How often the US is a righter of wrongs in international affairs is debatable. But the US often seeks to apply law where none has been applied before and that’s true today on the cyber issue. In fact, much of the hand-wringing in Washington about escalating cyber competition is about how to create a framework for the varieties of cyber threats that also sits well with an open, democratic economy. A quote from a recent Foreign Policy article hints at the conundrum facing the US in this area:
“The vast majority of the systems at risk are not DOD [Department of Defense] systems. They’re in the private sector,” [US Rep Jim] Langevin said. “In a worst-case scenario, DOD is going to be asked to defend them. If there’s an active cyber attack going on our electrical grid and DOD has to step in and shuts down the entity that’s carrying out that cyber attack, you can imagine that has all sorts of ramifications.”
These ramification are what the US and other nations are trying to understand and get a grip on. There is a history in this sort of legal contemplation before acting. At the dawn of the space race, the big question in the US was about legality of sending satellites into space that would cross over another nation’s skies in orbit. The fear was that such an act could be construed as an incursion of another country’s sovereignty.
When the Russians launched Sputnik in 1957, it resolved that question, paving the way for mutual aerial observation among nations. Soon after the US put its Corona spy satellite into orbit. The turn of events led to an eventual Open Skies treaty, which allows one nation to conduct overflights of another for reconnaissance. At the same unstable time, Cold War fears of a nuclear war between the East and West loomed large too. Also, in that realm it took years before a nuclear policy began to settle in between the Soviet Union and the US.
Today, one guy spending a lot of time thinking about how the US should adjust to the cyber frontier issue is the State Department’s Christopher Painter. “When you compare it to the process of nuclear rules, it took about 40 years to get grounded,” he told Foreign Policy. “I don’t anticipate the length of time to socialize and draw lines is going to be anywhere near as long as nuclear,” he said.
Still, “it’s not an overnight process.”
It’s welcome news that Painter, elsewhere, has hosed down expectations of an imminent cyber treaty to be pushed for by the US. He told FCW: “You often hear people say we need a treaty in cyberspace [and] I’ve often said I don’t know what a treaty is in cyberspace.”
“I don’t know who signs that treaty, I don’t know who the parties of that treaty are,” he said.
“Let’s not try to…rush into a treaty that would take years and we’re not really even sure what it’s about.”
Activity in cyberspace is so shadowy and filled with so many rogue players, it would be foolhardy for a nation to make undertakings that can be circumvented easily by other groups. It’s not clear either that other major sources of cyber activity like China and Russia can control hackers operating within their physical borders. So, yes, this is a Wild West moment for the cyberworld.
Painter is wise to recognize that. Already the US is using public shaming tactics with China over the economic hacking issue. The handful of lawsuits pursued by the US against China may just be the beginning. In other words, experimental responses for new types of problems. Both the CSIS and the CFR have released reports suggesting economic sanctions in part as a response to China’s seemingly unchecked online economic espionage, for example.
But once the principles of proportional response are worked out, a new international understanding on cybercompetition may emerge. Like the Geneva Conference after Sputnik that gave the unofficial greenlight to satellites flyover, a new understanding of how cyber activity fits into the relations of nations and their armies, and non-state groups, and their activists may form.
Until then, the Wild West moment continues.