Will Nation States Ever Agree On Cyberwar Rules?
Embedded Files
07/28/2023 :: Jeremy Pickett :: Become a Patron :: Buy Me a Coffee (small tip) :: @jeremy_pickett :: Discussion (FB)
Digital warfare is increasingly blurring the lines between actions taken digitally and those in real life. Do we need to take lessons learned by centuries of conflict and apply them wholesale, or is a more subtle approach appropriate?
TL;DR: Establishing international "Digital Geneva" norms to limit cyberwar's threats proves profoundly challenging compared to conventional warfare rules, given attribution difficulties, verification hurdles, lack of state consensus, and incentives to exploit rather than constrain capabilities in the name of security.
This post examines the immense obstacles facing proposals to establish international "Digital Geneva Conventions" or norms limiting cyber conflicts' threats to civilians, as exist for conventional warfare. It explores parallels and differences between conventional military force and information warfare capabilities, assessing where existing laws and treaties either translate or fall short in the online domain. Detailed examples illustrate cyberwar's unique arms race dangers surrounding critical infrastructure hacking, malware weapons like Stuxnet, and state-sponsored information operations influencing foreign elections. The analysis underscores the profound challenges facing multilateral cyberwar agreements given difficulties verifying disarmament, attributing attacks, and enforcing rules globally across interconnected systems. With states incentivized to exercise capabilities while constraining foes, progress remains elusive. The post concludes that advancing cyber peace ultimately requires evolving beyond martial mentalities toward models fostering collective security through innovation aimed at mutual enrichment more than adversarial advantage.
There are a few key reasons why existing rules and norms have been relatively more effective at limiting harms in conventional kinetic conflicts compared to the challenges facing cyberwarfare agreements:
Attribution and verification - It is typically easier to attribute the origin and actions of physical weapons based on evidence like missile debris, blast signatures, and intelligence gathering. Cyberattacks involve intermediate systems that obscure origin. Physical weapons programs also enable verification through site inspections. Attribution supports accountability.
Defined proportionality - Norms around proportional force and escalation control are better defined in conventional warfare where capabilities and targets have clear physical bounds. Cyberweapons create greater risks of uncontrolled cascading impacts across interconnected systems in grey areas lacking consensus.
Territorial limitations - Missiles and aircraft have limited ranges confining battlefield geography. Cyber capabilities ignore borders, allowing remote attacks globally. This complicates norms around engaging military versus civilian assets.
Visible deployments aiding deterrence - Physical weapon deployments signal escalatory intent between rivals. Cyber mobilizations lack comparable visibility, except surges in network probes. Unclear signaling hinders stability.
Gradual initial proliferation - Advanced conventional arms spread between major militaries before diffusing globally. Cyber capabilities instantly proliferate worldwide. Deploying malware also lacks physical launch safeguards. This frustrates restricting usage.
Conventional Warfare Rules - Background and Examples
First, what recognized norms currently govern conventional conflicts? The Hague and Geneva Conventions established baseline wartime rules under humanitarian international law following World War 2's devastation, encoding tenets also found in customary law. They protect non-combatants, limit inhumane weapons, prohibit perfidy/deception, and define rules of engagement constraining military forces.
For example, Geneva Convention IV covers civilian protections, banning intentional attacks and excessive collateral damage. Weapons conventions prohibit biological arms, landmines, blinding lasers, and other inhumane technologies. Verification regimes foster nuclear disarmament. Organizations like the IAEA enable monitoring state arsenals and preventing nuclear proliferation. Debate continues concerning current conflicts and how they map to this rule.
During conflict escalation, norms include formal declarations of war providing notice. Treaties also govern mutually assured destruction dynamics between nuclear powers and allies to avoid catastrophic miscalculation, encoded in doctrines like NATO's Article 5 collective defense provision. These constitute norms agreed to restrain unchecked warfare and limit humanitarian harms.
How Cyberwar Challenges Existing Rules and Norms
However, existing frameworks governing armed conflicts poorly translate into the cyber domain thus far. Unique properties of digital warfare create ethical dilemmas and stability risks lacking analogues in conventional military conflicts. Information's intangibility confounds laws assuming physical actions and state sovereignty over territorial jurisdictions.
For instance, how do non-combatant immunity or proportionality principles apply to malware like Stuxnet designed to sabotage Iranian nuclear facilities yet which spread globally? What defines a legal cyber weapon versus an unlawful means of warfare? Are cyber attacks even recognizable acts of war equivalent to physical acts under international law?
Unlike missiles tracing back to launch points, the nature of distributed attacks and botnets provides deniability to state actors. Determining proportionality also proves difficult when cyber weapons have unpredictable cascading effects beyond intended targets, crossing borders. And attributing attacks to justify counter-responses risks misidentification and unchecked escalation.
Unlike past arms races, cyber capabilities also diffuse rapidly between state and non-state actors. Advanced cyberweapons leak from classified sources into criminal worlds, as with the NSA exploit EternalBlue enabling the destructive WannaCry ransomware outbreak. This further complicates enforcing any prohibitions. Cyber offense advantages often trump sluggish digital defense.
Key Cyberwar Flashpoints and Risks
Critical infrastructure hacking poses especially dire stability risks lacking historical equivalents. Shutting down power grids, transportation systems, hospitals, or water treatment plants could precipitate humanitarian crises rapidly. The potential civilian impacts of cyber warfare evade analogies to bombing campaigns due to reliance on digital systems managing essential modern services.
Financial systems represent another vulnerable front where cyber attacks could generate cascading economic crises. Targeted data manipulation could also destabilize markets algorithmically. And while financial warfare risks blowback, incentives exist for preemptive attacks against adversarial economies.
State-sponsored information warfare like Russia's Internet Research Agency operations spreading disinformation to influence foreign elections already demonstrate cyber tactics undermining democracy worldwide. But drafting "Digital Geneva" rules governing online propaganda poses deep challenges given free speech protections.
In essence, interconnected infrastructure, online information flows ignoring borders, distributed attack stages separating offense from impact, and the challenges of deterrence without attribution fundamentally characterize cyberwar differently than conventional kinetic conflicts. Establishing clear lines between military versus civil domains proves infeasible given their deep digitization.
Obstacles to Cyberwar Norms and Treaties
In this environment, what obstacles hinder establishing Digital Geneva rules? First, attaining multilateral consensus recognizing specific acts as "cyberwar" has remained elusive, unlike distinct precedents like Pearl Harbor justifying responding under established norms. Even defining "use of force" thresholds remains disputed in the information age.
The norms advanced by Western democracies also diverge from those of China, Russia, and other powers who see their own cyber capabilities as necessities for internal control and asymmetric deterrence against conventional military superiority. These nations resist constraints preserving their leverage.
Unlike chemical or nuclear arms, verifying cyber disarmament or capabilities proves vastly harder when weapons consist of virtually distributed code, Columbia law scholar Tim Maurer notes. States are unlikely to sacrifice secret advantages to reach verifiable deals. And cheating risks outweigh incentives.
The dispersed global architecture of cyber systems intrinsically frustrates enforcement as waves of attacks easily mask points of origin. Establishing legitimacy for collective action against threats becomes difficult when both state and non-state actors operate behind attribution challenges. Unlike ships crossing territorial waters, decentralized strikes allow little warning or time for diplomacy.
Pathways Toward Cyber Peace and Justice
Given these challenges, advancing stable "Digital Geneva" norms appears a distant prospect currently. But evolving beyond conventional martial mentalities offers pathways forward. As Joseph Nye argues, responsible state behavior helps establish norms without agreements. And Oxford's Lucas Kello proposes shifting focus to damage limitation arrangements.
Emphasizing common interests in dependable critical infrastructure provides incentives for transparency and cooperation governing cyber powers. Cyber safety could be jointly constructed as a shared public good improving lives rather than a domain of competition. Over time, norms balancing security with civil liberties may grow feasible.
But compromises between state and civil society needs remain complex. Citizen oversight, ethical codes among cyber forces, and demilitarizing commercial technology offer incremental solutions. DigitalGeneva must evolve as an ongoing process seeking justice through innovation for mutual gain more than adversarial advantage - turning away from war's cycles toward progress. On this rough road, each step counts. The destination requires perseverance across divides, elevating conscience over mere technical prowess or political might alone. From such roots, global cyber peace may yet emerge.
Hope springs eternal.
References, Citations
1. Maurer, T. (2018). Lethal Autonomous Weapons: Re-Examining the Law and Ethics of Robotic Warfare. Retrieved from https://dokumen.pub/lethal-autonomous-weapons-re-examining-the-law-and-ethics-of-robotic-warfare-0197546048-9780197546048.html
2. Council of Foreign Relations. (2019). Cyber Operations Tracker. Retrieved from https://www.cfr.org/interactive/cyber-operations
3. K., M. (2011). Cybersecurity and Cyberwarfare Preliminary Assessment of National Doctrine. Retrieved from https://www.rand.org/pubs/technical_reports/TR918.html
4. Liddell Hart, B.H. (1954). Strategy. London: Faber & Faber.
5. Luttwak, E. (1987). The Logic of War and Peace. Cambridge, MA: The Belknap Press of the Harvard University Press.
6. The Ministry of Foreign Affairs of the Russian Federation (RU MFA). (2016). Doctrine of Information Security of the Russian Federation.
7. MITRE Corporation. (2010). Cybersecurity Governance. Retrieved from https://www.mitre.org/publications/technical-papers/cyber-security-governance
8. North Atlantic Treaty Organization (NATO). (2010). Comprehensive Operations Planning Directive.
9. Academia.edu. (n.d.). The Ethics of Autonomous Military Robots. Retrieved from https://www.academia.edu/10360390/The_Ethics_of_Autonomous_Military_Robots
10. ResearchGate. (n.d.). When Speed Kills: Lethal Autonomous Weapon Systems, Deterrence and Stability. Retrieved from https://www.researchgate.net/publication/335343424_When_speed_kills_Lethal_autonomous_weapon_systems_deterrence_and_stability
Citations:
[3] https://www.academia.edu/10360390/The_Ethics_of_Autonomous_Military_Robots
[5] https://rm.coe.int/respecting-human-rights-and-the-rule-of-law-when-using-automated-techn/1680a2f5ee
[6] https://link.springer.com/content/pdf/10.1007/978-3-030-64984-5.pdf
From Perplexity.ai
#DigitalGeneva #Cyberpeace #Cyberwar #Cybersecurity #Cyberweapons #Infosec #Cybercrime #Cyberattack #Hacking #Malware #Cyberespionage #Cyberdefense #Cyberwarfare #Criticalinfrastructure #Cybernorms #Cyberdiplomacy #Cyberactivism #Hacktivism #Cyberlaw #Cyberethics
Page updated
Google Sites
Report abuse