Time to Limit the Cyber Arms Race

We are in the middle of the biggest arms race since the Cold War, one that could lead to cyberwar, which we discussed in a recent post. Massive amounts of money are globally put into building cybercapabilities for defense, offense, and intelligence. This development is part of a large on-going trajectory: the strategizing of cyberspace and its movement into the national security sphere. Curiously, it is not the amount of weapons that serves as the defining factor in the race. It is the skills that people have and the level of technology they are able to develop.

A cyberweapon needs to be up to date on the target system, capable of exploiting a vulnerability that the defenders are not aware of, and able to create the desired impact. This makes cyberweapons products that cannot be stockpiled and shelved for a long period or used when needed. They need to be constantly built, modified, and developed. Thus skill becomes the decisive factor in the cyber arms race. And currently it is a scarce commodity.


Buildup in cyberspace

Last week in Geneva we talked a great deal about the current cyber situation with a multinational audience. There was a clear conclusion: Everyone is looking for talented individuals to succeed in cyberspace.

Because it is the skill of the people, and not the amount of weapons or their lasting technological features, that make the difference in cyberspace, how does one prepare? First, money must flood into the research and development of cyberweapons. The effort put into R&D can produce the cutting edge that maximizes one’s security in cyberspace. Second, education systems must be restructured so that they provide everyone with basic cyberskills and promote the excellence of the most gifted and committed. University scholarships can help those with good IT skills to develop them further.

Third, recruitment needs to be successful. People are recruited from a global workforce, and states around the world compete for the limited amount of experts. In addition, the private sector draws from the very same pool. The number of people matters because there simply is so much to do: Cyberspace is huge and continuously grows. Fourth, contracts have to be appealing and worthwhile for both employees and partners. People are motivated by factors ranging from freedom of action to interesting tasks and from difficult problems to solve to high salaries. In the cyber arms race patriotism plays a role, too. National cybersecurity can be maintained only in cooperation with the private sector. There’s a need for mutual respect and open communication channels.


Restraining the cyber arms race

At the end of March, US Secretary of Defense Chuck Hagel announced that the Pentagon is revamping its cyberforce. CYCOM will grow into a unit of 6,000 employees by 2016, which under the current conditions is a tall order. A few days later, FBI Supervisory Special Agent Charles Gilgen said his agency’s cyberdivision plans to hire 1,000 agents and 1,000 analysts in the coming year. And it is not just the United States that plans to boost its cybercapabilities.

The logic driving any arms race is the fear that others will get there first (even if there is no clear idea of what “there” may entail) and with enhanced capabilities. Losing the cyber arms race would increase the threats we face—because we already recognize the high level of vulnerability. This destabilizing logic has increased calls for arms restrictions and disarmament in cyberspace.

Restraining the on-going arms race through negotiating restrictions on quantities of cyberweapons is hardly sensible because we’re not stockpiling bombs. A more likely development would be a treaty limiting the capabilities that can cause certain kinds of effects. This could begin with bilateral negotiations and practical cooperation between the strongest actors—and to spill-over. Restraining skill, again, would mean limitations to such basic rights as freedom of movement and right to education or human curiosity. What is currently missing is the political will to even address the question of cyber arms limitations. Yet in the long run negotiating some kinds of rules of the game is both advisable and desirable.

The post Time to Limit the Cyber Arms Race appeared first on McAfee.