We’re in the early years of a cyberwar arms race. It’s expensive, it’s destabilizing, and it threatens the very fabric of the Internet we use every day. Cyberwar treaties, as imperfect as they might be, are the only way to contain the threat.
If you read the press and listen to government leaders, we’re already in the middle of a cyberwar. By any normal definition of the word “war,” this is ridiculous. But the definition of cyberwar has been expanded to include government-sponsored espionage, potential terrorist attacks in cyberspace, large-scale criminal fraud, and even hacker kids attacking government networks and critical infrastructure. This definition is being pushed both by the military and by government contractors, who are gaining power and making money on cyberwar fear.
The danger is that military problems beg for military solutions. We’re starting to see a power grab in cyberspace by the world’s militaries: large-scale monitoring of networks, military control of Internet standards, even military takeover of cyberspace. Last year’s debate over an “Internet kill switch” is an example of this; it’s the sort of measure that might be deployed in wartime but makes no sense in peacetime. At the same time, countries are engaging in offensive actions in cyberspace, with tools like Stuxnet and Flame.