James Andrew Lewis
Sometime in late October 1963, the United States and the Soviet Union reached the brink of nuclear war. Fortunately, war was averted, but the experience of the near miss led both sides to negotiate seriously on how to reduce the risk of nuclear war and how to manage the horrific consequences of new weapons. The threat of nuclear war in 1963 was the starting point of a long series of talks between opponents that ultimately produced meaningful agreements on weapons of mass destruction and on measures to promote stability and reduce the risk of armed conflict. While that edifice of agreements has recently begun to crumble as Russia and the United States reconsider concessions and as the older, bipolar arrangement is pressed by the emergence of China (which was never party to these agreements), 1963 still provides a vantage point for assessing cybersecurity negotiations.
The nuclear experience shaped cybersecurity agreements—for example, the 2015 consensus report of the UN Group of Governmental Experts (GGE) on Developments in the Field of Information and Telecommunications in the Context of International Security used language on confidence-building measures from Cold War agreements—and still offers lessons. First, opponents must want to negotiate. They are more likely to do so if they perceive serious, even existential, risk. Cyber actions do not create that kind of risk. No one has died from a cyberattack, and economic losses are easily absorbed. Hostile cyber actions, particularly espionage, produce a steady erosion of security, but this has not reached the point where it is unacceptable. There is apparently no desire for serious negotiation (i.e., negotiations leading to concessions by those who possess advanced cyber capabilities).
No comments:
Post a Comment