Sunday, March 23

Is it practical for governments to attempt to ban cyberwarfare?

Lawfare's Matthew Waxman's recent discussion focused on the need for governments to work out international norms for their deployment of weaponized cyber tactics. (See previous Pundita post.)  But would it be practical or even possible to instead work directly for an international ban on cyberwarfare?
Yes, said the Glittering Eye's Dave Schuler. Written in the wake of published revelations about the unintended consequences of the Stuxnet virus, Dave's arguments still hold up and are the most cogent I've read on the topic.  His arguments have taken on even greater urgency since the "Snowden files" started to be released to the public.
Here I'm going to skip quotes about the Stuxnet virus that Dave used to preface his discussion and go straight to his discussion:
Why Cyberwarfare Should Be Banned
by Dave Schuler
November 10, 2012
The Glittering Eye

We should get behind an international accord to ban cyberwarfare that has some teeth behind it and insist that we, our allies, clients, and trading partners sign it and abide by it. The reason is simple. Weapons like the Stuxnet virus are more like chemical or bacteriological weapons than they are like guns, warplanes, or aircraft carriers. Once they’ve been released, the deployer has little control over where they go and what they infect. We just have too much to lose.

But there’s another reason, too. States have enormous resources. Over the period of the last 30 years malware in various forms has gone from being an occasional nuisance to a deadly threat that costs the world economy hundreds of billions of dollars in prevention tools, maintenance and administration, downtime, bandwidth costs, storage costs, data loss, etc. That’s what’s been accomplished by individuals working, basically, in their basements.

When a computer virus is released into “the wild”, it becomes visible to anyone who comes across it who has the knowledge and ability to investigate it. It can be reverse engineered, replicated, and even enhanced. Putting the enormous resources of states behind the development of such things, releasing them into the wild, and making the results of all of that R&D available to the hacker world is beyond irresponsible. It’s dangerous. And, as I said before, we just have too much to lose.
To a remark in the GE comment section that a ban wouldn't be enforceable, Dave replied:
So are bans on chemical and bacteriological weapons. We have them anyway. Similar to other law, such bans have a number of purposes. They serve as a warning. They may deter someone from deploying such weapons. They are a statement of intent.

And, if as I believe we shouldn’t be using them anyway, we might as well get an international agreement banning their use into place.
See the GE comment section for more discussion of Dave's arguments and his replies.


No comments: