Debate Club

A Treaty Would Do Nothing to Prevent Cyberterrorist Groups


No, not yet. But possibly in the future.

Traditional arms control approaches do not work well in thinking about the world of cyberwar, and many obstacles stand in the way of such a treaty today. A treaty would not constrain the behavior of sub-national entities (e.g., terrorist groups, organized crime), which have some interest and capability to wage cyberwar. The instruments of cyberwarfare are technically hard to distinguish from those of cyberespionage, and the latter is not illegal under international law since all nations pursue it. Accountability would be difficult to enforce, given a lack of clarity about who might be responsible for a cyberattack that rises to the level of "warfare." Verification of a treaty that banned the instruments of cyberwarfare would be virtually impossible.

Before we are ready to begin negotiating any kind of treaty regarding cyberwarfare, a few preliminary steps are in order.

[Read: NSA Built Stuxnet, But Real Trick Is Building Crew of Hackers]

First, research is needed on whether some kind of arms control agreement in cyberspace, whose scope and nature are as yet unknown, could still be useful. The fact that traditional arms control doesn't extend well into cyberspace should not be taken to mean that no form of cyberarms control is feasible.

Second, nations concerned about cyberwarfare should seek common ground. "Common ground" might include developing a common language with which to describe the issues, such as understanding what activities constitute a significant cyberattack; how might damage or harm from a cyberattack be assessed; what activities might constitute evidence of hostile intent; how should cyberexploitation and intelligence-gathering be differentiated from cyberattacks; how, if at all, should exploitations for economic purposes be differentiated from exploitations for national security purposes; how, if at all, should military computer systems and networks be separated from those of the civilian population; how to determine the significance of nonstate parties that might launch cyberattacks; and how nations might respond to such attacks.

[Read the U.S. News debate: Should the Congress Pass CISPA?]

Third, it may be possible to reach agreement regarding certain topics in cyberspace outside the domain of national security. For example, many nations recognize fraud and child pornography as significant problems in cyberspace and have to some extent agreed on measures to deal with them. Protection of national infrastructures from third-party attacks may be another common interest.

If the steps above bear fruit, the resulting regime may go a long way toward laying the foundation for a more far-reaching treaty regarding cyberwarfare should that be deemed desirable.

Herbert Lin

About Herbert Lin Chief Scientist of the Computer Science and Telecommunications Board of the National Research Council.

international treaties

Other Arguments

12 Pts
Cyberwarfare Treaty Would Be Premature, Unnecessary, and Ineffective

No – Cyberwarfare Treaty Would Be Premature, Unnecessary, and Ineffective

Sean Lawson Assistant Professor at the University of Utah

12 Pts
International Cyberwar Treaty Would Quickly Be Hacked to Bits

No – International Cyberwar Treaty Would Quickly Be Hacked to Bits

Jon Lindsay Research Fellow at the University of California Institute on Global Conflict and Cooperation at UC-San Diego.

7 Pts
Setting International Norms on Cyberwar Might Beat a Treaty

No – Setting International Norms on Cyberwar Might Beat a Treaty

Martin Libicki Author of 'Cyberdeterrence and Cyberwar'

5 Pts
A Cybersecurity Treaty Is a Bad Idea

No – A Cybersecurity Treaty Is a Bad Idea

James Lewis Director of the Technology and Public Policy Program at the Center for Strategic and International Studies

You Might Also Like