SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
Members of the U.S. Air Force 624th Operations Center conduct cyber operations supporting U.S. Air Force network operations and the joint requirements of the Air Force component of Cyber Command. (Photo: U.S. Air Force/William Belcher)
Cyber Threats Call for Cyber Diplomacy
"The incoming Biden-Harris administration should prioritize cyber diplomacy by... pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China."
Dec 21, 2020
In the wake of recent and ongoing revelations about the massive SolarWinds hack, which granted the hackers access to a long list of U.S. government and partner systems and raises serious national security concerns, a wide range of politicians and cyber analysts have been quick to call for increased investments in U.S. cyber capabilities and operations to meet the threats of an increasingly cyber-capable world. However, these calls too often overlook another approach to meeting the threat that has received far less attention and resources: cyber diplomacy.
"Advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same."
Similarly to many in the field of nuclear weapons policy, proponents of expanding our cyber capabilities tend to view the threats we face in cyberspace through the lens of deterrence--as the logic goes, we need to increase and display our capabilities in order to deter attacks. In the nuclear world, that logic has meant building and deploying new nuclear weapons, like the recently deployed low-yield W76-2 warhead that was designed to be "more usable," despite obvious concerns that this could increase rather than decrease the risk of nuclear war.
In the cyber world, deterrence has sometimes meant infiltrating systems of our adversaries without actually attacking them--a demonstration that if provoked, we would be able to respond dramatically--but it can also mean retaliation to deter future attacks. Tellingly, advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same. Examples of this in the nuclear space abound, but one need not look far in the short history of cyberspace to find compelling examples there as well.
When the U.S. deployed the Stuxnet virus against Iran with the goal of setting back its nuclear program and incentivizing Iran to negotiate, the effort seemed to go as planned--the U.S. destroyed around a thousand Iranian centrifuges, machines that refine uranium, and Iran took more centrifuges offline as a precaution. Arguably, despite Iran tripling its number of centrifuges in the wake of the attack, the hack--along with a host of other factors--accelerated Iran's approach to the negotiating table. But the long-term drawbacks became clear when Iran responded with heavy investments in cyber capabilities and a wave of hacks against U.S. financial institutions that even its far less sophisticated cyber program was able to orchestrate with relative ease.
In The Perfect Weapon, a prominent book on the subject of cyberwar and international relations, New York Times correspondent David Sanger argued that the U.S. could have used the opportunity of the revelations around the Stuxnet attack to pursue diplomacy to limit the use of cyber weapons, but chose not to. As Sanger explained, the U.S. had a lead over other nations in the development of cyber capabilities, and may have risked losing that lead if it agreed to limitations. But a stronger motivation, he argued, was that diplomacy would have put the brakes on a wide range of U.S. cyber operations already underway.
Both of these concerns illustrate a perennial problem in U.S. foreign policy--a short-sightedness we cannot seem to correct. For one, the U.S. may not maintain this lead for long, if it still in fact does. More importantly, pursuing a temporary advantage in cyberspace at the expense of diplomacy excludes a far more promising strategy for preventing the proliferation of cyber attacks than the shaky logic of deterrence.
One impediment to cyber diplomacy is that it is often difficult to prove the origin of an attack, making accountability and enforcement of any potential agreement a particular challenge. Notably, this presents a similar problem for advocates of deterrence, as deterring adversaries is more challenging if those adversaries believe they can successfully obscure the origin of their attacks. Regardless, attribution challenges are no reason to forgo diplomacy.
International agreements do not need to be perfect--they rarely are. For diplomacy to be worthwhile, it simply needs to offer more hope for reducing risk than its alternatives, and in this case it clearly does. Securing agreements against the use of cyber weapons, particularly where civilians and vital infrastructure are concerned, would increase the potential political cost of launching such attacks, whether or not their involvement could be definitively proven, and over time, as with nuclear weapons, it could create a cultural taboo against their use. It would also reduce the global demand for investments in cyber warfare that could be better spent on the provision of human needs like housing, healthcare, and sustainable energy.
The incoming Biden-Harris administration should prioritize cyber diplomacy by investing in State Department capacity on cyber issues and pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China. The alternatives--a cyber arms spending spree and endless cycles of retaliatory cyber attacks--are both costly and dangerous. At best, such alternatives squander valuable resources while offering us a false sense of security through the dubious logic of deterrence. At worst, they could lead to a tit-for-tat cycle of escalation that ends in catastrophe. It should be an easy decision.
An Urgent Message From Our Co-Founder
Dear Common Dreams reader, It’s been nearly 30 years since I co-founded Common Dreams with my late wife, Lina Newhouser. We had the radical notion that journalism should serve the public good, not corporate profits. It was clear to us from the outset what it would take to build such a project. No paid advertisements. No corporate sponsors. No millionaire publisher telling us what to think or do. Many people said we wouldn't last a year, but we proved those doubters wrong. Together with a tremendous team of journalists and dedicated staff, we built an independent media outlet free from the constraints of profits and corporate control. Our mission has always been simple: To inform. To inspire. To ignite change for the common good. Building Common Dreams was not easy. Our survival was never guaranteed. When you take on the most powerful forces—Wall Street greed, fossil fuel industry destruction, Big Tech lobbyists, and uber-rich oligarchs who have spent billions upon billions rigging the economy and democracy in their favor—the only bulwark you have is supporters who believe in your work. But here’s the urgent message from me today. It's never been this bad out there. And it's never been this hard to keep us going. At the very moment Common Dreams is most needed, the threats we face are intensifying. We need your support now more than ever. We don't accept corporate advertising and never will. We don't have a paywall because we don't think people should be blocked from critical news based on their ability to pay. Everything we do is funded by the donations of readers like you. When everyone does the little they can afford, we are strong. But if that support retreats or dries up, so do we. Will you donate now to make sure Common Dreams not only survives but thrives? —Craig Brown, Co-founder |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
Gabe Murphy
Gabe Murphy is a writer and peace advocate with a master's degree in Global Studies from the University of California, Berkeley. Follow him on Twitter: @GabeRMurphy
In the wake of recent and ongoing revelations about the massive SolarWinds hack, which granted the hackers access to a long list of U.S. government and partner systems and raises serious national security concerns, a wide range of politicians and cyber analysts have been quick to call for increased investments in U.S. cyber capabilities and operations to meet the threats of an increasingly cyber-capable world. However, these calls too often overlook another approach to meeting the threat that has received far less attention and resources: cyber diplomacy.
"Advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same."
Similarly to many in the field of nuclear weapons policy, proponents of expanding our cyber capabilities tend to view the threats we face in cyberspace through the lens of deterrence--as the logic goes, we need to increase and display our capabilities in order to deter attacks. In the nuclear world, that logic has meant building and deploying new nuclear weapons, like the recently deployed low-yield W76-2 warhead that was designed to be "more usable," despite obvious concerns that this could increase rather than decrease the risk of nuclear war.
In the cyber world, deterrence has sometimes meant infiltrating systems of our adversaries without actually attacking them--a demonstration that if provoked, we would be able to respond dramatically--but it can also mean retaliation to deter future attacks. Tellingly, advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same. Examples of this in the nuclear space abound, but one need not look far in the short history of cyberspace to find compelling examples there as well.
When the U.S. deployed the Stuxnet virus against Iran with the goal of setting back its nuclear program and incentivizing Iran to negotiate, the effort seemed to go as planned--the U.S. destroyed around a thousand Iranian centrifuges, machines that refine uranium, and Iran took more centrifuges offline as a precaution. Arguably, despite Iran tripling its number of centrifuges in the wake of the attack, the hack--along with a host of other factors--accelerated Iran's approach to the negotiating table. But the long-term drawbacks became clear when Iran responded with heavy investments in cyber capabilities and a wave of hacks against U.S. financial institutions that even its far less sophisticated cyber program was able to orchestrate with relative ease.
In The Perfect Weapon, a prominent book on the subject of cyberwar and international relations, New York Times correspondent David Sanger argued that the U.S. could have used the opportunity of the revelations around the Stuxnet attack to pursue diplomacy to limit the use of cyber weapons, but chose not to. As Sanger explained, the U.S. had a lead over other nations in the development of cyber capabilities, and may have risked losing that lead if it agreed to limitations. But a stronger motivation, he argued, was that diplomacy would have put the brakes on a wide range of U.S. cyber operations already underway.
Both of these concerns illustrate a perennial problem in U.S. foreign policy--a short-sightedness we cannot seem to correct. For one, the U.S. may not maintain this lead for long, if it still in fact does. More importantly, pursuing a temporary advantage in cyberspace at the expense of diplomacy excludes a far more promising strategy for preventing the proliferation of cyber attacks than the shaky logic of deterrence.
One impediment to cyber diplomacy is that it is often difficult to prove the origin of an attack, making accountability and enforcement of any potential agreement a particular challenge. Notably, this presents a similar problem for advocates of deterrence, as deterring adversaries is more challenging if those adversaries believe they can successfully obscure the origin of their attacks. Regardless, attribution challenges are no reason to forgo diplomacy.
International agreements do not need to be perfect--they rarely are. For diplomacy to be worthwhile, it simply needs to offer more hope for reducing risk than its alternatives, and in this case it clearly does. Securing agreements against the use of cyber weapons, particularly where civilians and vital infrastructure are concerned, would increase the potential political cost of launching such attacks, whether or not their involvement could be definitively proven, and over time, as with nuclear weapons, it could create a cultural taboo against their use. It would also reduce the global demand for investments in cyber warfare that could be better spent on the provision of human needs like housing, healthcare, and sustainable energy.
The incoming Biden-Harris administration should prioritize cyber diplomacy by investing in State Department capacity on cyber issues and pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China. The alternatives--a cyber arms spending spree and endless cycles of retaliatory cyber attacks--are both costly and dangerous. At best, such alternatives squander valuable resources while offering us a false sense of security through the dubious logic of deterrence. At worst, they could lead to a tit-for-tat cycle of escalation that ends in catastrophe. It should be an easy decision.
Gabe Murphy
Gabe Murphy is a writer and peace advocate with a master's degree in Global Studies from the University of California, Berkeley. Follow him on Twitter: @GabeRMurphy
In the wake of recent and ongoing revelations about the massive SolarWinds hack, which granted the hackers access to a long list of U.S. government and partner systems and raises serious national security concerns, a wide range of politicians and cyber analysts have been quick to call for increased investments in U.S. cyber capabilities and operations to meet the threats of an increasingly cyber-capable world. However, these calls too often overlook another approach to meeting the threat that has received far less attention and resources: cyber diplomacy.
"Advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same."
Similarly to many in the field of nuclear weapons policy, proponents of expanding our cyber capabilities tend to view the threats we face in cyberspace through the lens of deterrence--as the logic goes, we need to increase and display our capabilities in order to deter attacks. In the nuclear world, that logic has meant building and deploying new nuclear weapons, like the recently deployed low-yield W76-2 warhead that was designed to be "more usable," despite obvious concerns that this could increase rather than decrease the risk of nuclear war.
In the cyber world, deterrence has sometimes meant infiltrating systems of our adversaries without actually attacking them--a demonstration that if provoked, we would be able to respond dramatically--but it can also mean retaliation to deter future attacks. Tellingly, advocates of deterrence, whether nuclear or cyber, often fail to acknowledge that the very act of pursuing and fielding new capabilities inspires others to do the same. Examples of this in the nuclear space abound, but one need not look far in the short history of cyberspace to find compelling examples there as well.
When the U.S. deployed the Stuxnet virus against Iran with the goal of setting back its nuclear program and incentivizing Iran to negotiate, the effort seemed to go as planned--the U.S. destroyed around a thousand Iranian centrifuges, machines that refine uranium, and Iran took more centrifuges offline as a precaution. Arguably, despite Iran tripling its number of centrifuges in the wake of the attack, the hack--along with a host of other factors--accelerated Iran's approach to the negotiating table. But the long-term drawbacks became clear when Iran responded with heavy investments in cyber capabilities and a wave of hacks against U.S. financial institutions that even its far less sophisticated cyber program was able to orchestrate with relative ease.
In The Perfect Weapon, a prominent book on the subject of cyberwar and international relations, New York Times correspondent David Sanger argued that the U.S. could have used the opportunity of the revelations around the Stuxnet attack to pursue diplomacy to limit the use of cyber weapons, but chose not to. As Sanger explained, the U.S. had a lead over other nations in the development of cyber capabilities, and may have risked losing that lead if it agreed to limitations. But a stronger motivation, he argued, was that diplomacy would have put the brakes on a wide range of U.S. cyber operations already underway.
Both of these concerns illustrate a perennial problem in U.S. foreign policy--a short-sightedness we cannot seem to correct. For one, the U.S. may not maintain this lead for long, if it still in fact does. More importantly, pursuing a temporary advantage in cyberspace at the expense of diplomacy excludes a far more promising strategy for preventing the proliferation of cyber attacks than the shaky logic of deterrence.
One impediment to cyber diplomacy is that it is often difficult to prove the origin of an attack, making accountability and enforcement of any potential agreement a particular challenge. Notably, this presents a similar problem for advocates of deterrence, as deterring adversaries is more challenging if those adversaries believe they can successfully obscure the origin of their attacks. Regardless, attribution challenges are no reason to forgo diplomacy.
International agreements do not need to be perfect--they rarely are. For diplomacy to be worthwhile, it simply needs to offer more hope for reducing risk than its alternatives, and in this case it clearly does. Securing agreements against the use of cyber weapons, particularly where civilians and vital infrastructure are concerned, would increase the potential political cost of launching such attacks, whether or not their involvement could be definitively proven, and over time, as with nuclear weapons, it could create a cultural taboo against their use. It would also reduce the global demand for investments in cyber warfare that could be better spent on the provision of human needs like housing, healthcare, and sustainable energy.
The incoming Biden-Harris administration should prioritize cyber diplomacy by investing in State Department capacity on cyber issues and pursuing multilateral negotiations with the major players in cyberspace, particularly Russia and China. The alternatives--a cyber arms spending spree and endless cycles of retaliatory cyber attacks--are both costly and dangerous. At best, such alternatives squander valuable resources while offering us a false sense of security through the dubious logic of deterrence. At worst, they could lead to a tit-for-tat cycle of escalation that ends in catastrophe. It should be an easy decision.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.