Pressure continues to mount on the Obama administration to pursue clear global rules for cyberspace.
Members of the House Intelligence Committee’s NSA and Cybersecurity Subcommittee wrote to Secretary of State John Kerry and National Security Adviser Susan Rice asking them to “create a binding set of international rules” for cyber conduct.
Reps. Lynn Westmoreland (R-Ga.) and Jim Himes (D-Ct.), the committee’s chairman and ranking member, respectively, sent the letter to the administration. Three other Democratic members of the committee also signed it.
“An international cyber agreement won’t stop all cyberwarfare and bad behavior, and it won’t be easy, especially with non-state actors able to acquire and use offensive cyber tools,” the lawmakers wrote. “It is in the best interest of all nations, however, to establish comprehensive, official norms for cyberspace.”
International law has always challenged policymakers, but unique challenges in cyberspace—such as the difficulty of attributing digital attacks—have stymied cyberlaw experts and diplomats alike in the years since the issue began to gain prominence.
“It is in the best interest of all nations … to establish comprehensive, official norms for cyberspace.”
The United Nations convened a Group of Governmental Experts, which in 2013 agreed that international law applied to cyberspace—a seemingly obvious but nonetheless vital premise. But the international community has not progressed much further than that, despite regional agreements on cybercrime and bilateral accords like the new U.S.–China partnership announced in September.
The political composition of the letter to Kerry and Rice is deeply significant. Only one Republican—Westmoreland, the subcommittee chairman—signed it. Republicans, who have staked out more hawkish positions on cyberspace and other foreign-policy issues, overwhelmingly prefer leaving questions of cyber conduct up to individual states. Democrats, in keeping with their internationalist streak, have sought greater cooperation and better-defined limits on what nations can do.
In the global struggle to avert cyberwar, experts believe that a cyber equivalent of the Geneva Convention—something the lawmakers suggested in their letter—is next to impossible. The international landscape is far too fractious, on specific cybersecurity priorities and in general, to facilitate a cyber treaty.
Michael Schmitt, a leading cyberlaw expert, told the Daily Dot in August that states pushing comprehensive treaties were being disingenuous. “I believe that the push for this is primarily a political push by states that are unlikely to adhere to those treaties religiously anyway,” said Schmitt, who is leading the creation of a major cyberlaw document called the Tallinn Manual.
It is a measure of how tentatively nations have approached cyberlaw that the Tallinn Manual, a nonbinding legal treatise, represents the most detailed consideration of the subject to date. Most nations with significant cyber capabilities are still establishing domestic rules for their use, and none of them have urged the U.N. to consider international limitations.
The United States, as the world’s most powerful cyber actor, has been particularly reticent to suggest that cyberattacks violate international law, even when it is the target of such attacks. Nevertheless, Westmoreland and Himes pressed the administration to lead the world in drafting “a binding set of international rules for cyberwarfare.”
“As we stand now, neither the U.S. nor the global community has clear guidance on how we should differentiate between these various threat levels and how we should appropriately and legally defend ourselves,” Himes said in a statement. “It’s time to create a binding set of international rules to provide that guidance.”
Illustration by Max Fleishman