Mistrust about the National Security Agency’s surveillance programs will likely slow progress between the U.S. and other nations on agreements to cooperate on cybersecurity.
The U.S. made progress in 2013 on cybersecurity agreements with European nations and Russia to avoid hacking from leading to an international incident as online attacks become a new tool of war. These agreements are similar to the way nations slowly built detente to avoid the use of chemical and nuclear weapons, and are being reached through groups like the United Nations and the Organization for Security and Cooperation in Europe.
The NSA’s far-reaching surveillance programs leaked by former agency contractor Edward Snowden did not come as a surprise to spymasters in foreign countries, but public opinion will slow the diplomatic process, says James Lewis, cybersecurity researcher at the Center for Strategic and International Studies.
“The Snowden revelations will slow down the pace,” Lewis says, citing conversations with cybersecurity officials from China and the European Commission. He added though that the Chinese “assumed this kind of spying was going on anyway, so this doesn’t change too much” with them.
International cooperation on cybersecurity will improve depending on how quickly and effectively President Barack Obama and Congress enact proposals to reform the NSA, a European Commission official told Lewis.
The idea of hotlines used during the Cold War to avoid paranoia about nuclear activity have re-emerged between U.S., China and Russia to avoid hacking being interpreted as an act of war. That connection could be useful if hacks originate on foreign computers and those nations call the U.S., assuring their government is not involved and offering cybersecurity information to stop the threat, Lewis says. China and the U.S. also reached consensus at the U.N. that existing international law should guide behavior on new cybersecurity challenges.
“For about five years now countries have been worried about cybersecurity and this risk to international peace,” Lewis says.
Treaties banning the use of certain viruses and malware are “at least a decade away,” Lewis says, pointing to the decades of negotiations it took to establish the convention banning chemical weapons.
A formal treaty on conducting Internet warfare or cybersecurity will likely not happen at all because it would be difficult to for nations to agree on and to guarantee, says former Department of Homeland Security Secretary Tom Ridge.
“Some kind of accord where there is accountability built into a global system is delusional,” Ridge says.
Rival nations including Russia and China are the main obstacles, Ridge says. The Obama administration has condemned Chinese government hacking of U.S. businesses and Michael Hayden, former director of the CIA and the NSA, has said state-sponsored hacks should not be carried out for economic gain. Russia's government may also be supporting a group of hackers to steal secrets from hundreds of companies in the U.S. and Europe, according to a report by cybersecurity research firm CrowdStrike.
The Stuxnet virus designed by the U.S. and Israeli governments to sabotage Iranian nuclear equipment also sets a dangerous precedent for other countries that may want to hack foreign networks to advance a policy goal, Ridge says.
“Should we work with our allies, should we work with democracies? That is a possibility since there is more information sharing generally [and] law enforcement is connected more completely,” Ridge says. “There is a possibility there but a broader global regimen? Right now I am very skeptical.”