"In the cyber world, basic trust is lacking between nations and even between the public and private sectors," he told attendees of a security forum hosted in London by legal firm Field Fisher Waterhouse.
The problem, he says, is that technology and its use by criminals are advancing much faster than any agreements, standards, policies and recommendations aimed at providing assurances and resolving differences around communications.
But, he says, the EWI is working to get the attention and interest of the international community to find solutions to the problem.
The UK, which is the host nation of the EWI's second Worldwide Cybersecurity Summit in June, is a member of the Cyber 40 group of nations collaborating on the first steps toward an international cyberspace policy.
Other members include China and Russia, which have both started engagement programs with the EWI to build trust in relation to cyber security.
The Chinese program is aimed at addressing issues such as spam, hacking, intellectual property rights and protection of civilian infrastructure. The first expected result is a document detailing practical recommendations on reducing spam, expected in April.
The Russian program aimed at defining the core terms of cybersecurity and developing rules of engagement for cyber conflict. The first expected result is the publication of an agreed set of definitions, also expected in April.
"There is a pressing need to establish rules on cyber conflict, which is not covered by the Hague and Geneva Conventions," said Mroz.
The US Department of Defense has formally recognized cyberspace as a new domain of warfare, he said, and 66% of participants at the First Worldwide Cybersecurity Conference agreed that a treaty on cyber warfare is needed now or overdue.
The Second Worldwide Cybersecurity Summit in London will focus on improved international standards for supply chain integrity, a global framework for fighting cybercrime, and multilateral agreements on cyber conflict and rules of engagement, first raised at the 2011 Munich Security Conference.
This story was first published by Computer Weekly