This post resurrects a concept I initially proposed almost
three years ago, the idea of borrowing from military/diplomatic history to address current
and future cyber/diplomatic challenges, a concept that has seemingly become more mainstream over the last couple of years.
In March of 2012, I blogged about the potential model of the arms
control treaties that emerged in and around and after the age of Mutually Assured Destruction (link). This time around, I’m going yet further back
in time, but to reinforce the same idea.
At the turn of the century, 117 years ago, the world’s great
powers gathered in The Hague in 1898 to discuss what would be the first true multilateral
treaty focused on the conduct of warfare, the laws of war, methods of
arbitration, and, interestingly, for the purposes of this post, arms control.
There were any number of reasons for the Conference,
depending on your historian of choice, ranging from commercial and political fears
that a Golden Age might fall to war, to a growing global pacifist movement, to
Czar Nicholas II’s concern that Russia had fallen so far behind militarily that only an arms accord might freeze the gap (Nicholas convened the conference).
Whatever the case, there were not-insignificant numbers of
people of influence within the major nation States that responded to the Czar’s
call to assemble that were genuinely worried about the pace of
development of military technology.
Indeed, from Napoleon’s war at the turn of the previous
century, through the mid-century Crimean and American Civil Wars; from Britain’s
colonial conflicts in Africa, to the Franco-Prussian and Spanish-American wars late
in the century, it was becoming exceedingly obvious that war was becoming
increasingly hellish (although few imagined the technology and mass-army
inspired horror and devastation that World War I would bring a mere decade-and-a-half
later).
A number of Conventions were agreed when The Hague
Conference closed in 1899, ranging from arrangements related to dispute settlement
and arbitration, the treatment of prisoners of war, a ban on bombardment of undefended
towns, the protection of hospital ships, etc.
More intriguing, perhaps, were the conventions focused on arms control,
which were as much about “behavior” as anything else, in terms of managing prospective
technological threats.
To wit, the “Declaration concerning the Prohibition of
the Discharge of Projectiles and Explosives from Balloons or by Other New
Analogous Methods,” which provided, for a period of five years, in any war
between signatory powers, no projectiles or explosives would be launched from
balloons, "or by other new methods of a similar nature."
And then there was the “Declaration concerning the
Prohibition of the Use of Projectiles with the Sole Object to Spread
Asphyxiating Poisonous Gases,” which provided that in any war between
signatory powers, the parties would abstain from using projectiles "the
sole object of which is the diffusion of asphyxiating or deleterious
gases."
As a final example, there was the “Declaration concerning
the Prohibition of the Use of Bullets which can Easily Expand or Change their
Form inside the Human Body such as Bullets with a Hard Covering which does not
Completely Cover the Core, or containing Indentations,” which called for
signatories not to use such munitions.
As a historical note,
only the U.S. (joined by the UK in terms of the “bombs from balloons”
prohibition) failed to ratify these Conventions – but that is not the point of
this post).
From our current vantage point and era of inconceivably rapid
technological development, it is perhaps naïve, even quaint, to imagine such
Conventions, which in effect were intended to somehow “govern” progress. (In fairness, any modern day perception of
naïveté is arguably unfair, given that the Conference attendees were dealing
with advanced warfare that was in some cases prospective and unproven, yet all
the more fearsome in its strangeness).
Notwithstanding the fact that the second Hague Conference in
1907 was an abysmal failure, and the yet-more-painful fact that some of the 1899
Conventions were tossed aside once WW1 kicked off, the Hague Conference(s) and
Conventions and their impetus present an interesting analogy for the not-so-dissimilar
situation we face in today’s world when it comes to the militarization of cyberspace.
Without a doubt, today’s powers that be have a pretty solid
understanding of the havoc they can (and do) wreak in the realm of cyber, from
espionage (pick your favorite Snowden Revelation or Mandiant Report) to disruption
(ala Stuxnet). At the same time, there is
growing angst about the über-threat of some sort of “cyber-Pearl Harbor” or “cyber-911”
or “cyber-[insert alternative
bogeymonster here].”
These are very real concerns about very not-yet-fully-real cyber
threats, like enemies shutting down electricity grids, crashing stock markets, crippling
critical infrastructure, etc. Indeed, these
are modern-day concerns quite akin to the late 19th century worries
about bombs dropped from balloons, or projectiles designed to deliver poison
gas, or dum dum bullets in the battlefield (all of which came to pass).
Czar Nicholas’s initiative failed. But the model is not a bad one, in terms of managing
tensions. The cyber-stage is only
getting more crowded, by State and non-State players alike. To the extent that some of the tension can be
defused through multilateral agreement between States, why not go there, and in
an accelerated fashion as opposed to what seems a pattern of politically-gamed
fits and starts.
If governments can take cyber-Armageddon off the table, then
industry can more effectively (hopefully with less nonsensical political
interference in what should be – largely - a technical and commercial process) work
towards the more pedestrian restoration of trust and confidence in the networks
that power our digital lives, and in the integrity of the data that flows through
them.
If this is cyber-1899, or anything like it, then let’s get
it right this time.
Let’s work to
ratchet down the tension and set the right rules and limits so that if or when
some latter day Gavrilo Princip hacks the National Bank of Austria we don’t
find ourselves sucked into a global cyber-maelstrom from which we cannot
extricate ourselves, a frightening blend of digital and physical devastation
unlike anything the world has heretofore witnessed.
No comments:
Post a Comment