Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

  • Nicholas Little
  • Business Impact

    We need a cyber arms control treaty to keep hospitals and power grids safe from hackers

    A fresh diplomatic push could help put vital public services off limits to nation-state cyberattacks.

    At the United Nations General Assembly meeting in New York last week, there was plenty of discussion of nuclear arms control. But there wasn’t enough talk of another kind of worrying threat: cyber weapons.

    In 2013 a group of government experts at the UN decided that international law applied to cyberspace, too, and in 2015 the same group agreed to several voluntary norms to govern states’ behavior online in peacetime. These included stipulations that countries shouldn’t target each other’s critical infrastructure, and that they should be held responsible for any cyberattacks originating from their territory.

    The UN initiative, however, hasn’t carried much weight. Revelations of Russian hacking of US power companies and the US electoral system, as well as Chinese efforts aimed at stealing intellectual property, are just some of the signs these norms haven’t had the desired effect.

    Concerted action

    Now the US and some other countries, like the UK, are preparing a more aggressive response to digital provocations.

    The US recently unveiled a new national cyber strategy that makes it easier for its military to conduct offensive operations without lengthy approval processes, and the UK is planning to set up a 2,000-person team of tech experts to boost its ability to launch cyberattacks.

    The new US strategy also envisages an international “cyber deterrence initiative” under which America and like-minded countries will coordinate their responses to particularly malicious cyberattacks. Those responses can range from economic sanctions to retaliation in cyberspace.

    Supporters of this approach think it’s more likely to bring recalcitrant countries to the negotiating table. “When there’s a shared sense of vulnerability, that’s what drives arms control,” says James Lewis of the Center for Strategic and International Studies, a think tank.

    But there’s also a risk it could trigger an escalation of cyber hostilities, at least in the short term. And that could lead to more aggressive attacks on key public services like electrical grids. So it’s essential that the US and other countries push harder than ever now for an international cyber arms control deal that reduces the risk of conflict.

    Digital diplomacy

    Brad Smith, Microsoft’s president and chief legal officer, has been lobbying for a “Digital Geneva Convention.” This would bring together tech companies and governments to create a wide-ranging deal that protects civilians using the internet in peacetime in the same way that successive Geneva Conventions have protected civilians during wars.

    Smith’s advocacy has already helped create a coalition of like-minded tech companies that have pledged to do what they can to protect their customers from cyberattacks by criminals and nation-states. Microsoft has also just launched a new PR campaign to get people to urge political leaders to do more to secure cyberspace.

    Still, getting a broad agreement on cyber norms will be a massive challenge. In the short term, it makes sense to aim for a relatively narrow formal deal that gets countries to recommit to stop targeting vital public services.

    Attacks on things like power plants, hospitals, and transport systems could have devastating consequences, including loss of human life, and the dangers are growing as more devices are being hooked up to the internet (see “For safety’s sake, we must slow innovation in internet-connected things”).

    Striking even a narrow diplomatic agreement will not be easy. And there will also be challenges with enforcing it, because attackers often try to cover their tracks. Nevertheless, the stakes are so frighteningly high that the effort is worth making.

    At a recent press briefing on the US’s new cyber strategy, Jason Healey, a cybersecurity expert, warned of the dangers if a cyber firefight does engulf key infrastructure. “We are all standing knee deep in tinder,” he said, “and soaked in gasoline.”  

    The AI revolution is here. Will you lead or follow?
    Join us at EmTech Digital 2019.

    Register now
    More from Business Impact

    How technology advances are changing the economy and providing new opportunities in many industries.

    Want more award-winning journalism? Subscribe and become an Insider.
    • Insider Plus {! insider.prices.plus !}* Best Value

      {! insider.display.menuOptionsLabel !}

      Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

      See details+

      Print + Digital Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

      Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

      10% Discount to MIT Technology Review events and MIT Press

      Ad-free website experience

    • Insider Basic {! insider.prices.basic !}*

      {! insider.display.menuOptionsLabel !}

      Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      Print Magazine (6 bi-monthly issues)

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

    • Insider Online Only {! insider.prices.online !}*

      {! insider.display.menuOptionsLabel !}

      Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

      See details+

      Unlimited online access including all articles, multimedia, and more

      The Download newsletter with top tech stories delivered daily to your inbox

    /3
    You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.