States responsible for international hacking operations should heed lessons from the Cold War to strike deals with their rivals to limit the most devastating effects of offensive cyber operations, experts said on Wednesday.
The failure of some states to acknowledge their cyber espionage operations is “unacceptable” and risks rapid escalation in attacks and reprisals as countries rapidly expand their cyber warfare capabilities, Australia’s ambassador for cyber affairs Tobias Feakin said.
Countries needed a new set of informal rules to prevent deaths on a huge scale in a new technological arms race with cyber attacks capable of crippling nuclear facilities, hospitals and power networks from the desks of overseas armchair cyber warriors.
In a meeting with his Russian counterpart earlier this month, US President Joe Biden raised the prospect of a cybersecurity agreement with 16 key sectors off-limits to attack to “bring some order” to the lawless environment.
The attempt to strike a deal has echoes in informal agreements struck between the two countries when they recognised the deadly consequences of their nuclear arms race.
They installed a secure communications hotline in 1963 to prevent accidental war after the world went to the brink over the Cuban Missile Crisis. The doctrine of mutually assured destruction held back leaders from pressing the launch button because of deadly reprisals.
China, Russia and Iran have all been accused by the US of widespread hacking to target opponents, spread misinformation and steal state and industrial secrets.
Cyber attacks have targeted the Ukrainian power grid, a Saudi petrochemical plant and researchers developing vaccines for Covid-19.
“Frankly, it’s unacceptable that certain states who quite obviously have an offensive capability refuse to accept that and have a sensible conversation in the room about what that looks like,” Mr Feakin told an online event hosted by the Royal United Services Institute, a London-based think tank.
“I try not to draw too many comparisons to the Cold War but you saw it done around nuclear doctrine and how that settled down certain situations in understanding just enough about each other so that you knew where the lines were drawn and could create some stability.”
He said that the Australian government had put significant sums of money and efforts into diplomatic initiatives that that would allow countries to speak through trusted proxies rather than with rival governments.
Will Middleton, the cyber director at the UK’s Foreign Office, told the event that Britain’s own ‘strike-back’ measures would be outlined in a review that will be published later this year.
The government promised in 2016 that it would launch retaliatory action against state-backed hackers at the launch of an expanded $1.9 billion five-year cybersecurity strategy.
“We intend to be harder edged in our response, we will expand our tools to deter, disrupt, detect and counter those who attack us,” said Mr Middleton.
He said major cyber attacks during warfare currently remained the preserve of a few advanced states and actors.
“But we absolutely recognise the risk of proliferation,” he said. “It is coming, which is why we need to get ahead of the game.”