International Norms in Cyberspace
Strategic studies of the cyber domain resemble nuclear strategy in the 1950s: analysts are still not clear about the meaning of offense, defense, deterrence, escalation, norms, and arms control. But international agreement on some issues may be within reach.
CAMBRIDGE – Last month, the Netherlands hosted the Global Conference on Cyberspace 2015, which brought together nearly 2,000 government officials, academics, industry representatives, and others. I chaired a panel on cyber peace and security that included a Microsoft vice president and two foreign ministers. This “multi-stakeholder” conference was the latest in a series of efforts to establish rules of the road to avoid cyber conflict.
The capacity to use the Internet to inflict damage is now well established. Many observers believe the American and Israeli governments were behind an earlier attack that destroyed centrifuges at an Iranian nuclear facility. Some say an Iranian government attack destroyed thousands of Saudi Aramco computers. Russia is blamed for denial-of-service attacks on Estonia and Georgia. And just last December, US President Barack Obama attributed an attack on Sony Pictures to the North Korean government.
Until recently, cyber security was largely the domain of a small community of computer experts. When the Internet was created in the 1970s, its members formed a virtual village; everyone knew one another, and together they designed an open system, paying little attention to security.