Do We Need A Treaty to Control the 'Arms Race' in Cyberspace?

Picture cyberspace, the global communication system on which the world depends on as a domain dominated by denial of service attacks, cyber espionage networks, and hackers with criminal intent.

Picture this space also as the place some of the richest and most developed countries are building warfare capabilities, not just to protect their own turf, but also to launch offensive attacks to destroy or incapacitate another country's or organization's IT infrastructure.

If this looks like a bad sci-fi story, it is already happening. A report called "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation," released two weeks back by the Washington DC-based U.S.-China Economic and Security Review Commission (USCC), highlighted a fact that has been known for years; that China is building muscles for heavy electronic warfare both during peacetime and periods of conflict.

Unlike other reports in the past, this report is notable for going a step farther to speculate that China is perhaps already using its maturing computer network exploitation capability against the U.S. government and the industry. Moreover it also highlighted the advances China has made in terms of its preparedness for cyber warfare.

But while this report attracted huge global attention for its insight into China's cyber warfare capabilities, hidden behind the 80 pages of information is perhaps a more startling message; that the cyberspace is in midst of an arms race and is getting rapidly degraded by weaponization and militarization.

China is not the only country aggressively building networked architecture capable of coordinating military operations across the electromagnetic spectrum. Many others - the U.S. and Canada in the Americas, to Britain, Germany, France and United Kingdom in Europe, as well as Japan, Iran and Australia in Asia - are developing the very same operational doctrine.

And all this is contributing to a dangerous climate - what amounts to a virtual arms race in cyberspace.

"Right now all concerns [about security] in cyberspace revolve around threats, deterrents and attacks. But one thing that is being missed and that people are not talking about is the overall issue of a 'cyber arms race'," says Ron Deibert, director of the Citizen Lab at the Munk Centre for International Studies, University of Toronto.

Earlier this year, Deibert and his team of researchers unearthed a sophisticated cyber espionage network, called GhostNet, that was launching cyber attacks against international government agencies and pro-Tibetan groups such as the office of the Dalai Lama, in Dharamsala, India.

Unlike the USCC though, the GhostNet report authors were careful not to link the attacks to the Chinese government. Just because the attacks originated from servers located in China did not necessarily mean or prove that the country's government was involved in those attacks, they said.

"While China is always at the center of all cyber warfare debates, the fact is that governments around the world are engaged in similar pursuits of developing and refining cyberwar capabilities," says Deibert.

Indeed, much like the nuclear arms race in the last few decades of the 20th century, the Internet era may well be heading toward an increasingly robust cyber arms race. Consider this: just a few months back, in June, President Obama's administration publicly acknowledged that as part of a comprehensive strategy for cyber security, the U.S. government had decided to develop operational capabilities to fight and win wars in cyberspace.

Shortly thereafter, the US Department of Defense even announced the creation of U. S. cyberspace command.

"What needs to be noted is that from developments like the Kylin operating system and the GhostNet which came from China, to US's NIPRNET, SIPRNET, and UK's proposed national security center, computer exploitation and control capabilities are being developed by everyone," says Iftach