Former U.S. Defense Chief: Time for Quiet Diplomacy on Cyberattacks

As accusations of hacking take an increasingly prominent role in Sino-U.S. relations, former U.S. Defense Secretary William Cohen argues that a quieter approach will yield better results than “megaphone diplomacy”. From Bob Davis at China Real Time Report:

While the publicity given to China’s alleged hacking of U.S. companies has put the spotlight on the issue, Mr. Cohen said in an interview, it’s now time for private negotiations between the U.S. and China. “If you continue to simply shout in public, we’re likely to get a negative reaction” from Beijing, he said

At issue, he added, is drafting “rules of the road and rules of engagement” concerning cyber activity, particularly what “threshold” of cyber activity should prompt a home government to crack down on perpetrators. “What level of activity can be tolerated by any country?” Mr. Cohen asked.

[…] The former defense secretary, who now runs a consulting firm [with some dealings in China], said multilateral negotiations on cybersecurity could play a role, but could take years to yield results. The U.S. needs to figure out before then “how to take measures to suppress activity that threatens our industry and critical infrastructure,” he said.

“My hope,” he added, “is that we can undertake this process in a fashion that prevents megaphone diplomacy from taking root and the adverse consequences that can flow from it.”

Such consequences might ultimately include self-fulfilling prophecies of cyberconflict. From Kim Zetter at Wired:

Referring to [the] announcement by the U.S. director of national intelligence that cyberattacks were the biggest threat the nation faced, Martin Libicki, senior management scientist at the RAND Corporation, told the House Homeland Security Committee that making strong statements about cyberattacks “tends to compel the United States to respond vigorously should any such cyberattack occur, or even merely when the possible precursors to a potential cyberattack have been identified. Having created a demand among the public to do something, the government is then committed to doing something even when doing little or nothing is called for.”

Put in perspective, cyber attacks might disrupt life, but they cannot be used to occupy another nation’s capital or force regime change. No one has yet died from a cyberattack either, he noted. Therefore, a cyberattack in and of itself, “does not demand an immediate response to safeguard national security,” Libicki said during a hearing on cyberthreats against critical infrastructure from China, Russia and Iran.

[…] “[W]e are right to be worried about a ’9/11 in cyberspace,’ but we also ought to worry about what a ’9/12 in cyberspace’ would look like,” he said.

Security guru Bruce Schneier has also struck a note of caution about the tone of rhetoric on cybersecurity:

Our nationalist worries have recently been fueled by a media frenzy surrounding attacks from China. These attacks aren’t new-cyber-security experts have been writing about them for at least a decade, and the popular media reported about similar attacks in 2009 and again in 2010-and the current allegations aren’t even very different than what came before. This isn’t to say that the Chinese attacks aren’t serious. The country’s espionage campaign is sophisticated, and ongoing. And because they’re in the news, people are understandably worried about them.

[…] Unfortunately, both the reality and the rhetoric play right into the hands of the military and corporate interests that are behind the cyberwar arms race in the first place. There is an enormous amount of power at stake here: not only power within governments and militaries, but power and profit amongst the corporations that supply the tools and infrastructure for cyber-attack and cyber-defense. The more we believe we are “at war” and believe the jingoistic rhetoric, the more willing we are to give up our privacy, freedoms, and control over how the Internet is run.

Nationalism is rife on the Internet, and it’s getting worse. We need to damp down the rhetoric and-more importantly-stop believing the propaganda from those who profit from this Internet nationalism. Those who are beating the drums of cyberwar don’t have the best interests of society, or the Internet, at heart.