Are Cyber Arms Control Agreements Imminent or Impossible?


Broad cyber agreements are both notoriously thorny and highly necessary in some areas.

The U.S., Russia and China share a strategic interest in reaching an agreement that prohibits digital meddling with each other’s nuclear stockpiles and command and control systems, according to an op-ed published Monday by a scholar at the New America think tank.

Negotiations between the three powers could focus initially on agreeing not to digitally disable each other’s nuclear systems, the author Scott Malcomson wrote in the Washington Post.

That would help ensure current nuclear stalemates remain in place, Malcolmson wrote. If nations truly trust each other, it might also save them the cost of extensively modernizing nuclear defenses, he wrote.

Eventually, the three nations might even share threat intelligence about efforts by other nations and non-state actors to steal or disable nuclear technology, the op-ed states.

Malcolmson’s argument echoes a 2014 proposal from the Center for a New American Security’s Richard Danzig.

That plan argued the U.S., China and Russia should make firm commitments not to attack each other’s nuclear command and control systems as the most important component of a broader discussion discouraging the nations from attacking other industries that are vital to national security or stability.

Danzig’s chief concern was that the U.S.-Russia nuclear stalemate, known as “mutually assured destruction,” which has existed since the height of the Cold War, might be degraded by cyber meddling.

If one nation believed—because it had digitally disabled its opponents’ nuclear infrastructure—that it could obliterate its opponent’s defenses without risking its own destruction, that could unfreeze the adversaries’ frozen nuclear standoff, he wrote, suddenly making the world a far more dangerous place.  

Cyber scholar Tim Maurer and two co-authors made a similar argument last year, urging nations to work toward a behavioral norm against manipulating global financial data.

The consequences of people and companies distrusting the global financial system are simply too dire for nations to risk, wrote Maurer, who co-directs a cyber policy initiative at the Carnegie Endowment for International Peace.

Nations have reached various cyber agreements, including the Budapest Convention, which standardizes some national approaches to cybercrime and information sharing, and an agreement between G-20 nations that prohibits nation-backed hacking for economic gain.

In general, though, top cyber diplomats have focused more on developing norms of behavior in cyberspace rather than formal treaties.

Cyber arms control agreements are notoriously thorny, Malcolmson notes, citing another recent blog post published by the Council on Foreign Relations and written by cyber researchers at the Army Cyber Institute at West Point.

To begin with, attribution is much trickier in cyberspace than in the physical world, the West Point authors note, so it’s more difficult to determine if one party to an agreement is cheating.

Cyber technology also develops and changes far more quickly than nuclear or conventional warfare technology. Finally, the critical components of cyber warfare are the skills, knowledge and ingenuity of hackers and coders, which are much tougher to regulate than the uranium and plutonium that are required for nuclear weapons, the authors note.