Security experts said this week that they were cheered by calls from General Keith Alexander, head of the new U.S. Cyber Command, for global rules of engagement for cyber-war, and for increased engagement with nations that are major sources of cyber crime and espionage, including Russia and China.
Following through on these calls will be crucial to securing cyberspace, says Ronald Deibert, who directs the Citizen Lab Internet think-tank at the University of Toronto. “There is a major imperative for governments to negotiate the ‘rules of the road’ for engagement in this domain, or risk increasing chaos and mutual insecurity,” he says.
Alexander, director of the National Security Agency, was confirmed to his additional post on May 7. The command merges existing military cyber operations, and would defend against–and potentially launch–cyber attacks in times of war. “Their primary function is military, and he made it sound mainly defensive: it’s to give the combatant commanders an edge in cyberspace,” says James Lewis, a senior fellow at the Center for Strategic and International Studies (CSIS) who directs its technology and public policy program.
But the role will be more expansive than that, as Alexander made clear in his June 3 talk at CSIS, his first public appearance since his confirmation. The Cyber Command will also support military and counterterrorism missions, work with the Department of Homeland Security to help protect government and private networks and–if his speech was any indication–serve as a means to advance global cyber accords. (Highlights and a full transcript can be found here.)
Alexander called for global agreements to crack down on espionage such as the China-based attacks that hit Google earlier this year. “It’s going to take all take all of the countries together to fix that,” Alexander said, referring to the lack of incentives for nations and corporations to refrain from cyber espionage. “And when all countries can come up and agree: ‘This is going to be the way we’re going to operate and the way we’re going to defend and the way we’re going to do this,’ and we all agree to it, that will go a long way.”
He also suggested that the U.S. might follow up with Russia’s proposal for a cyber arms control treaty–an idea Russia advanced after declining to join a global cyber-crime accord sought by the United States and many European nations. “I do think that we have to establish the rules and I think what Russia’s put forward is, perhaps, the starting point for international debate–not at my level, but at levels above me.”
In 2007, when Estonia was hit by extensive cyber attacks directed largely from Russia, the Russian government blamed “patriotic Russians” and denied involvement. Lewis says that the U.S., if it were to join any such agreement, would want Russia and other countries to take responsibility for attacks launched from their soil. “If pirate ships were to set sail from Leningrad, we wouldn’t let them get away with that,” he said.