International Rules Governing Cyberwarfare?

by Dave Schuler on February 20, 2013

The Christian Science Monitor has an editorial urging the adoption of international rules to govern cyberwarfare:

Global rules now restrict the use of nuclear, chemical, and biological weapons. They also help safeguard civilians and prisoners of war. What the Mandiant report shows is that the world may be losing the struggle to come up with rules for cyberspace behavior.

The scale of the Chinese cyberthreat is now so massive that it might lead to a rush to imitate rather than a campaign to prevent a cyber blow-for-blow. One of the unusual aspects of cyberweapons is that once they are used, they can be easily replicated for a return attack.

Coming up with such rules will not be easy. For starters, simply defining what is a cyberweapon or a cyberattack could be a problem. Even if that issue is settled, how can an attack’s originator be correctly identified? And given the speed of digital technology, the distinction between defensive and offensive capabilities can be easily blurred.

The CSM’s editors err. They are thinking of the Internet, in particular, in the wrong way. It is not an old-fashioned European city, relatively orderly and law-abiding. It is not even Chicago. It is the Wild West. The solutions required are Wild West solutions.

Rather than laws that might be effective in making Berlin or Brussels more peaceful and orderly we need the digital equivalent of “Wanted Dead or Alive” posters, bounty hunters, and circuit-riding marshalls who mete out justice at the point of a six-shooter.

One thing we can do is to stop government funding of the creation of malware in the United States to whatever extent we’re funding it. Putting the vast resources of the state behind creating bigger, more effective, and more destructive computer malware is suicidal for us. Nuclear weapons are a poor analogy for cyberweaponry. A better analogy would be A-bombs left sitting on a street corner along with instructions for building them and a stack of refined uranium.

{ 10 comments… read them below or add one }

Icepick February 20, 2013 at 9:22 am

One thing we can be certain of, which is that the geniuses running the country will be certain to find the worst possible solution and then fuck-up its implementation. I’m thinking Turchin is an optimist for expecting global strife to breakout by 2020. It will happen much sooner than that.

Icepick February 20, 2013 at 1:50 pm

A better analogy would be A-bombs left sitting on a street corner along with instructions for building them and a stack of refined uranium.

But even this analogy falls short, because it’s easier to copy a program than it is to create refined uranium. Or even the printed instructions!

Icepick February 20, 2013 at 1:51 pm

Critical computer systems should be hardened, and preferably taken off-line. Now that would be a useful way to spend “infrastructure” money. Guaranteed to not happen, for the very reason that it would make sense.

Dave Schuler February 20, 2013 at 1:54 pm

It’s hard to come up with a good analogy. The critical issue I’m raising is that once a complicated, powerful piece of malware that took millions (or tens of millions or more) to come up with is released into the wild, it’s there for all to see. It can be reverse-engineered, adapted, and re-released with a tiny fraction of what it took to create it. IMO U. S. military or intelligence spending on malware creation is unhinged.

Dave Schuler February 20, 2013 at 1:58 pm

Critical computer systems should be hardened, and preferably taken off-line.

As I’ve said any number of times before, the federal government simply doesn’t have the mindset to produce a really secure network environment. All of their “experts” are either home-grown (which means they don’t know anything about anything) or have letters after their names from the very best schools (which also means they don’t know anything about anything but can always give the expected answer).

It’s like dealing with street gangs by using an employee who has a cousin who was a member of a street gang for a while or hiring a Harvard PhD in Sociology.

Icepick February 20, 2013 at 2:18 pm

Or trying learn how to launder money by talking to a crack-addicted magazine salesman.

TastyBits February 20, 2013 at 2:57 pm

Welcome to the new and improved Cold War.

If our “good buds” the Chinese are screwing us, imagine what our “best buds” the Russians are doing. Kaspersky Labs is one of the best antivirus researchers in the world. Is anyone else concerned they are Russian?

Steve Verdon February 20, 2013 at 4:24 pm

It’s hard to come up with a good analogy.

How about releasing a dangerous virus into the general population. I think that is better. With mutations something the government created and released cold wipe out lots.

Vincas March 15, 2013 at 11:44 am

We should understand that the new security programs, or any new rules will have no result, except for new kinds of wars and Global War general proximity. We need to fend not off a new war rules, or look for ways how to explain for people that any kind of wars leads to self-destruction. This can be explained only through the integral perception of the world.

WarriorToEndAllWars March 15, 2013 at 1:33 pm

Mr. Schuler is quite correct. Is this Christian Science Monitor editorial a bad joke of some sort? We again are like flies who build ever thicker webs about each others airspace? “Come into my parlor for crumpets and tea to celebrate said the fly to the fly.”

There are no effective rules in war except if imposed by even greater terror. War itself is about the breaking of rules! And rules need not even be broken here. The delightful complexity of the medium make it so easy to find loop holes or hide actions — spy vs. spy, try and prove anything guy — catch me if you can!

No my friends. There are rule for neither war nor peace until there is a sense of mutual responsibility. Without working on our basic relationships — the behavioral economics between us — rules will not be worth the paper that they are written on. With such mutual responsibility, it will be unnecessary to even get signatures.

Would highly recommend: http://www.mutualresponsibility.org

Leave a Comment

Previous post:

Next post: