Debate Club

Setting International Norms on Cyberwar Might Beat a Treaty

By SHARE

In 1975, NATO and the Warsaw Pact signed the Helsinki Accords, which among their many provisions pledged signatories to respect the freedom of speech. This provision was unenforceable, and the Warsaw Pact countries had no intention of honoring it. Yet the effort was not entirely wasted. Following the treaty's signing, citizens groups in several countries organized to insist that their governments follow what they signed—and their pressure hastened the end of communism in Eastern Europe.

The case for international norms, rather than enforceable treaties, draws on such history.

Norms would represent what countries say they want the global cyberspace environment to be. True, states may not necessarily themselves follow what they preach for others. But they have at least established to their own citizens, notably their own business community, some standards against which their conduct may be measured. The emphasis on the business community matters in light of U.S. complaints about the flagrant theft of intellectual property perpetrated in cyberspace by other states. The hope is that such norms may constitute standards of fair play which countries believe they must follow to gain global business confidence.

[Read: NSA Built Stuxnet, But Real Trick Is Building Crew of Hackers]

By contrast, an arms control treaty that bans or restricts the development of cyberweapons is simply unenforceable—and might even harm cybersecurity. It would be unenforceable because the production of cyberweapons is so hard to detect. It is an indoor activity that produces nothing that observers can monitor, particularly if the relevant test beds are isolated from the Internet (as common sense dictates they should be). Furthermore, given the difficulties of attribution—cyberattacks lack fingerprints and hackers lack powder residues—even those who test and wield such weapons on the outside have a good chance of avoiding being caught if they maintain their tradecraft. Furthermore, those developing such capabilities tend to work for state security agencies that take secrecy and operational security very seriously.

Indeed, restricting cyberweapon development could even be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers.

Martin Libicki

About Martin Libicki Author of 'Cyberdeterrence and Cyberwar'

Tags
cybersecurity
international treaties
NATO

Other Arguments

#2
12 Pts
Cyberwarfare Treaty Would Be Premature, Unnecessary, and Ineffective

No – Cyberwarfare Treaty Would Be Premature, Unnecessary, and Ineffective

Sean Lawson Assistant Professor at the University of Utah

#3
12 Pts
International Cyberwar Treaty Would Quickly Be Hacked to Bits

No – International Cyberwar Treaty Would Quickly Be Hacked to Bits

Jon Lindsay Research Fellow at the University of California Institute on Global Conflict and Cooperation at UC-San Diego.

#5
8 Pts
A Treaty Would Do Nothing to Prevent Cyberterrorist Groups

No – A Treaty Would Do Nothing to Prevent Cyberterrorist Groups

Herbert Lin Chief Scientist of the Computer Science and Telecommunications Board of the National Research Council.

#7
5 Pts
A Cybersecurity Treaty Is a Bad Idea

No – A Cybersecurity Treaty Is a Bad Idea

James Lewis Director of the Technology and Public Policy Program at the Center for Strategic and International Studies

You Might Also Like