Wanted: global rules on cyberwarfare

A report on cyberattacks and computer hacking originating with China's military highlights the need for international norms in cyberwarfare. Other new types of weapons led to new rules of war. Why not in cyberspace, too?

AP Photo
The building housing "Unit 61398” of China's People’s Liberation Army is seen in the outskirts of Shanghai. Cyberattacks that stole information from 141 targets in the US and other countries have been traced to the Chinese military unit in the building, according to a report by the Virginia-based Mandiant Corp.

A stunning report by a US digital-security company accuses China’s military of conducting more than 100 cyberattacks on American corporate and government computers. If accurate, the report by the firm Mandiant only adds to the urgency to develop international norms in cyberwar and cyberespionage.

Each new tool of aggression requires its own rules of war. Cyberwarfare should be no different. Without a code of ethics for conflict in the digital universe, nations could eventually bring down each other’s water supplies, electric grids, military defenses, and vital institutions. And key values, such as privacy and a right to intellectual property, could also be lost.

Global rules now restrict the use of nuclear, chemical, and biological weapons. They also help safeguard civilians and prisoners of war. What the Mandiant report shows is that the world may be losing the struggle to come up with rules for cyberspace behavior.

The scale of the Chinese cyberthreat is now so massive that it might lead to a rush to imitate rather than a campaign to prevent a cyber blow-for-blow. One of the unusual aspects of cyberweapons is that once they are used, they can be easily replicated for a return attack.

Coming up with such rules will not be easy. For starters, simply defining what is a cyberweapon or a cyberattack could be a problem. Even if that issue is settled, how can an attack’s originator be correctly identified? And given the speed of digital technology, the distinction between defensive and offensive capabilities can be easily blurred.

“You have to have an offensive mind-set to better focus on defense,” said retired Marine Corps Gen. James Cartwright recently in a discussion on cyberwarfare at the US Naval Institute.

Current rules of war under the Geneva Conventions and the International Committee of the Red Cross may cover some aspects of cyberwar, but not all. The United Nations and other global bodies need to make such rules clear.

Even within the United States, Congress and President Obama cannot agree on rules for national defense against cyberattacks. An attempt to pass a law last year that would have required companies to cooperate with the government in cybersecurity ran into concerns over civil liberties.

As a result, Mr. Obama issued an executive order last week offering incentives for companies to improve data sharing with the government. The aim is to protect vital infrastructure now run by private firms.

Like the current US policy on clandestine drone strikes against terrorists, Obama is moving toward a legal presumption of executive authority in being able to launch cyberattacks without approval by Congress or legal oversight by a court. If he does assume such powers, it raises a difficult constitutional issue that needs public debate.

Nations have a strong record of creating norms that restrain types of warfare. Before more reports of cyberattacks emerge, the world must see a common interest in rules to prevent cyberwar.

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.