Read few comments.
1. Would you say we might need sometimes in the future something like the arms control mechanisms in the cyberspace, or not and why?
2. Are they any trends that worry you that might lead to bigger militarization of cyberspace?
Camino Kavanagh, PhD Candidate, Department of War Studies, King’s College London
1. At this stage no. First of all there are definitional issues that would pose an important obstacle. Moreover, it’s not clear what most people are talking about when they push this approach (i.e. arms control). Are they talking about controlling weaponised code (i.e. code as a form of fire); are they talking about restricting the transfer of know-how; or are they talking about controlling so-called ‘information weapons;. These are basic isssues that need to be resolved. For now, our best bet is the hope states will reach agreement (via the GGE and other fora) on what constitutes responsible behaviour in cyberspace and state uses of ICTs. It took states 9 years of tough negotiatons to agree on the applicability of international law and core principles to cyberspace, hopefully it will not take just as long to reach agreement on how these apply in practice.
2. Yes, if states’ actions remain unbounded, militarisation of cyberspace will continue. Same with regard to the tech. firms that are either producing the capabilities and selling them on to states. Moreover, there are worrying trends in broader geopolitical affairs, with a number of states moving towards rearmament in the conventional sense. The latter runs the risk of also spurring further militarisation.
The media has an important role to play in all of this. Until now, it’s almost as if some journalists have been enthusiastic about warfare in this area, and have not played their role in pushing people (government reps, experts etc.) to be more precise about what they are saying and the consequences of what they are suggesting. We have a tragic history with war although many seem to have forgotten that….
Franz-Stefan Gady, Senior Fellow, EastWest Institute
1. Given the easy proliferation of cyber weapons — although sophisticated cyberattacks such as Stuxnet require the backing of a nation state — a cyber-arms control treaty may be illusionary at this stage. Perhaps another idea may be worth considering.
Back in 2011, I was a member of a joint U.S.-Russian study group that produced a report entitled “Working Towards Rules for Governing Cyber Conflict: Rendering the Geneva and Hague Conventions in Cyberspace.” The report explored how to extend humanitarian principles that govern war to cyberspace. One of its recommendations was to create analogue markers in cyberspace — a digital Red Cross — that would designate a protected entity, and mark it off-limits from cyberattacks.
For example, digital records of hospitals could be designated as an off-limits entity protected by a digital Red Cross, as could civilian nuclear facilities. While this recommendation does not reduce the proliferation of ever more sophisticated cyber weapons, an international consensus on the creation of protected entities in cyberspace could at least reduce the unintentional consequences of cyber war.
2. Look at this document.
For me the biggest danger is an unintentional arms race. The document outlines a cycle of escalating cyberattacks and counter-attacks.
What to do? First, both countries must agree to abandon their quest for information dominance as mandated by both U.S. and Chinese military doctrine (In China it is more of an unofficial assumption). This sort of military doctrine is counterproductive and may lead to a escalation of a cyber arms race which is already taking place. This is obviously easier said than done, but perhaps as an initial first step, an agreement could be produced to curtail active cyber defense in times of peace between both countries and call certain critical information infrastructures off limits.
Dorothy Denning, Distinguished Professor of Defense Analysis, Naval Postgraduate School
Already there are some arms controls in cyberspace. Encryption and a few other security technologies have been subject to export controls for years, and recently intrusion software and IP network surveillance systems were added to the Waasenaar Arrangement, see. But controlling cyber weapons is really hard since it’s so easy to move bits. And doing so raises difficult issues.
As for the militarization of cyberspace, it’s already happening. Countries are developing cyber warfare capabilities.
Isaac Porche, Senior Engineer, RAND Corporation, Associate Director of the RAND Arroyo Center’s Forces and Logistics Program
I argue that information and communication technologies (ICT) are rapidly – if not completely – intertwined in all the traditional military “domains” (on land, at sea, and in the air) and the materiel (ie equipment and systems) used to operate.
This “trend” occurs in all sectors of societies. The main worry – from my perspective – is the fragility and lack of robustness of the security designs of all ICT especially with the emerging “Internet of Things”.