The biblical decree from Old Testament prophet Isaiah, “and they shall beat their swords into ploughshares, and their spears into pruning hooks: nation shall not lift up sword against nation, neither shall they learn war any more”, will be very familiar to those in the UN family. It is echoed by a statue in the UN garden in New York, donated by the Soviet Union in 1959. How, though, might this mighty dictum be applied in the modern day and to the burgeoning realm of cyberspace?
The growth of the internet continues to transform both social and economic structures around the globe. Extensive research has amply demonstrated the positive economic impacts. The dramatic growth in social networks has built new online communities with a welcome disregard for geographic distance. However, such tools can be put to many uses, both welcome and unwelcome. The so-called “dark markets” – forums operated on the internet by organised crime – exemplify this negative dimension.
It should hardly be a surprise that nations see cyberspace both as a critical new area for intelligence gathering, building on a long history of electronic surveillance; and as a new field of warfare that at some level avoids the political and logistical challenges of boots on the ground. Recent examples of cyber-attacks include the major hits on Estonia in 2007, attributed to, but denied by, Russia, and the Stuxnet worm attack on Iranian nuclear facilities, which has been attributed jointly to the US and Israel. While these developments have occurred quickly, international treaty making bodies, which by their very nature move slowly, have yet to catch up. This mismatch is becoming increasingly dangerous.
Over many years, states and state agencies have developed a clear understanding of which physical threats were considered acceptable, and which would bring a swift and damaging response. Thus some (largely unwritten) rules of the game came to be generally accepted. No such norms are yet accepted in cyberspace. Under what circumstances are offensive cyber operations justified? When might it be legitimate to respond to cyber-attack with conventional weapons and forces? What level of civilian death and injury stemming from a cyber-attack might constitute a war crime?
Since its origins, governance of the internet has been deliberately minimal. The vital management of internet naming and addressing has always been handled through the Internet Corporation for Assigned Names and Numbers, under contract from the US Department of Commerce. This US role is likely to come under increased pressure following recent revelations about the country’s global surveillance programmes. Yet there are also those states who would like to throttle the freedoms of the internet, severely limiting access by their populations to uncensored information. One example here is the “Great Firewall of China”, which the Chinese authorities use to exert strong controls over content deemed to be undesirable. The way forward therefore remains fraught.
The UN has made tentative moves in this arena. The World Summit on the Information Society, held in 2003 and 2005, and organised by the International Telecommunication Union, was followed by the United Nations Group on the Information Society. These have sought a way forward on areas such as governance of the internet. General Assembly Resolution 66/24 set up a Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. Its report, published in June 2013, is a useful step forward but largely neglected the thorny issues around impact on individuals’ privacy and human rights.
Other multilateral organisations have also been active in this area in recent months. NATO, for example, held an International Conference on Cyber Conflict in Tallinn in June as well as a Seminar on the International Law of Cyber Operations in September. And in February the European Commission and the High Representative of the European Union for Foreign Affairs and Security Policy published its first comprehensive Cyber Security Strategy.
It is imperative that new rules defining acceptable (and unacceptable) behaviour in cyberspace are developed for the common good, based on the achievement of a broad consensus. The UN is the obvious starting point, but if it fails to rise fully to the challenge, new multilateral bodies will need to step in. The longterm impact on the UN’s credibility if this occurs is incalculable. One thing is clear – we will not be able to continue to enjoy the fruits of the cyber ploughshares if we cannot develop credible frameworks to constrain the cyber swords.
Professor Jim Norton is a Fellow of the UK Royal Academy of Engineering and former President of BCS, The Chartered Institute for IT. He was a member of the Institute for Public Policy Research's Commission on National Security in the 21st Century
Photo: © UN Photo/Andrea Brizzi. The sculpture Let Us Beat Our Swords into Ploughshares was presented to the United Nations on 4 December 1959 by the USSR.