vor Cyber-Risiken”) and this makes the discussion a bit unsettling.
There is a case though. The NCS aims to define a policy for the non-military domain and the non-crisis situations. So what is the role of the military in all of this and what do you do when there is a national crisis? I see room for discussion and the military seems overly limited in its cyber defense resources and capabilities. But I doubt the idea of so called “offensive defense” in cyberspace and I certainly don’t buy into the plan to train militia soldiers in four months to become national “cyber warriors”. There are many cases that can be brought up against this idea, and I am quite sure that attribution is often one of them.
Difficulties around investigating cyber attacks and, eventually, identifying the instigators mean that the process is far from being straight forward. Naturally, that means that we need to take into consideration these different difficulties around attribution when looking at retaliation. Combining a lack of reliable information with extensive attack capabilities in the hands of under-trained amateurs would certainly create a dangerous mix. It would be like putting soldiers with a rifle into the fog and asking them to return the fire hoping to hit the attacker.
Clément Guitton, Political Risk Analyst, SwissRe
Attribution is notoriously tough. Maybe that’s why you’ve read little constructive essays about the topic. Enters Dr. Clément Guitton. Clément Guitton received his PhD from the Department of War Studies at King’s College, London, and worked as an analyst with the Department of Defense in Switzerland. In June, he joined SwissRe as a political risk analyst. A few weeks before, he published “Inside the Enemy’s Computer. Identifying Cyber Attackers”, a book focusing on attribution that received much acclaim.
The acclaim is entirely justified since Clément Guitton really sat down, put things into perspective and added the necessary and unavoidable political dimension to attribution. He provides a dependable framework to navigate attribution cases and come to reliable conclusions.
Clément Guitton’s book about the attribution problem
This means that Clément Guitton’s much needed input has brought light into a dark area of our profession. How such conclusions translate for Switzerland, a small country with little leverage, especially when compared with the usual countries at the center of attention (think of the US, Russia, China, Iran), makes up for an exciting discussion. For instance, Switzerland has made veiled allegations that it thinks Russia stood behind several attacks on our country. But realistically, what can the country do next? How can Switzerland deter or even retaliate? What would a strategy look like? Such a strategy would probably have to encompass non-cyber attack related measures, ranging from the diplomatic (and ineffective) slap on the wrist to financial sanctions that have a high potential to spiral out of control rapidly. Outside of being not in our own interest.
Let’s hear what Dr. Clément Guitton has to tell us. Register here to reserve a tickets and join us at the Swiss Cyber Storm Conference on October 18, 2017, in Lucerne. More infos about the program can be found here
More about Clément Guitton: