Pages

26 February 2017

The world needs digital rules of war

By Ramona Pringle

Years ago, it would have been ludicrous to suggest that a single tweet could kickstart a global war. Today, the idea doesn't seem so far-fetched.

Just as the digital revolution has reshaped the way people interact on an individual basis, so too has it changed the nature of hostile interactions between nation states.

The president of the United States can now whip up panic with a single tweet, and foreign embassies are airing their grievances online, too. But it goes beyond individual messages; the power grid in Ukraine has been repeatedly hacked, allegedly by Russian hackers, which has left whole swathes of Kyiv in darkness.

The United States must greatly strengthen and expand its nuclear capability until such time as the world comes to its senses regarding nukes

Russian cyber influence also played a role in the U.S. election (through the hacking of the Democratic and Republican national committees and the leaking of select information), which had a tangible effect on both U.S.-Russia relations (the introduction of new sanctions) and questions about the legitimacy of the new Trump government. 

And last fall, a distributed denial of service (DDoS) attack shut off vast portions of the Internet for most of the U.S. east coast, carried out by what is believed to be independent hackers seeking financial gain. For 24 hours the attack was all anyone could talk about, but when access to popular websites resumed, it was forgotten as quickly as it happened.

Nevertheless, the Department of Homeland Security stepped in, and rightfully so; this attack only affected sites like Twitter and Airbnb, but what happens when a similar attack hits critical infrastructure? After all, as Wired reported last year, many parts of the U.S. grid are less secure than Ukraine's, and would take longer to reboot in an emergency.
Digital rules

So how do we protect ourselves against these types of activities and attacks? Despite a rise in government and infrastructure-targeted cyber attacks, few international agreements or "digital rules of war" have been established for the internet era. But now, tech and industry leaders are stepping forward to tackle the issue.

Microsoft's president and chief legal officer, Brad Smith, has called for the formation of a digital Geneva Convention to govern the way countries wage digital wars. Like its namesake, this digital Geneva Convention would aim to protect civilians from being caught in the virtual crossfire of cyberwarfare.

It would include guidelines to see that the private sector and critical infrastructure are not targeted, and that assistance would be available for "private-sector efforts to detect, contain, respond to and recover from events." Smith also calls for the use of restraint, both in the development of cyber weaponry and in the imitation of offensive operations.

We need to establish internationally agreed upon "rules of the game." (Jim Urquhart/Reuters)

The impetus to get started on something like this is that the cyber arms race has already started, according to security technologist Bruce Schneier. And like traditional weaponry, once cyber weapons exist — be it powerful malware or other digital means of causing damage or injury — there is no turning back.

"It is only a matter of time before something big happens," says Schneier, "perhaps by the rash actions of a low-level military officer, perhaps by a non-state actor, perhaps by accident. And if the target nation retaliates, we could find ourselves in a real cyberwar."

There will be challenges when it comes to enforcing the terms of a digital Geneva Convention, as there are with any buy-in international agreement or treaty, but doing nothing is no longer a viable option. We need to establish internationally agreed upon "rules of the game," before we find ourselves in a global crisis over a hacking, or a DDoS attack, or even a tweet — not after.

This column is part of CBC's Opinion section. For more information about this section, please read this editor's blog and our FAQ.

No comments:

Post a Comment