Cyberwar Doesn’t Have a Code of Conduct

Hacker Security Binary Hack Internet

(Image: Max Pixel)

The political theorist Thomas Hobbes warned in the 17th century that without the modern state and its sovereign control of territory, humanity would slip back into a state of nature in which violence was uncontrolled and ever-present. “A war of all against all” would break out, he wrote, in which neighbor would turn against neighbor. States would continue to fight one another, but a measure of stability would reign at the level of society.

Today, without any international authority to regulate cyberspace, a war of all against all has indeed broken out. Each day there are new headlines about a hacking scandal, a cyberattack against a bank or government institution, or even more serious offensive actions.

The United States pioneered this kind of warfare when, during the administration of George W. Bush, it inserted malware into the Iranian nuclear complex that destroyed centrifuges and set back the program. More recently, the United States was on the receiving end of cyberwarfare when hackers, probably at the behest of the Russian government, stole material from the Democratic Party, arranged for its release prior to the 2016 presidential elections, and influenced the outcome in favor of Donald Trump.

The latest revelations of cyberware, however, involve North Korea. The New York Times published an article on March 4 claiming that at least some of the many mishaps and failures associated with North Korea’s missile program were the result of a secret U.S. program to thwart launches through electronic means.

This was not, in fact, the first admission that the United States had targeted North Korea through cyberspace. In late 2014, North Korea stood accused of hacking into Sony Pictures to discredit the film company around the time of its release of The Interview, which mocked Kim Jong Un. At the same time, however, came the revelation that the United States had been hacking into North Korea as early as 2010 and had installed malware that enabled tracking of some of North Korea’s activities.

As I wrote at the time, “The Sony hack has been held up as an example of North Korea’s specialty: asymmetrical warfare. It usually relies on the weapons of the weak against strong adversaries like the United States. But there was a dangerous symmetry lurking in the cyberworld all along. Spyware, it seems, is everywhere.”

The latest information about U.S. attempts to disrupt North Korea’s nuclear program carries with it several very important implications.

First, the Obama administration launched the initiative because it recognized that traditional missile defense was ineffectual. “Flight tests of interceptors based in Alaska and California had an overall failure rate of 56 percent, under near-perfect conditions,” The New York Times noted. “Privately, many experts warned the system would fare worse in real combat.”

Second, the cyberwarfare against North Korea has also basically failed. Despite numerous failed tests, Pyongyang managed to put together a series of successful launches over the last year, including three medium-range rockets.

Third, cyberspace has become an increasingly dangerous place. Countries have developed the capacity not only to disrupt military operations but also to sabotage civilian infrastructure and paralyze an economy, as South Korea discovered in 2013 when an attack brought down several banks and broadcasters. This kind of warfare doesn’t have any international rules of engagement, like the Geneva Conventions or what the United Nations has developed over the years.

Although Trump as candidate promised a new policy toward North Korea, his administration has so far responded to North Korea’s nuclear program with more of the same. It has said that all options are on the table. It is moving forward with deployment of the THAAD missile defense system in South Korea. It has sent reassurances of support to Tokyo and Seoul. It is considering more sanctions and as well as placing North Korea back on the list of state sponsors of terrorism. It is waiting for China to do something.

What Trump hasn’t done, however, is learn any lessons from the previous administration’s cyberwarfare experiment. Missile defense doesn’t work. The insertion of malware is only a temporary fix. The Obama administration at least showed that it could learn from its own failures by translating these lessons into a nuclear deal with Iran that has actually dealt with a potential proliferation threat through international cooperation.

It’s time for the United States to apply the same lessons to North Korea. Negotiations and verifiable agreements are far more effective than threats and efforts at disruption.

And before cyberattacks truly spill out of control and the international community descends into a war of all against all, Washington should sit down with other countries to hammer out some rules of conduct. Otherwise, North Korea’s nuclear program will be the least of our problems.

John Feffer directs Foreign Policy in Focus at the Institute for Policy Studies.