The Christian Science Monitor has an editorial urging the adoption of international rules to govern cyberwarfare:
Global rules now restrict the use of nuclear, chemical, and biological weapons. They also help safeguard civilians and prisoners of war. What the Mandiant report shows is that the world may be losing the struggle to come up with rules for cyberspace behavior.
The scale of the Chinese cyberthreat is now so massive that it might lead to a rush to imitate rather than a campaign to prevent a cyber blow-for-blow. One of the unusual aspects of cyberweapons is that once they are used, they can be easily replicated for a return attack.
Coming up with such rules will not be easy. For starters, simply defining what is a cyberweapon or a cyberattack could be a problem. Even if that issue is settled, how can an attack’s originator be correctly identified? And given the speed of digital technology, the distinction between defensive and offensive capabilities can be easily blurred.
The CSM’s editors err. They are thinking of the Internet, in particular, in the wrong way. It is not an old-fashioned European city, relatively orderly and law-abiding. It is not even Chicago. It is the Wild West. The solutions required are Wild West solutions.
Rather than laws that might be effective in making Berlin or Brussels more peaceful and orderly we need the digital equivalent of “Wanted Dead or Alive” posters, bounty hunters, and circuit-riding marshalls who mete out justice at the point of a six-shooter.
One thing we can do is to stop government funding of the creation of malware in the United States to whatever extent we’re funding it. Putting the vast resources of the state behind creating bigger, more effective, and more destructive computer malware is suicidal for us. Nuclear weapons are a poor analogy for cyberweaponry. A better analogy would be A-bombs left sitting on a street corner along with instructions for building them and a stack of refined uranium.