Last month, the Netherlands hosted the Global Conference on Cyberspace 2015, which brought together nearly 2,000 government officials, academics, industry representatives and others. I chaired a panel on cyberpeace and security that included a Microsoft vice president and two foreign ministers. This “multi-stakeholder” conference was the latest in a series of efforts to establish rules of the road to avoid cyberconflict.
The capacity to use the Internet to inflict damage is now well established. Many observers believe the US and Israeli governments were behind an earlier attack that destroyed centrifuges at an Iranian nuclear facility. Some say an Iranian government attack destroyed thousands of Saudi Aramco computers. Russia is blamed for denial-of-service attacks on Estonia and Georgia. And in December, US President Barack Obama attributed an attack on Sony Pictures to the North Korean government.
Until recently, cybersecurity was largely the domain of a small community of computer experts. When the Internet was created in the 1970s, its members formed a virtual village; everyone knew one another, and together they designed an open system, paying little attention to security.
Then, in the early 1990s, the World Wide Web emerged, growing from a few million users to more than 3 billion today. In little more than a generation, the Internet has become the substrate of the global economy and governance worldwide.
Several billion more human users will be added in the next decade, as will tens of billions of devices, ranging from thermostats to industrial control systems (the “Internet of Things”).
All of this burgeoning interdependence implies vulnerabilities that governments and non-governmental actors can exploit. At the same time, we are only beginning to come to terms with the national-security implications of this.
Strategic studies of the cyberdomain resemble nuclear strategy in the 1950s: Analysts are still not clear about the meaning of offense, defense, deterrence, escalation, norms and arms control.
The term “cyberwar” is used very loosely for a wide range of behaviors, ranging from simple probes, website defacement, and denial of service to espionage and destruction. In this, it reflects dictionary definitions of “war,” which include any organized effort to “stop or defeat something that is viewed as dangerous or bad” (for example, “war on drugs”).
A more useful definition of cyberwar is any hostile action in cyberspace that amplifies or is equivalent in effect to major physical violence. Determining whether an action meets that criterion is a decision that only a country’s political leaders can make.
There are four major categories of cyberthreats to national security, each with a different time horizon and (in principle) different solutions: cyberwar and economic espionage, which are largely associated with states, and cybercrime and cyberterrorism, which are mostly associated with non-state actors. The highest costs currently stem from espionage and crime, but the other two may become greater threats over the next decade than they are today. Moreover, as alliances and tactics evolve, the categories may increasingly overlap.
During the Cold War, ideological competition limited US-Soviet cooperation, but both sides’ awareness of nuclear destructiveness led them to develop a crude code of conduct to avoid military confrontation. These basic rules of prudence included no direct fighting, no first use of nuclear weapons, and crisis communication, such as the Moscow-Washington hotline and the Accidents Measures and Incidents at Sea agreements.
The first formal arms-control agreement was the 1963 Limited Test Ban Treaty, which can be considered mainly an environmental treaty. The second major agreement was the 1968 Nuclear Non-Proliferation Treaty, which aimed at limiting the spread of nuclear weapons. The US and the Soviet Union perceived both agreements as positive-sum games, because they involved nature or third parties.
Similarly, the most promising areas for early international cooperation on securing cyberspace are problems posed by third parties such as criminals and terrorists.
Russia and China have sought a treaty for broad United Nations oversight of the Internet. Though their vision of “information security” could legitimize authoritarian governments’ censorship, and is therefore unacceptable to democratic governments, it may be possible to identify and target behaviors that are illegal everywhere.
Limiting all intrusions would be impossible, but one could start with cybercrime and cyberterrorism. Major states would have an interest in limiting damage by agreeing to cooperate on forensics and controls.
Of course, historical analogies are imperfect. Obviously, cybertechnology is very different from nuclear technology, particularly because non-governmental actors can exploit it much more easily.
Nonetheless, some institutions, both formal and informal, already govern the basic functioning of the Internet. The US wisely plans to strengthen the non-governmental Internet Corporation for Assigned Names and Numbers (ICANN) by having it supervise the Internet “address book.” There is also the Council of Europe’s 2001 Convention on Cybercrime, with Interpol and Europol facilitating cooperation among national police forces. And a UN Group of Government Experts has been analyzing how international law relates to cybersecurity.
It is likely to take longer to conclude agreements on contentious issues such as cyberintrusions for purposes like espionage and preparing the battlefield. Nonetheless, the inability to envisage an overall cyb--------erarms-control agreement need not prevent progress on some issues now. International norms tend to develop slowly. It took two decades in the case of nuclear technology. The most important message of the recent Dutch conference was that massive cybervulnerability is now nearing that point.
Joseph Nye is a professor at Harvard University.
Copyright: Project Syndicate
A series of strong earthquakes in Hualien County not only caused severe damage in Taiwan, but also revealed that China’s power has permeated everywhere. A Taiwanese woman posted on the Internet that she found clips of the earthquake — which were recorded by the security camera in her home — on the Chinese social media platform Xiaohongshu. It is spine-chilling that the problem might be because the security camera was manufactured in China. China has widely collected information, infringed upon public privacy and raised information security threats through various social media platforms, as well as telecommunication and security equipment. Several former TikTok employees revealed
For the incoming Administration of President-elect William Lai (賴清德), successfully deterring a Chinese Communist Party (CCP) attack or invasion of democratic Taiwan over his four-year term would be a clear victory. But it could also be a curse, because during those four years the CCP’s People’s Liberation Army (PLA) will grow far stronger. As such, increased vigilance in Washington and Taipei will be needed to ensure that already multiplying CCP threat trends don’t overwhelm Taiwan, the United States, and their democratic allies. One CCP attempt to overwhelm was announced on April 19, 2024, namely that the PLA had erred in combining major missions
The Constitutional Court on Tuesday last week held a debate over the constitutionality of the death penalty. The issue of the retention or abolition of the death penalty often involves the conceptual aspects of social values and even religious philosophies. As it is written in The Federalist Papers by Alexander Hamilton, James Madison and John Jay, the government’s policy is often a choice between the lesser of two evils or the greater of two goods, and it is impossible to be perfect. Today’s controversy over the retention or abolition of the death penalty can be viewed in the same way. UNACCEPTABLE Viewing the
At the same time as more than 30 military aircraft were detected near Taiwan — one of the highest daily incursions this year — with some flying as close as 37 nautical miles (69kms) from the northern city of Keelung, China announced a limited and selected relaxation of restrictions on Taiwanese agricultural exports and tourism, upon receiving a Chinese Nationalist Party (KMT) delegation led by KMT legislative caucus whip Fu Kun-chi (傅崑萁). This demonstrates the two-faced gimmick of China’s “united front” strategy. Despite the strongest earthquake to hit the nation in 25 years striking Hualien on April 3, which caused