Russia’s cyberattack: an opening for a pact
Now that the US has blamed Russia for hacking the Democratic Party, it should use the attack to build a consensus among nations for a code of conduct in the digital universe.
Russian President Vladimir Putin holds a Cabinet meeting in September. Recent hacks of American institutions have raised fear among lawmakers and intelligence officials that a foreign government is trying to seed doubt about - or even manipulate - the presidential race, renewing debate over when cyberattacks cross red lines and warrant a U.S. response.
AP Photo
The world has yet to establish the norms and values that can curb harmful attacks in cyberspace, the way it has done, say, to curb chemical warfare, financial crimes, or carbon emissions. Yet if it ever needed an excuse to do so, one just occurred.
On Oct. 7, the United States officially accused Russia of hacking the computers of the Democratic National Committee and other political organizations in what seems to have been an attempt to influence the outcome of the 2016 US election. “Only Russia’s senior-most officials could have authorized these activities,” stated US security officials.
This digital assault on a major democracy could bring any number of US reactions: retaliation on Russian computers, economic sanctions, or perhaps even criminal indictments of the hackers. A better option, one that the US employed after a string of cyberattacks from China on US companies, is to seek negotiations to establish the rules of the road in cyberspace.
Russia and the US have a mutual interest to establish standards against harm in cyberspace. They each need to prevent nonstate actors such as Islamic State or rogue nations such as North Korea from destroying digital infrastructure, which can range from electricity grids to dam controls to software for counting election ballots. In addition, Russia and the US can hardly afford to engage in retaliatory cyberattacks, or what is called mutually assured disruption.
The first major treaty focused on cyberspace was a 2001 pact by the Council of Europe for transnational law enforcement of cyber crimes. Nearly 50 countries have since signed up for the pact. Another effort was a 2015 report by a United Nations “group of governmental experts” to design cyber norms. In addition, NATO, the International Committee of the Red Cross, and the Organization for Security and Co-operation in Europe have each tried to apply current international laws toward the prevention of offensive operations in cyberspace.
The digital age is still so new and the fears of its abuses are still so high that it remains difficult to find common ground. Each country has different uses for electronic networks. China, for example, seeks tighter controls on the Internet for political power while the US wants to expand freedom on the Internet. Russia may see digital attacks as a way to restore itself as superpower.
The digital universe is a great equalizer between peoples and countries. Its inherent value is not only equality between users but as a tool to advance all humanity by spreading information and connections. We are all neighbors on the Internet, demanding trust and openness. These values are the necessary cornerstones in an emerging global consensus to push back against the dark uses of digital networks.
Each nation must determine its own level of cyber defenses, such as the protection of a political party’s computers. And each may develop a capability for cyber offensives as a legitimate form of defense. Yet the ultimate protection in cyberspace lies in agreements that embrace its common benefits and universal values.
Today, nations don’t use commercial aircraft to harm each other; instead they collectively rely on air-traffic controllers to enable air travel. If cyberspace is ever to have the same sort of peaceful use, nations must learn from the recent examples of cyber-harm to work harder for a digital code of conduct.