SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Members of the U.S. Air Force 624th Operations Center conduct cyber operations supporting U.S. Air Force network operations and the joint requirements of the Air Force component of Cyber Command. (Photo: U.S. Air Force/William Belcher)
Cyber Threats Call for Cyber Diplomacy
"The incoming Biden-Harris administration should prioritize cyber diplomacy by... pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China."
Dec 21, 2020
In the wake of recent and ongoing revelations about the massive SolarWinds hack, which granted the hackers access to a long list of U.S. government and partner systems and raises serious national security concerns, a wide range of politicians and cyber analysts have been quick to call for increased investments in U.S. cyber capabilities and operations to meet the threats of an increasingly cyber-capable world. However, these calls too often overlook another approach to meeting the threat that has received far less attention and resources: cyber diplomacy.
"Advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same."
Similarly to many in the field of nuclear weapons policy, proponents of expanding our cyber capabilities tend to view the threats we face in cyberspace through the lens of deterrence--as the logic goes, we need to increase and display our capabilities in order to deter attacks. In the nuclear world, that logic has meant building and deploying new nuclear weapons, like the recently deployed low-yield W76-2 warhead that was designed to be "more usable," despite obvious concerns that this could increase rather than decrease the risk of nuclear war.
In the cyber world, deterrence has sometimes meant infiltrating systems of our adversaries without actually attacking them--a demonstration that if provoked, we would be able to respond dramatically--but it can also mean retaliation to deter future attacks. Tellingly, advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same. Examples of this in the nuclear space abound, but one need not look far in the short history of cyberspace to find compelling examples there as well.
When the U.S. deployed the Stuxnet virus against Iran with the goal of setting back its nuclear program and incentivizing Iran to negotiate, the effort seemed to go as planned--the U.S. destroyed around a thousand Iranian centrifuges, machines that refine uranium, and Iran took more centrifuges offline as a precaution. Arguably, despite Iran tripling its number of centrifuges in the wake of the attack, the hack--along with a host of other factors--accelerated Iran's approach to the negotiating table. But the long-term drawbacks became clear when Iran responded with heavy investments in cyber capabilities and a wave of hacks against U.S. financial institutions that even its far less sophisticated cyber program was able to orchestrate with relative ease.
In The Perfect Weapon, a prominent book on the subject of cyberwar and international relations, New York Times correspondent David Sanger argued that the U.S. could have used the opportunity of the revelations around the Stuxnet attack to pursue diplomacy to limit the use of cyber weapons, but chose not to. As Sanger explained, the U.S. had a lead over other nations in the development of cyber capabilities, and may have risked losing that lead if it agreed to limitations. But a stronger motivation, he argued, was that diplomacy would have put the brakes on a wide range of U.S. cyber operations already underway.
Both of these concerns illustrate a perennial problem in U.S. foreign policy--a short-sightedness we cannot seem to correct. For one, the U.S. may not maintain this lead for long, if it still in fact does. More importantly, pursuing a temporary advantage in cyberspace at the expense of diplomacy excludes a far more promising strategy for preventing the proliferation of cyber attacks than the shaky logic of deterrence.
One impediment to cyber diplomacy is that it is often difficult to prove the origin of an attack, making accountability and enforcement of any potential agreement a particular challenge. Notably, this presents a similar problem for advocates of deterrence, as deterring adversaries is more challenging if those adversaries believe they can successfully obscure the origin of their attacks. Regardless, attribution challenges are no reason to forgo diplomacy.
International agreements do not need to be perfect--they rarely are. For diplomacy to be worthwhile, it simply needs to offer more hope for reducing risk than its alternatives, and in this case it clearly does. Securing agreements against the use of cyber weapons, particularly where civilians and vital infrastructure are concerned, would increase the potential political cost of launching such attacks, whether or not their involvement could be definitively proven, and over time, as with nuclear weapons, it could create a cultural taboo against their use. It would also reduce the global demand for investments in cyber warfare that could be better spent on the provision of human needs like housing, healthcare, and sustainable energy.
The incoming Biden-Harris administration should prioritize cyber diplomacy by investing in State Department capacity on cyber issues and pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China. The alternatives--a cyber arms spending spree and endless cycles of retaliatory cyber attacks--are both costly and dangerous. At best, such alternatives squander valuable resources while offering us a false sense of security through the dubious logic of deterrence. At worst, they could lead to a tit-for-tat cycle of escalation that ends in catastrophe. It should be an easy decision.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, The U.S. is on a fast track to authoritarianism like nothing I've ever seen. Meanwhile, corporate news outlets are utterly capitulating to Trump, twisting their coverage to avoid drawing his ire while lining up to stuff cash in his pockets. That's why I believe that Common Dreams is doing the best and most consequential reporting that we've ever done. Our small but mighty team is a progressive reporting powerhouse, covering the news every day that the corporate media never will. Our mission has always been simple: To inform. To inspire. And to ignite change for the common good. Now here's the key piece that I want all our readers to understand: None of this would be possible without your financial support. That's not just some fundraising cliche. It's the absolute and literal truth. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. Will you donate now to help power the nonprofit, independent reporting of Common Dreams? Thank you for being a vital member of our community. Together, we can keep independent journalism alive when it’s needed most. - Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Gabe Murphy
Gabe Murphy is a writer and peace advocate with a master's degree in Global Studies from the University of California, Berkeley. Follow him on Twitter: @GabeRMurphy
In the wake of recent and ongoing revelations about the massive SolarWinds hack, which granted the hackers access to a long list of U.S. government and partner systems and raises serious national security concerns, a wide range of politicians and cyber analysts have been quick to call for increased investments in U.S. cyber capabilities and operations to meet the threats of an increasingly cyber-capable world. However, these calls too often overlook another approach to meeting the threat that has received far less attention and resources: cyber diplomacy.
"Advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same."
Similarly to many in the field of nuclear weapons policy, proponents of expanding our cyber capabilities tend to view the threats we face in cyberspace through the lens of deterrence--as the logic goes, we need to increase and display our capabilities in order to deter attacks. In the nuclear world, that logic has meant building and deploying new nuclear weapons, like the recently deployed low-yield W76-2 warhead that was designed to be "more usable," despite obvious concerns that this could increase rather than decrease the risk of nuclear war.
In the cyber world, deterrence has sometimes meant infiltrating systems of our adversaries without actually attacking them--a demonstration that if provoked, we would be able to respond dramatically--but it can also mean retaliation to deter future attacks. Tellingly, advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same. Examples of this in the nuclear space abound, but one need not look far in the short history of cyberspace to find compelling examples there as well.
When the U.S. deployed the Stuxnet virus against Iran with the goal of setting back its nuclear program and incentivizing Iran to negotiate, the effort seemed to go as planned--the U.S. destroyed around a thousand Iranian centrifuges, machines that refine uranium, and Iran took more centrifuges offline as a precaution. Arguably, despite Iran tripling its number of centrifuges in the wake of the attack, the hack--along with a host of other factors--accelerated Iran's approach to the negotiating table. But the long-term drawbacks became clear when Iran responded with heavy investments in cyber capabilities and a wave of hacks against U.S. financial institutions that even its far less sophisticated cyber program was able to orchestrate with relative ease.
In The Perfect Weapon, a prominent book on the subject of cyberwar and international relations, New York Times correspondent David Sanger argued that the U.S. could have used the opportunity of the revelations around the Stuxnet attack to pursue diplomacy to limit the use of cyber weapons, but chose not to. As Sanger explained, the U.S. had a lead over other nations in the development of cyber capabilities, and may have risked losing that lead if it agreed to limitations. But a stronger motivation, he argued, was that diplomacy would have put the brakes on a wide range of U.S. cyber operations already underway.
Both of these concerns illustrate a perennial problem in U.S. foreign policy--a short-sightedness we cannot seem to correct. For one, the U.S. may not maintain this lead for long, if it still in fact does. More importantly, pursuing a temporary advantage in cyberspace at the expense of diplomacy excludes a far more promising strategy for preventing the proliferation of cyber attacks than the shaky logic of deterrence.
One impediment to cyber diplomacy is that it is often difficult to prove the origin of an attack, making accountability and enforcement of any potential agreement a particular challenge. Notably, this presents a similar problem for advocates of deterrence, as deterring adversaries is more challenging if those adversaries believe they can successfully obscure the origin of their attacks. Regardless, attribution challenges are no reason to forgo diplomacy.
International agreements do not need to be perfect--they rarely are. For diplomacy to be worthwhile, it simply needs to offer more hope for reducing risk than its alternatives, and in this case it clearly does. Securing agreements against the use of cyber weapons, particularly where civilians and vital infrastructure are concerned, would increase the potential political cost of launching such attacks, whether or not their involvement could be definitively proven, and over time, as with nuclear weapons, it could create a cultural taboo against their use. It would also reduce the global demand for investments in cyber warfare that could be better spent on the provision of human needs like housing, healthcare, and sustainable energy.
The incoming Biden-Harris administration should prioritize cyber diplomacy by investing in State Department capacity on cyber issues and pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China. The alternatives--a cyber arms spending spree and endless cycles of retaliatory cyber attacks--are both costly and dangerous. At best, such alternatives squander valuable resources while offering us a false sense of security through the dubious logic of deterrence. At worst, they could lead to a tit-for-tat cycle of escalation that ends in catastrophe. It should be an easy decision.
Gabe Murphy
Gabe Murphy is a writer and peace advocate with a master's degree in Global Studies from the University of California, Berkeley. Follow him on Twitter: @GabeRMurphy
In the wake of recent and ongoing revelations about the massive SolarWinds hack, which granted the hackers access to a long list of U.S. government and partner systems and raises serious national security concerns, a wide range of politicians and cyber analysts have been quick to call for increased investments in U.S. cyber capabilities and operations to meet the threats of an increasingly cyber-capable world. However, these calls too often overlook another approach to meeting the threat that has received far less attention and resources: cyber diplomacy.
"Advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same."
Similarly to many in the field of nuclear weapons policy, proponents of expanding our cyber capabilities tend to view the threats we face in cyberspace through the lens of deterrence--as the logic goes, we need to increase and display our capabilities in order to deter attacks. In the nuclear world, that logic has meant building and deploying new nuclear weapons, like the recently deployed low-yield W76-2 warhead that was designed to be "more usable," despite obvious concerns that this could increase rather than decrease the risk of nuclear war.
In the cyber world, deterrence has sometimes meant infiltrating systems of our adversaries without actually attacking them--a demonstration that if provoked, we would be able to respond dramatically--but it can also mean retaliation to deter future attacks. Tellingly, advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same. Examples of this in the nuclear space abound, but one need not look far in the short history of cyberspace to find compelling examples there as well.
When the U.S. deployed the Stuxnet virus against Iran with the goal of setting back its nuclear program and incentivizing Iran to negotiate, the effort seemed to go as planned--the U.S. destroyed around a thousand Iranian centrifuges, machines that refine uranium, and Iran took more centrifuges offline as a precaution. Arguably, despite Iran tripling its number of centrifuges in the wake of the attack, the hack--along with a host of other factors--accelerated Iran's approach to the negotiating table. But the long-term drawbacks became clear when Iran responded with heavy investments in cyber capabilities and a wave of hacks against U.S. financial institutions that even its far less sophisticated cyber program was able to orchestrate with relative ease.
In The Perfect Weapon, a prominent book on the subject of cyberwar and international relations, New York Times correspondent David Sanger argued that the U.S. could have used the opportunity of the revelations around the Stuxnet attack to pursue diplomacy to limit the use of cyber weapons, but chose not to. As Sanger explained, the U.S. had a lead over other nations in the development of cyber capabilities, and may have risked losing that lead if it agreed to limitations. But a stronger motivation, he argued, was that diplomacy would have put the brakes on a wide range of U.S. cyber operations already underway.
Both of these concerns illustrate a perennial problem in U.S. foreign policy--a short-sightedness we cannot seem to correct. For one, the U.S. may not maintain this lead for long, if it still in fact does. More importantly, pursuing a temporary advantage in cyberspace at the expense of diplomacy excludes a far more promising strategy for preventing the proliferation of cyber attacks than the shaky logic of deterrence.
One impediment to cyber diplomacy is that it is often difficult to prove the origin of an attack, making accountability and enforcement of any potential agreement a particular challenge. Notably, this presents a similar problem for advocates of deterrence, as deterring adversaries is more challenging if those adversaries believe they can successfully obscure the origin of their attacks. Regardless, attribution challenges are no reason to forgo diplomacy.
International agreements do not need to be perfect--they rarely are. For diplomacy to be worthwhile, it simply needs to offer more hope for reducing risk than its alternatives, and in this case it clearly does. Securing agreements against the use of cyber weapons, particularly where civilians and vital infrastructure are concerned, would increase the potential political cost of launching such attacks, whether or not their involvement could be definitively proven, and over time, as with nuclear weapons, it could create a cultural taboo against their use. It would also reduce the global demand for investments in cyber warfare that could be better spent on the provision of human needs like housing, healthcare, and sustainable energy.
The incoming Biden-Harris administration should prioritize cyber diplomacy by investing in State Department capacity on cyber issues and pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China. The alternatives--a cyber arms spending spree and endless cycles of retaliatory cyber attacks--are both costly and dangerous. At best, such alternatives squander valuable resources while offering us a false sense of security through the dubious logic of deterrence. At worst, they could lead to a tit-for-tat cycle of escalation that ends in catastrophe. It should be an easy decision.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.