Should There Be an International Treaty on Cyberwarfare? >
Setting International Norms on Cyberwar Might Beat a Treaty
Restrictions on cyberweapons uneforceable, and could even harm cybersecurity
June 8, 2012
About Martin Libicki:
Martin Libicki, author of Cyberdeterrence and Cyberwar, is a senior management scientist at the RAND Corporation, a nonprofit, nonpartisan research institution.
In 1975, NATO and the Warsaw Pact signed the Helsinki Accords, which among their many provisions pledged signatories to respect the freedom of speech. This provision was unenforceable, and the Warsaw Pact countries had no intention of honoring it. Yet the effort was not entirely wasted. Following the treaty's signing, citizens groups in several countries organized to insist that their governments follow what they signed—and their pressure hastened the end of communism in Eastern Europe.
The case for international norms, rather than enforceable treaties, draws on such history.
Norms would represent what countries say they want the global cyberspace environment to be. True, states may not necessarily themselves follow what they preach for others. But they have at least established to their own citizens, notably their own business community, some standards against which their conduct may be measured. The emphasis on the business community matters in light of U.S. complaints about the flagrant theft of intellectual property perpetrated in cyberspace by other states. The hope is that such norms may constitute standards of fair play which countries believe they must follow to gain global business confidence.
[Read: NSA Built Stuxnet, But Real Trick Is Building Crew of Hackers]
By contrast, an arms control treaty that bans or restricts the development of cyberweapons is simply unenforceable—and might even harm cybersecurity. It would be unenforceable because the production of cyberweapons is so hard to detect. It is an indoor activity that produces nothing that observers can monitor, particularly if the relevant test beds are isolated from the Internet (as common sense dictates they should be). Furthermore, given the difficulties of attribution—cyberattacks lack fingerprints and hackers lack powder residues—even those who test and wield such weapons on the outside have a good chance of avoiding being caught if they maintain their tradecraft. Furthermore, those developing such capabilities tend to work for state security agencies that take secrecy and operational security very seriously.
Indeed, restricting cyberweapon development could even be harmful inasmuch as its core activity is the discovery of vulnerabilities in software—the very activity also required to bulletproof software against attacks from criminal hackers.
- Join the debate on Facebook.
- Follow U.S. News Debate Club on Twitter.
- Check out U.S. News Weekly: an insider's guide to politics and policy.
- Other Arguments
-
#15112
No — A treaty would prevent countries from using this nonviolent weapon, leading to more human casualties
LAWRENCE L. MUIR JR., Computer Crime Prosecutor
-
#2218
No — Even the most damaging cyberattack to date--Stuxnet--may not have been cyberwarfare
SEAN LAWSON, Assistant Professor at the University of Utah
-
#3197
No — Cyberespionage capabilities are evolving too fast for an unenforceable piece of paper to control them
JON LINDSAY, Research Fellow at the University of California Institute on Global Conflict and Cooperation at UC-San Diego.
-
#42318
Yes — A treaty wouldn't completely stop cyberattacks, but it is a step in the right direction
BRUCE SCHNEIER, Security Technologist and Author
-
#4116
No — World must first find common ground on how and when to seek what regulation of cyberwar is possible
HERBERT LIN, Chief Scientist of the Computer Science and Telecommunications Board of the National Research Council.
-
#796
No — A cybersecurity treaty would be unworkable
JAMES LEWIS, Director of the Technology and Public Policy Program at the Center for Strategic and International Studies
