NEEDED: AN INTERNATIONAL CYBER TREATY

By Joseph R DeTrani

January 18, 2015

On August 1, 2013 I was invited to give the keynote address at the annual Def Con hacking conference in Las Vegas, Nevada. What I presented 17 months ago, which wasn’t received too warmly, is relevant today, given the latest cyber hacking attack on Sony Pictures and the numerous previous attacks on JP Morgan Chase, Target, Home Depot and other civilian and government entities.

The reality is that in cyberspace there are many actors, from thrill-seeking teenagers to criminal gangs to more than one hundred nation states that have military and intelligence cyber warfare

units. The internet has over two billion users, traveling across a network owned by an array of businesses, with over 5,000 internet service providers that carry data around the world.

Thus cyberspace is a man-made domain of technological commerce and communications, with no operative international protocols and enforcement procedures to ensure that the internet is used for peaceful purposes and not for criminal, terrorist or warfare purposes.

The following is a condensed version of my August 1, 2013 presentation to the Def Con hacking conference, arguing for an international dialogue to establish a cyber treaty:

Cyber is a major national security threat, growing in scope, with direct impact to the economic, domestic and defense interests of the nation. From hacktivists with a politically or socially-motivated agenda, to criminals, to state and non-state actors who view cyber intrusions and attacks as means of economic advancement through theft of intellectual property, or espionage, or – in the most extreme case – as a potential weapon of mass destruction (WMD), the cyber domain now shares some of the same issues I have addressed in my years of working WMD issues.

There are no international organizations with the stature and effectiveness of the Non Proliferation Treaty (NPT) and the International Atomic Energy Agency (IAEA) to oversee cyber security issues. A few United Nations organizations, and some regional and national forums, have discussed the future of internet governance, but there has been minimal progress. Indeed, the very definition of the cyber domain remains blurred – it is not confined to the borders of a country.

“International approaches to cyber security are critical, yet fraught with challenges of balancing free trade with a global regulatory framework and protection of intellectual property, promoting national security, including the security of critical infrastructure, and protecting privacy when national standards on this issue differ across the globe.

The U.S. Executive Order on Improving Critical Infrastructure Cyber security is explicit in stating that ‘the cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.’

The challenge for the international community and its respective governments, in addition to using cyber more effectively for peaceful socio-economic purposes, is to prevent hostile cyber attacks from stealing a country’s and company’s intellectual property and from attacking a country’s critical infrastructure, while also addressing the international challenge of agreement on policies that protect free trade and governance of the internet.

The cyber issue requires international cooperation and an international infrastructure that oversees and helps to manage and encourage the peaceful use of cyber, while addressing the criminal use of cyber and the need for a cyber treaty, similar to the banning of chemical and biological warfare agents in post World War 1, after we realized he terrible damage that it can cause.

And to the conference attendees, we look to you, the good hackers at Def Con, who understand the cyber domain and its beneficial and harmful impact, to organize and enlist good hackers to help combat the sinister state and non-state hackers who steal intellectual property, disrupt networks, and interfere with our banking institutions and our nation’s critical infrastructure. Using technology wisely has always been the measure of an enlightened society.

This exhortation to the hackers at the Def Con hackers conference 17 months ago is more urgent now than ever before. We are witnessing state and non-state actors steal our intellectual property, corrupt and destroy our computer networks and threaten our critical infrastructure.

Ultimately, an international cyber treaty, with clear rules of conduct and legal remedies when rules are broken, is necessary. The cyber hacking attack on Sony Pictures should be a wake up call to all nations that cyber crime and cyber terrorism have to be addressed now, before it’s too late.

Joseph R DeTrani is president of the Intelligence and National Security Alliance, a nonprofit professional organization. He was the Director of the Nonproliferation Center and before that, Special Envoy for Six Party Talks with North Korea. The views are his own and do not reflect the views of any government department or agency.