Cyberwarfare a Viable Nonviolent Alternative to Military Strikes

About Lawrence L. Muir Jr.:

Lawrence L. Muir, Jr. is a adjunct professor of law at Washington and Lee University and a computer crime prosecutor.

Any ratified cyberwarfare treaty should be printed on the same stock of paper as the euro note to remind the signatories how ultimately without value some forms of international cooperation may sometimes be. Moreover, even if such a treaty would be promulgated, much like the League of Nations, it is not in the best interests of the United States to join. Each thought will be addressed in turn below.

A cyberwarfare treaty would be ineffective. First, there is no concrete definition of cyberwarfare. If the definition of the subject of the treaty cannot be agreed upon, the treaty negotiators cannot proceed further. Moreover, most cyberattacks have come from inconclusively determined origins, due to the abilities of attackers to disguise them. Given the difficulty of attribution, international negotiators will have to create a heightened bar to establish a signatory's responsibility. International legal standards disagree on two points: the level of control a state must have in order to be liable, and the burden of proof on that attribution. Nations that rely on non-state actors will have more incentive to continue using loosely controlled "hacktivists" to carry out attacks to slip under that standard, claiming both a lack of control and that an aggrieved party must prove that control beyond any doubt. Rather than "civilizing" cyberwarfare, any treaty would have the effect of unleashing computer partisan rangers against critical cyberinfrastructure, with potentially devastating consequences.

[Read: NSA Built Stuxnet, But Real Trick Is Building Crew of Hackers]

Moreover, there has been a lack of international appetite to support the aggrieved nation and respond in kind to the aggressor nation. In 2007, Estonia specifically requested the attacks it absorbed from Russia be treated as a cyberattack by NATO and its request was denied due, in large part, to the factual uncertainties behind attribution and the lack of desire to escalate tensions in response to computer hacking. If NATO's treaty failed to protect Estonia, why would a larger, vaguer treaty be more protective?

Finally, there is a strong reason not to curtail cyberattacks. The United States and Israel were able to nonviolently set back Iran's nuclear program through Stuxnet without a single casualty. Considering the alternative drone strike that would surely have brought about human loss, cyberwarfare, if correctly deployed, may turn out to be something the international community may wish to encourage rather than discourage. At the very least, the United States would be foolish to sign away a weapon it can so effectively and nonviolently deploy.

• Join the debate on Facebook.
• Follow U.S. News Debate Club on Twitter.
• Check out U.S. News Weekly: an insider's guide to politics and policy.

Tags:

international treaties,

cybersecurity