Debate Club

An International Cyberwar Treaty Is the Only Way to Stem the Threat

By SHARE

We're in the early years of a cyberwar arms race. It's expensive, it's destabilizing, and it threatens the very fabric of the Internet we use every day. Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat.

If you read the press and listen to government leaders, we're already in the middle of a cyberwar. By any normal definition of the word "war," this is ridiculous. But the definition of cyberwar has been expanded to include government-sponsored espionage, potential terrorist attacks in cyberspace, large-scale criminal fraud, and even hacker kids attacking government networks and critical infrastructure. This definition is being pushed both by the military and by government contractors, who are gaining power and making money on cyberwar fear.

[Check out our collection of political cartoons on defense spending.]

The danger is that military problems beg for military solutions. We're starting to see a power grab in cyberspace by the world's militaries: large-scale monitoring of networks, military control of Internet standards, even military takeover of cyberspace. Last year's debate over an "Internet kill switch" is an example of this; it's the sort of measure that might be deployed in wartime but makes no sense in peacetime. At the same time, countries are engaging in offensive actions in cyberspace, with tools like Stuxnet and Flame.

Arms races stem from ignorance and fear: ignorance of the other side's capabilities, and fear that their capabilities are greater than yours. Once cyberweapons exist, there will be an impetus to use them. Both Stuxnet and Flame damaged networks other than their intended targets. Any military-inserted back doors in Internet systems make us more vulnerable to criminals and hackers. And it is only a matter of time before something big happens, perhaps by the rash actions of a low-level military officer, perhaps by a non-state actor, perhaps by accident. And if the target nation retaliates, we could find ourselves in a real cyberwar.

The cyberwar arms race is destabilizing.

[Read: NSA Built Stuxnet, But Real Trick Is Building Crew of Hackers]

International cooperation and treaties are the only way to reverse this. Banning cyberweapons entirely is a good goal, but almost certainly unachievable. More likely are treaties that stipulate a no-first-use policy, outlaw unaimed or broadly targeted weapons, and mandate weapons that self-destruct at the end of hostilities. Treaties that restrict tactics and limit stockpiles could be a next step. We could prohibit cyberattacks against civilian infrastructure; international banking, for example, could be declared off-limits.

Yes, enforcement will be difficult. Remember how easy it was to hide a chemical weapons facility? Hiding a cyberweapons facility will be even easier. But we've learned a lot from our Cold War experience in negotiating nuclear, chemical, and biological treaties. The very act of negotiating limits the arms race and paves the way to peace. And even if they're breached, the world is safer because the treaties exist.

There's a common belief within the U.S. military that cyberweapons treaties are not in our best interest: that we currently have a military advantage in cyberspace that we should not squander. That's not true. We might have an offensive advantage—although that's debatable—but we certainly don't have a defensive advantage. More importantly, as a heavily networked country, we are inherently vulnerable in cyberspace.

[Read the U.S. News debate: Should the Congress Pass CISPA?]

Cyberspace threats are real. Military threats might get the publicity, but the criminal threats are both more dangerous and more damaging. Militarizing cyberspace will do more harm than good. The value of a free and open Internet is enormous.

Stop cyberwar fear mongering. Ratchet down cyberspace saber rattling. Start negotiations on limiting the militarization of cyberspace and increasing international police cooperation. This won't magically make us safe, but it will make us safer.

  • Join the debate on Facebook.
  • Follow U.S. News Debate Club on Twitter.
  • Check out U.S. News Weekly: an insider's guide to politics and policy.
  • Bruce Schneier

    About Bruce Schneier Security Technologist and Author

    Tags
    international treaties
    cybersecurity

    Other Arguments

    #2
    12 Pts
    Cyberwarfare Treaty Would Be Premature, Unnecessary, and Ineffective

    No – Cyberwarfare Treaty Would Be Premature, Unnecessary, and Ineffective

    Sean Lawson Assistant Professor at the University of Utah

    #3
    12 Pts
    International Cyberwar Treaty Would Quickly Be Hacked to Bits

    No – International Cyberwar Treaty Would Quickly Be Hacked to Bits

    Jon Lindsay Research Fellow at the University of California Institute on Global Conflict and Cooperation at UC-San Diego.

    #5
    8 Pts
    A Treaty Would Do Nothing to Prevent Cyberterrorist Groups

    No – A Treaty Would Do Nothing to Prevent Cyberterrorist Groups

    Herbert Lin Chief Scientist of the Computer Science and Telecommunications Board of the National Research Council.

    #6
    7 Pts
    Setting International Norms on Cyberwar Might Beat a Treaty

    No – Setting International Norms on Cyberwar Might Beat a Treaty

    Martin Libicki Author of 'Cyberdeterrence and Cyberwar'

    #7
    5 Pts
    A Cybersecurity Treaty Is a Bad Idea

    No – A Cybersecurity Treaty Is a Bad Idea

    James Lewis Director of the Technology and Public Policy Program at the Center for Strategic and International Studies

    You Might Also Like