Is an international treaty possible?
Cyber security is a new frontier for the UN committee on disarmament and international security, which typically deals with conventional weapons. So when the United States takes its cyber concerns there in January from the economic forum, it will be uncharted waters.
The move signifies that at the highest levels of leadership, the United States has come to the conclusion that it needs to address cyber security in the international arena under the rubric of security. What happens at the talks is still unknowable, but some hope that real progress can be made on a comprehensive international protocol that governs cyberspace.
Alexander Ntoko is a cyber security expert at the International Telecom Union (ITU), a United Nations agency for information and communications technology issues, which has been working on new rules to govern cyberspace.
He stressed that the scope and nature of the threats are increasing, so much so that no single country or region is capable of putting together an effective solution to such a global issue.
"An international treaty is desirable and necessary," he said in an email message from Cameroon. "However, its scope needs to take into account the broad nature of the threats, crimes, vulnerabilities and attacks."
Ntoko explained that the ITU recently completed drafting a strategic approach built on five pillars: Legal measures, technical and procedural measures, organizational structures, capacity building, and international cooperation.
This Global Cybersecurity Agenda (GCA) has brought together governments, industry leaders and cyber security experts in an effort to enhance the capacity to prevent, defend and respond to cyber-threats. Having been in operation for just six months though, only 50 countries are members of the GCA.
While no one denies that international cooperation is needed, it's also true that suspicions taint the communal watering hole.
"There are certain innate limitations to the (international) discussions," said Weber. "The intelligence communities are using warfare ... to hack into other countries' critical infrastructure. These are things that many countries are doing as part of their intelligence gathering and yet none of them will want to admit it in public."
One challenge the world faces in pushing through an effective cyber-protocol is the painfully slow pace with which they come about. By the time policy is drafted and implemented, the technology has warp-speeded light years ahead.
"During the Geneva Convention in 1949 and the protocols that followed in the 1970s there was no such thing as cyber-attacks so there is a great example of how the policy is outdated by virtue of the technology," said Weber.
Also, the fifth pillar of the GCA -- the international treaty -- does not apply to non-state actors, another challenge created by the borderless nature of cyberspace.
"Terror groups are increasingly more involved in using the Internet both to acquire ill-gotten gains, make money, steal information, steal resources, and also to recruit," said Weber. " The whole notion of virtual jihad is becoming more and more prominent and we're seeing it more and more in the United States. So you can layer on to that intricacy on the whole framework and it makes it even more difficult to get things done quickly."
Virtual jihad makes use of the Internet to inspire, train, educate and recruit young Muslims to engage in a religious " struggle" against America and the West.
Ntoko stressed that a treaty is only one aspect in a far- reaching international strategy. Because of the asymmetric nature of cyber warfare, the GCA must include the work of leading global security companies so that a proactive strategy includes up-to- date technological systems that reduce threats and vulnerabilities.
As more countries come to the table to weigh in on a broad- ranging framework that addresses economic, financial and military considerations, the United Nations hopes to place itself at the center of a meaningful agreement.
"The priorities of different nations vary and to have an effective solution, it is important that the different views are taken into account," Ntoko said. "That is the role that ITU, as a neutral broker, can facilitate this common understanding and bring together the various parties to work on an approach that addresses the main concerns of all."
No easy feat, to be sure. But one likely to be attempted in the coming years.
Comments