March 8, 2013 3:55:07 am
It seems a day doesnt go by without reports of cyber attacks,calls for reform and action. President Barack Obama discussed the issue in his State of the Union address. Mandiant,a cybersecurity consultancy,has issued a report detailing the activities of a group it alleges is affiliated to the Peoples Liberation Army of China and responsible for infiltrating over 100 organisations within the US.
The importance of cybersecurity has been affirmed at the highest levels of government,media and industry. Yet,there is no clear path forward. Illustrative of this difficulty is what some refer to as a definitional issue: there isnt even international consensus on what cybersecurity means. Various actors have different conceptions,including a grab-bag of issues such as cybercrime,industrial espionage,cyberwarfare,protection of critical infrastructure,internet freedom,responsibility for assigning domain names and numbers.
In the US,a range of legislative and executive measures have been considered to deal with the proliferation of threats in cyberspace. In response to a legislative impasse,Obama issued an executive order to deal with issues raised by proposed legislation. While this was a step in the right direction,Obama did well to call for a legislative solution. Some of the key aspects of cybersecurity reform,including liability provisions for corporations that engage in information sharing as well as the power to develop and implement mandatory standards to protect critical infrastructure,cannot be done without Congressional approval.
The US has largely portrayed itself as a victim of Chinese cyber-attacks. While there is a significant degree of industrial espionage,it is important to understand this outcry within a broader set of issues. David Sangers Confront and Conceal essentially confirmed the US was behind the development of Stuxnet,a worm designed to impair centrifuges at Irans Natanz nuclear facility. There is no doubt among the informed that the US has developed significant capacity in the cyber domain through the US Cyber Command and the National Security Agency.
Even as the US kicks up a row over industrial espionage and cyber attacks by China,there is little domestic discussion of the cybersecurity issues that preoccupy the Chinese. The Chinese government,through official and unofficial channels,has expressed significant discontent with the management of the Internet Corporation for Assigned Names and Numbers (ICANN),a California corporation that runs the Domain Name System (DNS). This vital responsibility,the Chinese allege,is subject to the control of the US government,which it sees as unacceptable. The Chinese view the Great Firewall and their myriad tools of censoring the internet as crucial elements of maintaining a harmonious society in the information age. These matters,and concern about Americas leading role in the weaponisation of cyberspace,seem to be predominant issues in the Chinese discussion on cybersecurity.
For two big powers to share such serious concerns on a matter of such importance is not novel. Scholars have drawn historical analogues,most notably to lessons learned from the advent and proliferation of nuclear weapons. Unlike the strategic talks between the US and the former Soviet Union,however,where the question of nuclear security was capably approached using a framework that emphasised the role of state actors in proliferation and deterrence,successful dialogue between the US and China on cybersecurity will include national security and critical infrastructure. But it must also include issues that involve non-state actors,such as industrial competitiveness and censorship.
The rise of China and the US in the cyber domain presents a vexing problem for countries such as India. On one hand,India is not immune to the problems the US faces as a 2010 report,Shadows in the Cloud, made clear,many organs of the Indian national security establishment have been compromised by hackers likely affiliated to China. Yet the decision to participate in a cyber arms race raises serious questions of investment,risk and pay-off. Does it make sense for a developing country to engage in industrial espionage? If reports are to be believed,China has benefited significantly from such an approach. Will there be different diplomatic costs were India to engage in the same? It is difficult to say. While the issues raised by the latest US-China row dont necessarily reflect a bipolar world in cybersecurity,there are serious questions as to whether a world that has become increasingly multi-polar in many ways will exert such a democratising or tempering influence on this matter of bilateral tension.
There is,unfortunately,no silver bullet for the problems posed by insecurity in cyberspace. As individuals and organisations confront the question of how to deal with the problems posed by these risks,nations must also play an important role in establishing priorities,norms and negotiating positions. Only if there is an established language for dialogue and a willingness to compromise on things held dear,will progress be made. Until that happens,the world is caught in the least optimal box of a prisoners dilemma we all must invest,with no guarantee of return.
The writer is associate,exploration in Cyber International Relations,Harvard-MIT,email@example.com
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.