Toward a Global Cyberspace Regime
by Nikolas Ott
Conflict in cyberspace is on the rise. As we’ve seen with the Stuxnet malware that destroyed Iranian nuclear centrifuges, the hacking of the U.S. Office of Personal Management, and the virus in Germany’s parliamentary servers, both state and non-state actors are experimenting with new and more aggressive ways to exploit cyberspace. The time has come to clarify how to deal with such incidents in order to prevent their escalation.
We created today’s system of international institutions to deal with disputes, usually after a costly conflict. It was worth it for nations to give up some freedom in return for stability. Now we should do the same to create institutions that protect cyberspace. Given the fundamental role of cyberspace in economic prosperity, global communication, and quality of life, we cannot afford risking the only global cyberspace we have.
Given the borderless design of cyberspace, existing international institutions and confidence-building measures seem unable to create sufficient trust among states. The most severe cyberattacks to date were conducted on behalf of or through government agencies. It is therefore crucial that states collectively and voluntarily restrict their actions in cyberspace before we experience a major cyber conflict.
Academics label such agreements as regimes, which facilitate inter-state engagement, support confidence building measures, and harmonize laws, norms, or procedures among states. According to Joseph Nye, a professor at the Harvard Kennedy School, many regimes exist that, at least partially, affect states’ behavior in cyberspace. However, there are still significant gaps, and the expansion of existing regimes or the creation of new regimes would help reduce friction among states in cyberspace. The recent bilateral agreement under which the United States and China vowed not to spy on each other’s industries for economic purposes is a first step in filling these gaps. This agreement, while narrow in scope, constitutes a first major step between two of the most active nations in cyberspace.
The U.S.-China agreement might suggest a stronger interest in harmonizing state actions in cyberspace by identifying common norms and interests and transforming them into regimes. While President Bush’s Comprehensive National Security Initiative, issued in 2008 and declassified by President Obama in 2010, did not mention the harmonization of norms, regimes, or international cooperation as means to achieve national cybersecurity, President Obama has introduced a policy change in favor of fostering international legal norms in cyberspace. Let us hope the next U.S. President will continue on this path.
Given the wide use of cyberspace for personal communication, business, and daily life activities, the U.S. has significant economic interest in an open and stable cyberspace. One way to achieve that is by expanding existing cyber regimes. In fact, U.S. government officials engage in such efforts constantly. However, what the U.S. currently lacks is a strong diplomatic cyber alliance focusing on the political and military challenges that an open and borderless cyberspace constitutes.
Europe is the closest ally of the U.S. in many ways. Both share common values and core beliefs about individual freedoms and democratic government, and they constantly exchange ideas through a variety of international regimes. Even so, different opinions on the interpretation of privacy in cyberspace, the commercial use of personal data, and the scope of national security agencies constitute a barrier to stronger joint action. The same obstacle occurs with regard to Latin American countries that share many of these core beliefs. However, all of these nations share a strategic interest in maintaining an open and globally accessible cyberspace.
On the other side, Russia, China, and some other nations that do not share the same norms on individual freedoms, privacy, and freedom of expression have entered the global cyber realm and are here to stay. In particular, China’s effort to establish a separate infrastructure for its citizens, disconnected from the rest of the world, constitutes an alarming trend that requires the attention of any nation that relies on and believes in the importance of a global, borderless cyberspace.
Such stark contrasts in core beliefs and perceptions are prone to cause significant friction and constitute a threat to the overall stability of inter-state relations. As some of the cultural norms and perceptions contributing to the conflicting perspectives on cyberspace and cybersecurity are well-established, surmounting these entrenched obstacles may not be a simple task.
It can be easy to overemphasize differences on issues such as proper privacy protection in cyberspace, but such disagreements should not prevent states from cooperating on more fundamental challenges in cyberspace. This could lead to the creation of a diplomatic alliance that jointly acts to assure that cyberspace remains a global, open, and free environment.
Such an alliance may require to voluntarily abide by norms that result from compromise and thus may seem imperfect to begin with, but doing so most likely will enhance collective interests and better assure the survival of a global, borderless cyberspace.
One first step would be to acknowledge that traditional arms control agreements will not work in cyberspace due to the nature of computer code as a dual-use good, which complicates the verification of any agreements. For this very reason the Wassenaar Arrangement‘s update on limiting the export on intrusion software met pushback from private businesses and civil society representatives in both the European Union and the United States.
Instead of undertaking the tedious task of identifying a precise definition of “cyber weapon” to control their export, Western nations should try to initiate negotiations for comprehensive confidence-building measures in cyberspace. It is crucial that both sides harmonize their efforts in order to maximize the impact of this initiative. Some countries may not be interested in joining these negotiations, but their existence would ensure that the topic receives attention from relevant countries.
The 2015 report of the UN Group of Governmental Experts for Cybersecurity has shown us that the details of such agreements will certainly be difficult to reach, though the strategic value of developing strong cyber regimes will benefit all actors involved. Such efforts will contribute to an ongoing and important debate among nations on the role of cultural values within cyberspace.
Ultimately, China, the United States, Europe, and the rest of the world will have to come up with common rules and procedures to further develop — and avoid destroying — the only cyberspace we possess.
About the Author
Nikolas Ott is a Master of Arts in Law and Diplomacy candidate at The Fletcher School, where he focuses on public international law and security studies. This past summer he was a trainee at the Delegation of European Union to the United States in Washington, D.C. He is originally from Germany, where he graduated from the Freie Universität Berlin with a degree in Political Science.