According to an analysis by Helene Pleil in Euronews, especially in the midst of the war in Ukraine, which is increasingly taking place in cyberspace, the challenge for countries is to prevent malicious technological actions rather than the weapons being used.
According to Pleil, cyber security and cyber diplomacy have become essential.
Pleil said: “Historically, arms control has been vital in preventing military escalation. However, establishing workable and verifiable measures for cyber arms control is difficult due to the unique nature of cyberspace.”
“A fundamental challenge to establishing arms control in cyberspace is the lack of clear and uniform definitions of key terms. This is particularly important as the traditional definition of a weapon does not exactly match the characteristics of a cyber attack used as a ‘cyber weapon’,” Pleil said: “It is argued that the concept of a cyber weapon itself does not exist because a weapon requires some kind of kinetic, physical use. Cyber attacks exploit vulnerabilities in technology and can lead to physical problems in the real world, but does this mean that the trigger is a cyber ‘weapon’? This uncertainty makes it difficult to determine what would be controlled under a cyber weapons treaty.”
Pleil said it is extremely difficult to find appropriate verification mechanisms to establish arms control in cyberspace, noting that we cannot enumerate weapons or ban an entire category, as is the case with arms control treaties for traditional weapons.
So what can be done? He explains: “Political will is crucial in establishing arms control measures. States that recognise the strategic value of cyber tools by improving their capabilities in this area may be reluctant to comply with new treaties that limit their potential advantages. The current geopolitical climate further complicates efforts to achieve widespread consensus.
Looking at the literature and talking to experts, we see that traditional arms control measures cannot simply be applied to cyber weapons. Instead, the focus should be on prohibiting specific malicious acts. This approach allows for treaties that can adapt to technological developments and the dual-use nature of cyber tools.
Since 2015, international negotiations at the United Nations (UN) have led to the creation of 11 norms for responsible behaviour of states in cyberspace, which aim to limit states’ actions and define positive obligations.
Attribution, the process of (publicly) attributing cyber operations to specific actors based on evidence, is a crucial tool in this context. Attribution, once considered too complex, is now increasingly feasible and may provide a basis for sanctioning the use of cyber weapons rather than the weapons themselves.
This should therefore be taken as a starting point for finding creative alternatives and solutions to arms control in the traditional sense. The idea of an international mechanism or the institutionalisation of such processes is therefore of interest.
