It is time for countries to start talking about arms control on the internet
THROUGHOUT history new technologies have revolutionised warfare, sometimes abruptly, sometimes only gradually: think of the chariot, gunpowder, aircraft, radar and nuclear fission. So it has been with information technology. Computers and the internet have transformed economies and given Western armies great advantages, such as the ability to send remotely piloted aircraft across the world to gather intelligence and attack targets. But the spread of digital technology comes at a cost: it exposes armies and societies to digital attack.
The threat is complex, multifaceted and potentially very dangerous. Modern societies are ever more reliant on computer systems linked to the internet, giving enemies more avenues of attack. If power stations, refineries, banks and air-traffic-control systems were brought down, people would lose their lives. Yet there are few, if any, rules in cyberspace of the kind that govern behaviour, even warfare, in other domains. As with nuclear- and conventional-arms control, big countries should start talking about how to reduce the threat from cyberwar, the aim being to restrict attacks before it is too late.
The army reboots
Cyberspace has become the fifth domain of warfare, after land, sea, air and space (see article). Some scenarios imagine the almost instantaneous failure of the systems that keep the modern world turning. As computer networks collapse, factories and chemical plants explode, satellites spin out of control and the financial and power grids fail.
That seems alarmist to many experts. Yet most agree that infiltrating networks is pretty easy for those who have the will, means and the time to spare. Governments know this because they are such enthusiastic hackers themselves. Spies frequently break into computer systems to steal information by the warehouse load, whether it is from Google or defence contractors. Penetrating networks to damage them is not much harder. And, if you take enough care, nobody can prove you did it.
The cyber-attacks on Estonia in 2007 and on Georgia in 2008 (the latter strangely happened to coincide with the advance of Russian troops across the Caucasus) are widely assumed to have been directed by the Kremlin, but they could be traced only to Russian cyber-criminals. Many of the computers used in the attack belonged to innocent Americans whose PCs had been hijacked. Companies suspect China of organising mini-raids to ransack Western know-how: but it could just have easily been Western criminals, computer-hackers showing off or disillusioned former employees. One reason why Western governments have until recently been reticent about cyber-espionage is surely because they are dab hands at it, too.