“Cyber infrastructure” is critical to the global economy. Yet it is badly secured, worse governed, and a place of interstate competition and potential conflict. Without legal and diplomatic structures that can be used to govern the use of weaponized code. There are widespread concern of North Koreas recent Sony Hack Attacks. Indeed, the Sony hack demonstrates the urgency with which the United States must develop policies that send a clear signal to would-be attackers that they will pay a high price for seeking to strike the United States and that the U.S. government is relentlessly committed to protecting businesses and making it increasingly difficult for future attacks to succeed.
The fact remains, however, that with existing norms in the cyber security environments. There is a “military competition” in cyberspace as nations build cyber capabilities, but the primary problems are diplomatic and economic. The cyber domain is better understood in terms of competition than of war. The possession of advanced cyber attack capabilities has tended to instill caution in nations. Still, cyber competition can increase risks of miscalculation, conflict and escalation during wider interstate tension. As highlighted in Sony Hack Attacks Presage New Warfare article by Alec Ross. “Cyber conflict shifts norms in transnational conflict (from company toward a country)”. Avoiding miscalculation and escalation, where one nation mistakenly assumes that espionage or political action is the precursor to an actual take tensions over computer security between Washington and Beijing since the Justice Department in May indicted five hackers working for the Chinese military on charges of stealing sensitive information from American companies.
States must not use proxies to commit internationally wrongful acts; and states should seek to ensure that their territories are not used by non-state actors for unlawful use of information and communication technologies (ICTs). The problem with recent Sony attacks is the stability of North Korean decision-making and the ability of North Korea’s leaders to accurately calculate the risk that a cyber attack could entail.
Cyber competition and conflict has a large Asian dimension.
Conflict and competition in cyberspace is part of a larger shift in the international security environment as power flows away from Europe and as the global institutions developed after World War II are challenged by new economic powers. Rising nations like China, Russia, India and others – will expand their influence, sometimes in cooperation with the U.S., but at times in competition for influence and regional leadership. The terms of this competition will not be narrowly military, but will include a contest to influence and control the structures and rules of global finance and business.
An obstacle to managing cyber competition among states is the blurred boundaries between cyber-crime, cyber-espionage and cyber-attack among states. If the threat of cyber war is exaggerated, the risk of cyber espionage and cyber crime is vastly under-appreciated. Rampant cyber espionage in Asia is a source of instability. The most damaging aspect of cyber-spying is economic espionage – where technology, research products, confidential business information, and intellectual property can all be stolen. Managed well, the data can be used to unlock new sources of economic value, provide fresh insights into science. The damage may not be visible immediately – but then the goal of espionage is not to be detected.
North Korea will be an anomaly and an outlier in the efforts to make cyberspace more secure and stable in Asia. As a result of these, both China and Nord Korea´s cyber actions are a threat to stability and the structures of global business. As noted by James A. Lewis in his July 23th 2013: Testimony Subcommittee on Asia and the Pacific House Foreign Affairs Committee “Asia The Cybersecurity Battleground” (CSIS) “Cyber espionage plays an important part in the growth of the Chinese economy and Chinese leaders will be reluctant to put this at risk at a time when their economy is slowing down”.
United States officials said they see a chance to work with the Chinese on a subject the two countries have been warily discussing for several years: Establishing “rules of the road” for acceptable behavior in cyberspace. There is room for grater dialogue on how these diplomatic policies should be managed, because it is in the interest of all. Further, the international community seeks to create incentives for cooperation on shared threats and toavoid conflict, and to create disincentives for states to disrupt one another’s networks or infrastructure. The United States has long been a leader and strong proponent of this effort.
The strategic cyber challenge in Asia should be addressed in multiple ways. Cooperation in cyber defence between the United States and its allies can proceed in tandem with greater efforts at US-China dialogue and reassurance. Cooperative approaches worth pursuing include agreement on norms for responsible state behavior in cyberspace and reaching common agreement on the applicability of international laws of war in cyberspace.
The 2012-2013 UN Group of Governmental Experts landmark consensus—including the affirmation of the applicability of existing international law to cyberspace—and confidence-building measures agreed to in the Organization for Security and Cooperation in Europe and their implementation to reduce the prospects for conflict in cyberspace, give us the essential tools with which to build peaceful intergovernmental relations in cyberspace. The U.S. and the EU share a common understanding that norms of responsible behavior are needed to guide states’ actions in cyberspace.