BLOG@CACM
Computing Profession

Toward Oversight, and More Debate, of Cyber Weaponry

Posted
John Arquilla.

Last week, the House Armed Services Committee introduced a bipartisan bill (H.R. 2807) to improve oversight of American cyber operations conducted "outside of war zones" and ensure that new digital weapons are compatible with international legal norms. However it may be reshaped by the legislative process, and whatever its ultimate fate, this bill provides a positive affirmation that policies and strategies that may lead to or initiate acts of cyberwar should be subject to scrutiny—and, as appropriate, Congressional approval. 

It is particularly timely that a call for such oversight has been made, given the pace of advances in cyber weaponry, and the mounting evidence of a wide range of types of cyber attack—from Stuxnet's "cybotage" to the infrastructure attack on Ukraine's Ivano-Frankivsk region, and on to sophisticated, cyber-enabled acts of political warfare against the United States, France, and a number of other democratic countries. For Americans, Congress's assertion of its right to oversee cyber operations—and possibly to prevent or curtail them—is an important step that hearkens to the constitutional basis of the legislative branch's authority in war-related matters.

Just as important, H.R. 2807's call to see that cyber weapons are developed with international legal norms in mind may find wide support globally.  Indeed, to the extent to which behavior-based cyber arms control agreements are possible—that is, agreements not to develop and use particularly malicious tools for aggressive purposes—there may be wide support across many nations. Criminal and terrorist networks are not likely to follow cyber "rules of the road," but there is still room for nation-states to reach agreement, like the accord that Barack Obama and Xi Jinping reached at their 2015 summit about refraining from cyber attacks on critical infrastructures. 

Reps. Mac Thornberry (R-TX) and Adam Smith (D-WA) are perhaps the two members of the American government who are best qualified to lead this call to improve cyber oversight and strengthen international norms.  Both have been deeply involved for the past two decades in sustained efforts to parse the strategic implications of the Information Age. In light of my own slight acquaintance with each of them, on this and other issues, I can affirm that neither is driven by any sort of notion of partisan political gain.  They, and so many of their other colleagues on the HASC, are simply interested in making good policy. H.R. 2807 is just one example, an important one at that, of their high sense of purpose. 

The bill doesn't achieve everything, with its limitations about operating only outside of "war zones" and exclusion for "covert action"—two extremely important issue areas that cry out for an informed public international discourse. It is troubling that so much secrecy surrounds the whole cyberwar-related arena. To be sure, cyber weapons development calls for the very highest levels of classification to be in place and sustained over time, but that still leaves plenty of room for discussion and debate about the proper and most effective uses of such capabilities. Yet, there is a striking silence on all too many of these cyber issues.

How different this is from the atomic era when, from the very start at the Alamogordo test site, the Manhattan Project's leading scientists and intellectuals questioned and debated the propriety of the new weapons of mass destruction. It was a discourse that soon spread to other scientists and scholars around the world, to the then-nascent United Nations, and even to mass public. Big questions about whether nuclear wars could ever be won were debated, alongside ideas about deterrence, arms control, even abolition of atomic weapons.  

Today, when it comes to these emerging cyber weapons of "mass disruption," the discourse is much slighter and far more secretive, largely confined to military and intelligence officials, select technologists, and some members of government. The broader public discourse is but a pale shadow compared to the vibrancy of the public nuclear debate of decades past. This is true at the international level, where far too little discussion takes place, perhaps out of countries' fears of letting slip some cyber secret that causes a loss of advantage. Still, the loss that comes from a lack of public engagement in a cyberwar debate is far greater. 

So to Reps. Thornberry and Smith, and their like-minded colleagues, I offer my sincerest thanks for their having put forward H.R. 2807.  It is an important sign of intent to engage in serious governance as we make our way forward into an era in which there will be, to paraprhase the Gospel of Matthew, "cyberwars and rumors of cyberwars." 

Whatever the fate of this bill, let us all encourage and participate in a more open discourse on cyberwar. Shining a light on nuclear war helped illuminate the paths to arms reductions and nonproliferation treaties. The same sort of light should shine on cyberwar.    

John Arquilla is professor and chair of defense analysis at the U.S. Naval Postgraduate School.  The views expressed are his alone.

Join the Discussion (0)

Become a Member or Sign In to Post a Comment

The Latest from CACM

Shape the Future of Computing

ACM encourages its members to take a direct hand in shaping the future of the association. There are more ways than ever to get involved.

Get Involved

Communications of the ACM (CACM) is now a fully Open Access publication.

By opening CACM to the world, we hope to increase engagement among the broader computer science community and encourage non-members to discover the rich resources ACM has to offer.

Learn More