We've heard of the laws of war. But what about the laws of cyberwar?
Randall Dipert, a professor of philosophy at the University at Buffalo, first became interested in military ethics when he taught at West Point in the late 1990s. Soon, that interest led to a fascination with cyberwars -- and the rules, or lack thereof, governing them.
Dipert recently published a paper on the ethics of cyberwarfare. We spoke about his work last week.
What motivated you to study the ethics of cyberwarfare?
The cyberwarfare interest has a peculiar background. I had heard a couple of people -- active duty officers and Department of Defense civilians -- talk about what a serious problem the possibility of cyberwarfare was becoming. I thought they were alarmist. I set out to write a paper showing it wasn't a serious problem. I did a lot of research and came to the opposite conclusion.
You found that there really aren't rules governing cyberwarfare.
We have rules in international law and the United Nations charter and there are broad guidelines that most western nations follow about when you can start a war. However, cyberwarfare slips between the cracks. It doesn't usually directly entail the loss of life or even permanent destruction of physical facilities. There is some law that would cover it, but not much. What's worse is that no one had thought about what a wise national policy of cyberwarfare would be like. For instance, can you counterattack if a nation attacks you in a cyberwar? There's a legal and an ethical vacuum and a policy vacuum.
Where have cyberwars already played out?
It's pretty well documented that Russia launched cyberattacks on Estonia and Georgia. These were denial of service attacks on their banking infrastructure. They were attempts to disrupt the government or the economy, briefly. In 2003, the Bush administration contemplated launching a cyberattack on Iraq. It was rejected because they thought if it was a virus or a worm it could get out among civilian computers in Iraq or out in the world in general. Since then, it's become increasingly clear that China has a part of its military organized into battalions and regiments of hackers. Their job is cyberespionage or the creation of viruses and worms.
What should be done about this problem? Should nations try to develop rules for cyberwars?
I think gradually nations will evolve policies that are very restrictive. I don't think a treaty or even additions to the Geneva Conventions will do much good. Here's why: Anything meaningful would require some sort of verification that you're not preparing such arms. In the case of cyberarms, these are just guys at computers. There is no dangerous material to track. There is no special technology to track, like we do with nuclear chemical weapons. Those treaties work so well because it takes an elaborate infrastructure to create nuclear weapons. You can see that or even sniff it out. Whereas cyberweapons, it could be a very small laboratory in a basement somewhere and there would be no way to know it's there.
Will you continue this research?
I barely can keep up with it now. When I started, there wasn't much talk of it. Now there's a lot of material coming out almost daily. I am interested in the policy issues and following out this deterrence angle or some other strategy for minimizing the damage.
Do you have anything else to add?
It will be very expensive to keep up with all the sophisticated hacking. One problem with cyberwarfare is it puts the onus and the cost on the defender. They have to be really clever to overcome just random attacks on their software.
The possible invasions of privacy when you're defending against cyberattacks are actually very serious. The United States may have to muzzle or control some of our own hackers if they are attacking foreign nations and if those attacks could be confused with military attacks by the government. I don't know what that would entail. There is a precedent for going after individual citizens who are somehow interfering in international relations. That's a complicated issue.
Image: Randall Dipert
This post was originally published on Smartplanet.com