International Agreement for Control of Cyber Weapons

Microsoft’s Brad Smith Favors Cyber Arms Control

Steve Ranger on ZDNet reports on a recent presentation by Microsoft President Brad Smith. Like other tech-saavy observers, Smith worries about a Cyber Arms race that is out of control, and is in favor of doing something about it. See his blog post: “The Need for a Digital Geneva Convention“.



Cyber Defense Triad

In the deterrence theory of nuclear war, the “triad” is an essential concept. It refers to three different delivery platforms for thermonuclear weapons.

  1. Land Based –– Intercontinental Ballistic Missiles (ICBMs) are located in silos scattered around the United States, and perhaps in other places as well.
  2. Air Based –– Intercontinental Strategic Bombers such as the B-2 will fly to their targets and delivery the thermonuclear weapons.
  3. Sea Based –– Submarine Launched Ballistic Missiles (SLBMs) are launched from submarines, which are exceedingly impossible to detect.

In a typical scenario, the United States is attacked by incoming thermonuclear weapons. The land based missiles are destroyed. Many strategic bombers are caught on the ground and also destroyed.  Those bombers that are heading to their targets are shot out of the air.

Still, the SLBMs will be launched, and that force alone is enough to completely destroy the attacker, no matter how large they are.

As a result, any attacker is assured that if they attack, then they definitely will be destroyed also.  This is the basis for nuclear deterrence, and the basis for the world’s peace that we have enjoyed since the beginning of the nuclear age.

The Cyber Defense Triad

Since 9/11, the United States has made a very large investment in national security.  It has prepared not only for fighting terrorism overseas, but also for fighting it inside the United States.  This has resulted in a blurring of responsibilities between more than 3,984 federal, state and local organizations that are involved in anti-terrorist activities. Doing the math, that is more than 76 anti-terrorist organizations per state.

By taking out a small subset of these organizations, we can see the organizations involved with cyber security and cyber warfare. See Figure 1.


Figure 1 – The Cyber Defense Triad.

The two major government organizations responsible for cyber security are the Department of Defense, and the Department of Homeland Security. These organizations are supported by the intelligence establishment of the Office of the Director of National Intelligence, which sit on top of the eighteen (18) intelligence organizations operating in the United States.

One of the peculiar problems of cyber defense is the blurring of national borders. It is actually almost meaningless to think of a national border.  So in a sense, the dividing up of responsibilities between the Department of Defense and Homeland Security is archaic. You will notice that no such division exists in Russia.  (See previous post on Russian Cyber Defense Doctrine.)

But looking at this complex web of cyber defense capabilities, one wonders how well it will really work when under extreme pressure of a major cyber incident?

Cyber Deterrence Theory

It is an open question regarding whether or not the cyber capabilities that have been deployed by the United States are capable of cyber deterrence. Given the massive number of cyber attacks that have been reported, the answer is “no”.

Cyber Deterrence Theory needs more exploration. See future blog entries.


USA –– The World’s Cyber Superpower

A Cyber Superpower

The United States of America is the World’s cyber superpower.

History shows that the revolution in computing and information technology started not in the United States, but instead in England. But as the onslaught of the Second World War began to dim the starched and crusty sun of the British Empire, the world’s center of computing innovation shifted to the United States, and has never left. Today, the United States has emerged as the world’s cyber superpower. No other country comes close, in fact, the rest of the world added up together does not equal the cyberpower of the United States. Nevertheless, with cyber-greatness, comes cyber-vulnerability, and thus the United States faces many challenges going forward.

Technology Growth and Innovation

Birth of Computing. The foundations of computing were defined by Alan Mathison Turing (1912-1954), an English mathematician in his paper “On Computable Numbers, with an Application to the Entscheidungsproblem” delivered to the London Mathematical Society in 1936. After a long discussion, he writes “If this is so, we can construct a machine to write down the successive state formulae, and hence to compute the required number.” (Don’t try to read the paper unless you know a great deal of math.  A better explanation is found in Andrew Hodges book “Alan Turning: The Enigma“.)

Turing was recruited to work at Bletchley Park, the center of the UK’s codebreaking operation during the Second World War. The central challenge was learning how to break the enigma coding machine. Turing and his team built the world’s first electro-mechanical machine to break the code (bomba kryptologiczna [Polish]). Eventually the German Navy deployed an improved enigma machine with more coding rotors. This blunted the English effort.

Nevertheless, the United States Naval Computing Machine Laboratory at a secret location in Dayton, Ohio started work on a more advanced code-breaking machine using vacuum tubes. You can see a picture of the U.S. Navy Cryptanalytic Bombe at the National Security Agency’s (NSA) National Cryptologic Museum here. The Museum has a picture of coding rotors on its facebook page here. This project was located in “Building 26” on the campus of the National Cash Register Machine company. This is where the future founder of IBM worked.

Growth of Computing. The history of computing is long, but most of the book was written in the United States. In particular, the release of the IBM System 360 included the first operating system. Mainframe computers, minicomputers, personal computers, handheld computers, integrated circuits, and so on. Much of this evolution was powered by companies in Silicon Valley, but also around Route 128 in Boston. As a note, much work in development of supercomputers was funded by NSA, especially the work of Seymour Cray.

Telecommunications and Networking. Most of the world’s innovation in telecommunications and networking has occurred in the United States. There is no need here to retell the long history of developments: Telegraph, Telephone, Radio & Television, Satellite, Internet, Mobile Cellular Technology. (See Desmond Chong’s comments here.) The Internet now connects most citizens of the world. (See: Internet Society report here.) From 1992 to 2015, the number of websites grew from 10 to 863,105,652 and from 1993 the number of Internet Users grew from 108,935 to 3,185,996,155. (See Internet Live Stats.)

This growth of “cyberspace” in effect has created an entirely new virtual geography for conflict between nation states.

Control of Cyber Infrastructure. Apart from manufacturing much of the technology, US companies produce the software, cloud systems, other Internet based services, and social media systems that dominate the world. There is no European Google, for example. Companies such as Google, Facebook, Twitter, Microsoft, IBM, Apple and others dominate the world’s ICT landscape.

Emergency Response to Cyber Attacks

In the Post-9/11 world, the United States has built up and incredible infrastructure to defend against terrorism and respond to it promptly once it occurs.  These investments envision threats from weapons of mass destruction, lone wolf terrorist attacks, Electromagnetic Pulse (EMP), and cyber attacks. A few days after the September 11th attack, the US Congress handed over to the executive $40 billion dollars to “get started” on building these defensive systems. Then it wrote another check and another. The total amount invested is classified.

Investments were made in two direction; foreign intelligence, and emergency response in the homeland.  Although the development of foreign intelligence capabilities using cyber espionage is secret, revelations from illegal criminal leaks published by the traitor Edward Snowden and the brutal Wikileaks, plus high quality yet legal investigative reporting by authors such as Dana Priest and William M. Arkin (Top Secret America: The Rise of the New American Security State) suggest the incredible capabilities of the United States.

  • A large amount of all Internet traffic worldwide is intercepted, stored, and subjected to analysis by organizations such as the National Security Agency (NSA).
  • A large amount of telephony traffic is intercepted and stored, then used for analysis of a number of problems.
  • Breakthroughs in artificial intelligence and other innovations in software have greatly expanded the effectiveness of intelligence analysis (although there are constant complaints that much more information is being collected than can be analyzed).
  • In response to the threat of terrorism, the USA has greatly increased the integration of law enforcement and intelligence gathering and analysis by building fusion centers linking local and state resources (police; emergency response) into the Federal Government.
  • The U.S. Military has been tasked with responding to threats that occur within the United States (and this requires it to collect and analyze threat data originating from within the country).

To put it in simple terms, apart from its not inconsiderable activities overseas, the United States has trained its military to fight, defend infrastructure, and collect intelligence within the United States itself.

Result: There has been a blurring of lines of responsibility between local, state, and Federal efforts to fight a cyber war.

The result is a nation state with dominant cyberpower:

  1. Control over the bulk of cyber technology.
  2. Largest and most sophisticated intelligence collection and analysis systems.
  3. World wide response capabilities, both kinetic and cyber, both offensive and defensive.
  4. The largest penetration into cyber networks around the world.
  5. Highest level of integration between cyber intelligence and cyber response.

Since 9/11, the United States in the cyber arena likely has invested more than 25 times as much as any nation that is in a distant second place. There is a cyber arms race, and the United States is winning, and will continue to do so for the foreseeable future (providing it keeps investing, as it probably will).

What is “Cyber Power”?

It is difficult to have an undisputed definition of cyberpower, but as a starting point, we can say that for a nation state, it may be defined by the following factors:

  1. w1 – The number of cyber-weapons deployed and under the control of the nation-state.
  2. w2 – The percentage of zero day cyber weapons deployed and under the control of the nation-states.
  3. p1 – The maximum number of cyber warfare operators per capita that are on duty under peak deployment.
  4. p2 – The maximum number of volunteer or militia cyber warfare operators that may be deployed to support the government.
  5. Rg – The number of websites that may be attacked by government cyber fighters.
  6. Rp – The number of websites that may be attacked by militia cyber warfare operators.
  7. e1 – The number of emergency response centers dedicated to monitoring cyber attacks and coordinating response.
  8. e2 – The number of emergency response centers with cyber-response capabilities.
  9. e3 – The number of emergency response centers with capabilities to respond to secondary targets of a cyber attack, e.g., infrastructure damage, but with no cyber capabilities.

Cyberpower might be estimated as follows:

(9[w2w1]+[w1-9{w2w1}]+3.5p1+p2) * (Rg+.6Rp) + (.9e1+.4e2+.15e3)

Getting this type of data, applying proper quantification and operationalization of the relationships, however, is somewhat problematical, to say the least.

Lingering Challenges Going Forward

Government and Private Sector Coordination. The United States has a peculiar arrangement whereby the government is responsible for defense of the nation, but is unable to control how private enterprises, and the private sector in general, avails itself of defensive technologies. The private sector is left to defend itself.  For example, Under the National Security Agency (NSA), the Cyber Command (“Cybercom”) component is responsible for development of both offensive and defensive cyber weapons. However, it is not clear at all how and under which specific circumstances the power of Cyber Command would be used. See Figure 1.


Figure 1 –– Attack and Defense in Cyberspace. The US Government (NSA’s Cyber Command) is tasked with defending the U.S. Government from cyber attacks. But in case of cyber attacks against important private sector components, including infrastructure, there is no clear role or authority.

As of 2018 Cyber Command should have a 6,200 member force.  It is under the command of the U.S. Strategic Command, which also is in charge of the USA’s nuclear weapons. This number, 6,200 might possibly be only a fraction of the true size of Cyber Command, considering that it is common practice in  many parts of the U.S. government, including the military, to make extensive use of outsourcing and subcontractors to get its work done. If the government employee/subcontractor ratio for other parts of the government is applied to Cyber Command, then a force of 27,900 might be more realistic.

Since it operates under the auspices of the National Security Agency (NSA), Cyber Command has responsibility for protecting the communications, including data communications and thus data processing and ICT infrastructure, of the United States Government. Presumably this means that should government ICT infrastructure come under attack from another nation state, Cyber Command could respond. The rules of cyber war are not yet worked out because it is difficult to have a “cyber war”, without any real “war”. And if there is not real “war”, then presumably government weapons would not be used to fight the conflict.

This leaves a vulnerability for the United States. If the private sector, including the USA’s vast infrastructure (electricity, transportation, finance, business process computing, communications, distribution), came under attack, it is not clear that the NSA would respond. Perhaps it has standing orders to aid the private sector, but it is difficult to see how this could happen except through the mechanism of providing warning and advice to victims of cyberattacks.

It is possible that cyber militia might be used by either the private sector or by the government, but there is not much known about this possibility, and in any case, there would be legal and regulatory barriers for this to be done by the government.

This leaves open the challenge of coordination.

Focus and Coordination. Within the U.S. government, as well as the states and local jurisdictions, a large number of fusion centers and other points of shared operational responsibility has been developed and deployed. Everything from response to a chemical biological attack to a full scale nuclear war has been prepared for. There is a particularly vigilant infrastructure in place to handle the aftermath of a severe terrorist attack against any community.  But these centers specialize in different areas: some on electricity, others on public health, terrorism, or a number of other focus area. They have different degrees of cyber defense and response capabilities, if any at all.

But we can be sure that in any cyber emergency, it will be very difficult to coordinate the activities of these many centers and there is no integrated cyber response plan to do so.

Effectiveness Against Cyber Attack

So looking below at Figure 2, we might hypothesize that there is an optimum number of centers of cyber excellence that determines the level of effectiveness against a cyber attack. In the initial stages of build-up, there is a rapid rise in effectiveness.  But if too much is built, the response teams will face increasing difficulty in coordinating their response, and the effectiveness will start to fall, even as investments continue to rise.


Figure 2 – Too much cyber defense might weaken the overall national efforts. Response to cyber attacks are coordinated a various national centers. As the number of these centers increases, the effectiveness of response increases, but never becomes perfect. But it never approaches perfect. At some point further increases in cyber response centers weakens national cyber defense because of the cost of coordination.

Control of the Proliferation of Cyber Weapons

Cyber Arms Control.  Understanding the prospects of cyber arms control must be based on realistic assumptions about nation state motivation. when seeking international agreement, the cardinal rule is that no nation state will support any regime that does not yield it a benefit. So any international convention to control the proliferation of cyber weapons most present some advantage for each nation in acquiescence. A “win-win” scenario, to use popular game theory lingo. So from the point of view of the United States, we must examine if it is possible to identify any specific advantages from such a treaty. Here are a few to consider:

  1. Uncertainty Mitigation. The exchange of information between nation states, even if imperfect (as it certainly will be), will lessen the uncertainty surrounding a potential cyber attack or cyber war.  This is because it will be necessary to keep a tab on the development of new cyber weapons by competing nation states. In addition, an international warning and coordination system for potential cyber war will enable the USA to better allocate the correct forces for the attack. In the absence of mutually exchanged information concerning the cyber weapons arsenals of the USA’s strategic competitors, there will be a tendency to over-build cyber-weapon counter-measures, thus wasting resources, and leading to further uncertainty. Finally, getting an insight into the cyber warfare operations and capabilities of its strategic competitors (China and Russia) will be less problematic and more accurate than obtaining an incomplete picture using traditional espionage and intelligence collection methods. In general, any regime that can lessen uncertainty in cyber war would be a stabilizing factor.
  2. Law Enforcement. International enforcement against cyber-based crime currently faces many serious obstacles. A short list includes: (1) extradition of cyber-criminals from one jurisdiction to another; (2) rules of evidence that are internationally recognized; (3) attribution of criminality and responsibility; and (4) variances in definitions of crimes. By putting in place the type of government-to-government coordination required for a successful cyber arms control regime, part of its function, by necessity, would be to distinguish nation-state originating weapons from other cyber abuses. Since these other abuses are by default the responsibility of criminals, this would enhance international coordination and law enforcement to bring them to justice.


Cyber Deterrence Theory – Why Cyber Weapons Are More Dangerous Than Nuclear Weapons

Deterrence in the Nuclear Age

Deterrence is found between nation states when an aggressive action by any nation is discouraged because of doubt or fear of the consequences.


Figure 1 – Cover page of the 1958 RAND report on Deterrence written by Bernard Brodie.

The concept of deterrence was created in the late 1950’s by analysts such as Bernard Brodie who was working at the RAND Corporation “think tank” in Santa Monica, California. He and his colleague Herman Kahn was developing a system of theoretical frameworks that could be used to understand the implication of thermonuclear war using Intercontinental Ballistic Missiles (ICBMs) and other delivery systems.

At that point in time, the United States was reeling from the psychological shock of Sputnik 1 (Простейший Спутник-1), a satellite that the Soviet Union placed into an elliptical Earth orbit in October 1957.  The “Space Race” was on, and the Soviet Union had a substantial lead over the United States.

Although Sputnik was designed to orbit the earth and emit a 20 and 40 MHz signal, the shock to the United States was not caused merely by the Soviet Union’s ability to place a small radio transmitter in orbit to broadcast for 21 days.

This was 1957, there were no computers, no electronic calculators.  All mathematical calculations were made using slide rules. There was no CAD-CAM; all engineering work was done on paper. Engineers used drafting tables.

The shock was in the accuracy. If the Soviet Union could manage to be precise enough to place a small radio broadcasting satellite into a stable orbit, then it had the skills to be accurate enough to send a thermonuclear weapon to the mainland of the United States. The accuracy was enough to place Sputnik into orbit, and enough to drop an atomic bomb on a U.S. metropolitan area.

Shortly thereafter, the United States and the Soviet Union greatly increased production of nuclear weapons and ICBMs. The number of atomic bombs became so great that it would have been possible for the Soviet Union easily to extinguish all life on planet earth.

That is, in the mid-1960s, the United States had deployed approximately 31,000 nuclear bombs. By the late 1980s, the Soviet Union had deployed 40,000 nuclear bombs.  Considering that there are only 260 or so large cities in the United States, the threat of 40,000 nuclear bombs was overwhelming.

In today’s world, people do not think much about nuclear weapons. Countries such as Iran that are engaged in violating its treaty obligations and developing nuclear weapons argue that they have a “right” to do so, but they have no such right.

This is because nuclear weapons are too dangerous to allow them to spread. Here is an example that frequently was given by Professor Geoffrey Kemp in his lectures at the Fletcher School of Law and Diplomacy. For some reason, he always like to use the MIT swimming pool in his story.

“It is an October day. The beautiful New England sky is clear and dark blue. Not a cloud to be seen. A nuclear weapon explodes approximately 20,000 feet above the MIT swimming pool. What would be the consequences? Let us first think of only the heat. Take a compass and a map. Draw a circle around the MIT swimming pool. Go out 235 miles as a radius in every direction. The heat of the explosion alone would cause everything within that circle to spontaneously burst into flames. And that is before any of the blast effects were felt.”

With a radius of 235 miles, this blast area would be 173,494 square miles. The United States is 3.797 million square miles. Incredibly, it would take the Soviet Union only 22 weapons to burn the entire surface of the United States. That would leave it with 39,980 weapons remaining. We could do the same math with the Soviet Union. With its size of 8.65 million square miles, it would cost the United States only 50 bombs to burn the entire surface of the Soviet Union, leaving it with 30,950 weapons remaining.

Now these calculations could be a little off, but you should get the point.

So in the nuclear age the theoretical question being considered in sunny Santa Monica was how to avoid having the United States destroyed. The larger question was how to avoid having the entire earth incinerated.

Mutually Assured Destruction (MAD)

Eventually the superpowers settled on a type of balance of power. It was not the “classic” balance of power that had been re-established at the Congress of Vienna (Wiener Kongress) in 1815 after the trauma of the Napoleonic wars.  The nuclear age was to have a different balance of power. Each nation would know that if it attacked another, then there would remain enough thermonuclear weapons on the other side to assure that the attacker themselves would be destroyed in retaliation.

This is guaranteed by the “triad” of delivery systems: The Air Force, the fleet of Intercontinental Ballistic Missiles (ICBMs), and the Navy’s Submarine Launched Ballistic Missiles (SLBMs). In a worst case scenario, if the entire continent of the United States were incinerated and every human being killed, still the U.S. Navy’s nuclear submarine fleet hiding always in the ocean would be able to launch a devastating counter-strike against the Soviet Union. And the USSR built a submarine fleet to provide it with the same retaliatory capability.

And that is the essence of “deterrence”. Neither side will attack the other with nuclear weapons, because it is reasonable certain that it will get the same back. Like the final statement of the computer in the movie “War Games”, the best move is not to play at all.

So we should be thankful about nuclear weapons. Because they have kept the peace and ensured that there was no outbreak of war between the superpowers.

Applying Deterrence Theory to Cyber Warfare

Is it possible to have deterrence in the cyber arena?  First, we need to think about a few of the differences between nuclear and cyber weapons.

Destructive Capability. The destructive capabilities of nuclear weapons are well known. They have kinetic blast effects, heat effects, and radiation poisoning effects. They are designed to destroy infrastructure, or other weapons systems. The calculation of destructive capabilities is well understood. The “Circular Error Probable” (CEP) value which measures the probability that the weapon will explode within a certain range of its target is almost as important as the strength of the blast, since proximity can leverage the inverse square law. In contrast, cyber weapons can have both logical and kinetic effects. By “logic” effects, we refer to destruction or alteration of programmable code or other data, and then the secondary “downstream” effects that are generated. In cyber, a “kinetic” effect is a downstream effect of a cyber event. For example, the Stuxnet virus is said to have caused Siemens programmable logic controllers to trigger a destruction of the Iranian centrifuge machines.

Attack Focus. In nuclear weapons, the kinetic, heat, and radiation effects are centered around the impact point of the explosion. Anything, any system either mechanical or biological within the effect range will sustain damage. The degree of damage falls off exponentially as we move away from the site of the explosion. In contrast, cyber weapons do not necessarily have a point of impact. They can have similar effects across very large geographical areas. As long the system is compatible in logic with the cyber weapon’s capabilities, they be anywhere.  So for example, a nuclear weapon can destroy an electricity production complex; but a cyber weapon can cause destruction or disruption across a geographically distributed electricity or banking grid. A nuclear weapon will destroy everything within its range; a cyber weapon can reap massive destruction to a specific system, but leave everything else in the area untouched.

Visibility of Attack Delivery Phase. Apart from a hidden “suitcase bomb”, the delivery of strategic nuclear weapons is visible. Aircraft (strategic bombers) and ICBMs or nuclear cruise missiles can be detected by radar, although stealth aircraft are more difficult to see. Of course the “reaction time” for responding is a considerable problem. For an SLBM attack against the United States, there may be only 10 minutes or so to respond. The visibility, however limited, probably allows the receiving state to determine the origin of the weapon, and this enables it to target its response and retaliation. So there is a delivery phase of a nuclear attack. With cyber weapons, this delivery phase is not visible. There are two aspects to this: First, it is possible to disguise cyber weapons so that even when they are identified, their source is not known; Second, an additional factor is that with nuclear weapons, there is a delivery time governed by the physics of moving a bomb across the planet. With cyber weapons, delivery takes place more or less instantaneously.

Covert Cyber Weapons Caches. During the Cold War, it was said that the Soviet Union had pre-positioned caches of arms or other destructive items in various places across the United States. These were designed to be available to Non-Official Cover (NOC) agents who would be “activated” in case of a war. This tactic is also said to have been used by the Soviet Union against European targets in the interwar period, and also by the United States. With cyber weapons, the pre-positioning of malicious code means in essence that the payload already has been delivered. There is no delivery phase, and it certainly is not visible. So it is reasonable to assume that any cyber-superpower already has positioned significant numbers of cyber weapons inside the infrastructure of its potential enemies. Therefore, the weapons should be able to attack without warning.

Destructive Effects. Nuclear weapons: (1) kinetic; (2) heat; (3) radiation poisoning. Cyber weapons: (1) kinetic; (2) logical.

Level of Uncertainty. The level of uncertainty for strategists is greater for cyber than for nuclear. This not to discount the considerable uncertainty surrounding a scenario of thermonuclear war. Nevertheless, we can say that the Mutually Assured Destruction (MAD) principle means we can be sure that if a major confrontation breaks out, then both sides will sustain unacceptable levels of damage, regardless of who was the aggressor. In contrast, there is no such certainty with cyber weapons.

To quote Brodie:

“It is a truistic statement that by deterrence we mean obliging the opponent to consider, in an environment of great uncertainty, the probable cost to him of attacking us against the expected gain thereof.” (p.11)

If the Russian Federation makes a decision to launch a cyber attack against the United States, then given the great amount of uncertainty, how can it estimate what the U.S. response will be, and how much “cost” or damage it will be required to suffer, and after that, what will be its expected gain? The same is true for the United States. It if decides to launch a cyber attack against China, then how does it estimate what the Chinese are capable of doing in retaliation, and after that, how can it assess the potential gain?

Conclusion – Cyber Weapons Are More Dangerous Than Nuclear Weapons

Cyber War is Mutually Un-Assured Destruction (MUD). We only can  conclude that the level of uncertainty is so great in cyber that there is no assurance of destruction of the attacking party, and no way to estimate how much “cost” would need to be paid by the attacker as it weathers the retaliation of its victim; thus there is no way to understand whether or not there would be any potential gain.

So the implication of this is that cyber weapons appear to be more dangerous that nuclear weapons because of the level of uncertainty inherent in their deployment and potential use. This means by extension that at least for the time being, the concept of “balance of cyber power” is not a feasible concept.

In future posts, we will examine a number of cyber-war scenarios.









The Wikileaks Vault 7 “Year Zero” Leak

ON MARCH 7th, 2017, Wikileaks released a giant file of 8,761 documents from the U.S. Central Intelligence Agency (CIA). Wikileaks called the leak the “first full part of the series “Year Zero”.  The documents were stolen from a network that supposedly was “isolated” within the CIA itself.


Figure 1: The structure of the CIA’s cyber weapons development group, according to Wikileaks.

What is surprising about the leak to Wikileaks is that it contains not only documentation regarding CIA development activities, but also the actual code (“several million lines of code”) used in these various exploits.

It appears that these cyber weapons allow almost any electronic device to be hacked for purposes of intelligence collection.

Since there already is a great deal of publicity regarding these weapons, there is no need to discuss them here.

Effect on U.S. National Security

If the leak is genuine, then this is another giant blow to the intelligence community.  It will make it easier now for criminals, terrorists, human traffickers, heroin cartels or others, including other nation states to deploy cyber weapons against the United States. It also will allow these enemies to avoid detection.

It further will erode faith in U.S. technology exports and harm U.S. technology companies.

The persons who leaked the information are traitors, and what they have done will result in people being killed or otherwise harmed. If they are found, then they should be prosecuted.

Wikileaks reports that approximately 22,000 IP addresses located within the United States were targets of these cyber weapons.

The Danger of Cyber Weapons Proliferation

As if they are some type of hero, the leaker wishes “to initiate a public debate about the security, creation, use, proliferation and democratic control of cyberweapons.”

This blogger agrees that we should have a debate, but inflicting severe damage against the intelligence community is hardly the way to do it. An alternative debate might be whether or not the leaker should be shot. 

In any case, this leak emphasizes the following dangers of cyber proliferation:

  1. Unlike the difficulties found in nuclear proliferation, cyber weapons can be dispersed and moved around the world in seconds.
  2. It is impossible to determine who has access to cyber weapons once they are released.
  3. Cyber weapons are asymmetric in nature; that is, their cost is a tiny fraction of the value of damage they can cause.

The Need for Cyber Arms Control

This unfortunate compromise in U.S. national security again emphasizes the need for the nations of the world to begin the process of creating an international convention for cyber arms control.  The proliferation of cyber weapons needs to be stopped before there is a tremendous disaster.


International Convention to End the Cyber Arms Race


爱德华.M.罗氏是哥伦比亚商学院下设哥伦比亚远程信息研究所的一位研究员。迈克尔 J.布莱恩不时撰写各类主题的文章。

By Edward M. Roche Ph.D., J.D. and Michael J. Blaine, Ph.D.


















混合模型: 国际社会面临的另一挑战是处理大规模杀伤性核武器。与化学生物武器不同,核能是一把双刃剑。一方面,它为全球千百万人提供了电力;另一方面,核能也是不可想象的杀伤性武器之源,这些武器造成的后果曾在《美国战略轰炸调查》中有所描述。






  1. 普适性。相关各国均需在公约中扮演角色。这有可能是最为重要的条件。
  2. 必须准确定义网络武器。就化学生物武器而言,其定义中并没有对不同成分或生物组成等细节的描述。这就避免了关于什么是和不是化学和生物武器的无止境的争辩。同样的,对核武器而言,其定义也非常宽泛,包括了从多弹头分导导弹到手提箱脏弹的所有种类。宽泛普适的定义是网络信息公约的前提。
  3. 必须定义网络攻击。网络攻击方式众多,所以并不能预期或预判所有不幸后果。一项国际公约需以直接的方式或通过赞助代理方将其范围控制在政府支配的活动之内。有组织的犯罪团伙实施跨国犯罪,单独黑客的攻击行为,以及平民发起网络案件可由国际犯罪司法系统处理。然而,在此类情况中,如果这些或其他私人参与者直接受政府控制或者暗中与政府有关联,则属国际公约的管辖范围。
  4. 可验证性。与之前其他公约一样,任何试图限制网络武器扩散的协议必须包括可验证性。由于网络武器无形的特性,这将是一个难题。然而,如前面提到的国际禁化武组织一样,必须成立一个独立的第三方,它需具备适当的调停能力。现在已有很多类似的组织,比如美国的计算机紧急事件响应小组协调中心、俄罗斯的卡巴斯基实验室等,都具备着担此重任的能力。这些组织能够将其当前的的特别协作制度化,在联合国支持下联合起来,形成一个可以调查网络事件和核实条约服从情况的跨国机构。
  5. 与《联合国宪章》融合。网络攻击可以导致网络战争,因此可将其视作宪章第1.1条所涉内容。宪章第1.1条定义了国际和平与安全的潜在威胁,并提出了和平解决争端的方式。安全理事会在第六章(和平解决国际争端)和第七章(对危及和平、破坏和平和侵略行为采取的行动)的活动必须视为包含网络武器及其使用。
  6. 不干涉人权。有些人担心,任何“控制”互联网的国际公约都可能变质为由国家操纵的巨大破坏力量,在世界范围内强加监督,实施政治压迫。对于国家在控制网络空间方面所扮演的角色,早已存在多种不同观点。中国公开加强监管,而与其截然相反的是,美国实施了网络通信权第一修正案。控制网络武器不能被用作阻挠《人权宣言》的托词。该声明呼吁“一个人人享有言论与信仰自由的世界”,尤其是第19条规定:“人人有权享有观念与表达的自由;此项权利包括人人有权持有主张,不受干涉;有通过各种媒介寻求、接受和传递各种消息和思想的自由,而不论国界。”
  7. 灵活性和对不断变化的技术的适应性。信息和通信技术的快速发展不可超越公约的范围。因此,其范围必须像《禁用生化武器条约》与《不扩散核武器条约》一样广泛,涵盖武器的所有变种形式,但是对特殊情况没有必要的约束条件。
  8. 强制性。没有一项国际公约可以在没有强制性要求的情况下顺利执行。这需要安全理事会根据《联合国宪章》第七章对某些措施进行适当调整,并调整其对特殊网络战争情境的预测。特别是第41条“不使用武力的措施”,应视为包含网络攻击在内。因为毕竟第41条指出:“此项办法得包括经济关系、铁路、海运、航空、邮、电、无线电、及其他交通工具之局部或全部停止,以及外交关系之断绝。”(斜体字表示强调)。




尽管国际公约的范围仅限于政府间的网络攻击,但国际社会仍然面临着迅猛的科技变化所带来的艰巨问题。不可计数的网络与系统错综联系,因此,要理解技术的理论复杂性并非易事。其他国际协议,如《京都议定书》,在数十年内都不会发生变化,因此有大量时间制定协议的详细条款。但是在网络领域, 数周之内,最长至数月之内就会发生变化,这使得草拟有效定义、防范网络攻击变得十分困难。一旦某种武器或活动被宣布为不合法,便会出现一种新的、甚至是更具破坏力的技术取而代之。人类在环境及地球科学方面的研究已延续多年,但在网络战方面,人类进行严肃的学术探讨与科学研究最多只有15年,大多数工作都集中在近五年内。最后,网络武器技术的复杂性也使任务变得艰巨,因为其要求具备在交换系统、移动电话、智能手机、电磁脉冲、阻断服务攻击,以及所有种类的软件和编程方面的知识。



即使前面提到的问题全都得以解决,一个最为本质的问题仍然存在,那就是,一个民族国家为何要加入此条约。显然,此条约将会限制国家发展攻击性网络武器的权利,而这从本质上讲是将国家主权拱手相让。 因此,最通俗的解释是,一个国家必须断定,加入此公约的好处要大于损失,或者说是大于失掉某些国家主权的代价。





另一类似的问题涉及到网络的经济效率及其对馈线网的支持。一种合理的担忧是,政府管理会提高商务与个人的成本,可能会阻碍创新。 这个问题对于跨国企业和一般意义上的整个商业领域来讲意义尤为重大,因为他们如今在网络空间进行着大量的经济交易。因此,若要达成某种限制网络武器的合作协议,即使只是初步商议,国家也需要与相关利益方充分探讨这些担忧,并就如何防止消极的社会和经济结果产生达成某种共识。显然,任何国际公约都需要适应不同国家在控制网络及其基础设施方面的不同观点。



一般来讲,此种假设情景由三个阶段构成: (1) 攻击发生; (2)受害国无法识别攻击来源; (3)采取行动识别攻击来源,将犯罪分子绳之以法,或以某种方式恢复秩序。





















常任成员国应包括: (1) 美利坚合众国;(2) 俄罗斯联邦;(3) 中华人民共和国; (4)日本; (5) 印度; (6) 印度尼西亚; (7)欧盟。

























要国家为网络攻击负责是十分困难的,因为网络攻击很难追踪,政府可能雇佣“黑客”为其工作,而且网络攻击的本质也可能会掩盖其真正源头。一些人得出结论认为,对国际网络安全构成最大威胁的不是犯罪分子,而是国际体系中的国家。早在法律改革的倡议提出时,黑客活动分子就已处于特殊监视之下。不过,即使可以起诉网络犯罪分子,法律问题仍然复杂,包括(1)司法权; (2) 证据规则; (3) 正当程序 (4)国际认可与判决的执行。 所以从国际法角度讲,制定国际公约牵涉到诸多问题,还要使其与国内法规完全兼容。



对此条约的法律与政治学含义有特殊兴趣者,可参考脚注,诸多此类问题已在脚注中作答。 这样一来,本文主体部分仅作为一般的行动号召,对广大读者而言通俗易懂。问题迫在眉睫,需要即时行动。我们希望“网络广岛”不要再继续向前发展。

Footnote19: 本条款允许开发与维护网络工具,比如诊断软件,虽然可用于有害目的,但设计意图在于帮助计算机网络运行。


China’s Strategy for Cyberspace (Pt. II) – Analysis

Chinese Cyberspace (中国网络空间)

Below are a few conclusions we can draw regarding how the Chinese government views cyberspace (网络空间 wǎngluò kōngjiān).

Economic and cultural advantages of Cyberspace. There is acknowledgement of progress in communications, education, coordination and manufacturing, healthcare, finance and a number of other areas. Cyberspace is viewed as being a driver for economic development. In general, there is a very positive view of the potential for cyberspace to benefit both China and humanity as a whole.

Cyberspace is a new type of national “territory”. Although abstract in nature, the Chinese view is that cyberspace deserves the same type of protection as “brick and mortar” territory (land, sea, air, and space). Not only must the territory be protected, but it must be expanded if possible. There is a “competition” between nations to expand their cyber territory.

Threat to political security. The Internet and cyberspace can be used for many activities that might harm society or the political system. There is a risk to the “political security” (政治安全 zhèngzhì ānquán) of China. This view likely comes from the Chinese assessment of the “Arab Spring” or other social movements that have been enabled through the Internet and which destabilized or swept away governments.

Cyberspace can make China vulnerable to cyber espionage. China policymakers fear the use of the Internet for carrying out “cyber espionage” (网络窃密 wǎngluò qièmì) and for eavesdropping (网络监控 wǎngluò jiānkòng)  (spying on) Chinese society, its businesses, associations, or government.

The Internet can be used by China’s enemies to destabilize its political system. There is a fear that by inciting social unrest and promoting unhealthy or incompatible ideas, the enemies of China may attempt to use the Internet to overthrow the government. As a result, part of the Chinese strategy for cyberspace is to put in place controls on information imported from outside China. This curbing of the free flow of information is viewed as being a prudent measure of public safety, and although there is a trade-off with individual rights, a priority is placed on maintaining social stability in the world’s largest nation.

Cyberspace should curtail other than socialist core values. China has a concept of harmful information (有害信息 yǒuhài xìnxī) and cultural security (文化安全 wénhuà ānquán) that do not have an exact equivalent elsewhere. The idea is that the Internet and its unfettered communication provide a platform for spreading obscenity (淫秽 yínhuì), ideas about violence (暴力 bàolì) against society, superstition (迷信 míxìn), moral anomie (道德失范 dàodé shīfàn), and decadence (颓废文化 tuí fèi wén huà).  Here, the meaning of “superstition” really is “religion” as scientific communism or historical materialism do not recognize a supreme being, and promoting such beliefs is not compatible with communist society. Cyber space should be free of this type of content, much of which is commonplace in other parts of the world. The difference is that it is Chinese government policy to protect the Internet inside China from these bad influences.

Fake News in social media should be repressed. There is a specific notion that network rumors (网络谣言 wǎngluò yáoyán), can harm society. Therefore fake news should be kept off of the Internet. And this should be done by the government as a means of providing security to the Chinese people.

China employs a concept of “Internet Terrorism”. Online terrorism (网络恐怖 wǎngluò kǒngbù) is defined as being both general hacking (stealing information, infringement of intellectual property rights), as well as inciting and fomenting illegal behavior. There are three general classes of cyberspace terrorism: (1) using the Internet as a means of communication for the purpose of promoting terrorism; (2) committing computer crimes against persons or organizations; and (3) committing crimes against the Internet itself (hurting its operation, denial of service attacks, destruction of information or network logic), such as through introduction of viruses or malware (计算机病毒 jìsuànjī bìngdú).  There is no significant difference between the Chinese and nation’s views in this area.

China views cyberspace as a new territory to control and harvest. Cyberspace is thought of as a new “territory” where it is vital for nations to grasp control of strategic resources (网络空间战略资源 wǎngluò kōngjiān zhànlüè zīyuán). This means not only grasping the physical aspects of the Internet where possible, but also getting control over how the rules are made. This is generally referred to as Internet Governance (规则制定权 guīzé zhìdìng quán). China’s approach to internet governance is to emphasize the role of government as taking the lead. This is in contrast to the multi-stakeholder processes in vogue in much of the rest of the world. The Chinese system is simply not organized to allow non-government actors to make public policy.

China is building a cyber deterrence capability. Cyberspace is a platform through which a nation can build a deterrence strategy (网络威慑战略 wǎngluò wēishè zhànlüè). Deterrence is the principle that a nation if attacked will retain enough capability to do a significant amount of damage against its enemies. This makes it impossible for one country to attack another without itself suffering overwhelming damage. It is speculation to suggest how this principle would work in cyberspace. Nevertheless, deterrence must be based on the development of offensive cyber capability, which we can assume China is busy developing. In this connection, Chinese strategy is focused on preventing cyberspace conflict (网络空间冲突 wǎngluò kōngjiān chōngtū).

China recognizes there is a cyber arms race that should be controlled. The Chinese view the cyber arms race (网络空间军备竞赛 wǎngluò kōngjiān jūnbèi jìngsài) as being a danger to international peace and security. It is not known if the Chinese Government is interested in pursuing an international treaty for the control of cyber weapons. However, it does acknowledge that there is an arms race in cyber. We can conclude that China is working as quickly as possible to develop and deploy an entire arsenal of cyber weapons. China recognizes the need to control the cyber arms race (网络空间军备竞赛 wǎngluò kōngjiān jūnbèi jìngsài).

China continues to deploy a national network control system.  It appears that Internet security in its broadest sense is to be guaranteed by the Government of China through a national system (国家网络安全保障体系 guójiā wǎngluò ānquán bǎozhàng tǐxì). Cyber security (网络安全 wǎngluò ānquán) practices are intended to keep the network stable, reliable and secure.

China Supports Cyber Arms Control

China recognizes there is a cyber arms race that should be controlled. The Chinese view the cyber arms race (网络空间军备竞赛 wǎngluò kōngjiān jūnbèi jìngsài) as being a danger to international peace and security. It is not known if the Chinese Government is interested in pursuing an international treaty for the control of cyber weapons. However, it does acknowledge that there is an arms race in cyber. We can conclude that China is working as quickly as possible to develop and deploy an entire arsenal of cyber weapons. China recognizes the need to control the cyber arms race.

China intends to use international negotiations to govern cyberspace. The Chinese government is pursuing a multilateral governance system for the Internet(多边国际互联网治理体系 duōbiān guójì hùlián wǎngzhì lǐtǐ xì). Internet governance (网络空间治理 wǎngluò kōngjiān zhìlǐ) is viewed as handling terrorism, cybercrime, and even helping to bridge the digital divide(数字鸿沟 shùzì hónggōu) between developed and developing countries. It is not clear how much non-governmental input China views as being essential to development of a global multilateral Internet governance arrangement.

China’s Governing Principles for Cyberspace

A nation’s cyberspace is sovereign territory. A nation has complete authority within its territory, and within its cyberspace territory, to control everything that happens there. Cyberspace sovereignty(网络空间主权 wǎngluò kōngjiān zhǔquán) is an essential principle.

No nation should dominate cyberspace. China acknowledges the concept of “cyber hegemony”(网络霸权 wǎngluò bàquán), which may be a reference to the United States, which is the source of most of the world’s innovation and commercial products in cyberspace. No cyber-powerful nation should be able to destabilize the “cyberspace order”(网络空间秩序 wǎngluò kōngjiān zhìxù) by forcing into another country information that is harmful (有害信息 yǒuhài xìnxī) to its national security or national “interests”.

Use of Cyberspace should not threaten international peace and security. The Chinese view is that certain actions by nations can be a threat to international peace and security as defined in the United Nations Charter. This should be avoided. By specifically using the phrase “threat to international peace and security” (国际安全与稳定相悖 guó jì ān quán yǔ wěn dìng xiāng bèi), China is drawing upon the United Nations Charter. This presumably means that a cyber attack could be brought before the United Nations Security Council.

Law should govern cyberspace. There is a recognition that cyberspace should be governed by law (依法治理网络空间 yīfǎ zhìlǐ wǎngluò kōngjiān). This appears natural, but actually it is only one of several models for internet governance. An alternative view is to rely on self-organizing systems. For example, Wikipedia, the Linux operating system, or many internet technical standards are not planned, but instead are spontaneously created through more or less unorganized masses of contributors. This is explained clearly in the classic book The Cathedral and the Bazaar. The Chinese view of relying solely on law to govern cyberspace is in line with its view of government as being the premier and sole source of governance authority.



Eric S. Raymond, The cathedral and the bazaar : musings on Linux and Open Source by an accidental revolutionary, Beijing; Cambridge, Mass.: O’Reilly, 2001.







Détente in Cyberspace

Prospects for “Cyber Détente”

In his analysis of why détente between the United States and the Soviet Union broke down in the period of 1975 to 1980, Olav Njølstad, of the Norwegian Nobel Institute, identified five factors. We can test these factors to today’s environment to suggest the prospects for conclusion of an international treaty for the control of cyber arms proliferation.

Détente was a policy adopted by the Soviet Union and United States to lessen geopolitical tensions, establish mutually beneficial relationships, and importantly, engage in strategic (nuclear) arms control. It resulted in the conclusion of the SALT I treaty, but not the SALT II treaty. (SALT = “Strategic Arms Limitations Talks“)

Nølstad’s Five Factors

Here are Njølstad’s Five Factors and what they might suggest for cyber arms control.

Factor 1
Lack of Mutual Trust

Njølstad argues that the leaders of the USA and USSR never really trusted each other. Although between Nixon and Brezhnev there gradually had been a build-up of personal trust, the large interest groups led by elites on both sides never understood each other. Nixon, for example, had Brezhnev out to his home in California for extensive discussions, and the photographs of the moment show a relaxed cordiality and workmanlike attitude present between these two leaders. But when Nixon left office, one leg of the table collapsed, and things fell apart finally under the administration of Jimmy Carter.

Application to Cyber Arms Control. It is difficult to judge the amount of “trust” between the superpowers today. But it is safe to assume that it is not different from twenty years ago, and may be even worse. Under that line of thinking, the lack lack of trust argues against agreement on a cyber treaty. A counter-argument may be that unlike the situation in the Cold War, in cyberspace, there is not such a compelling groups of elites on either side.  That is, whereas in the kinetic warfare realm, there automatically is a sharp division between competing parties, in the cyber realm the interest group may be the entire Internet community, worldwide. An additional consideration is that there is no strong “cyber war” faction we have noticed at least in the United States. Or is there? A counter-counter argument is that the cyber realm is so new, sensitivities are such that it is much more difficult to build trust, in no small part because so little is understood of this new realm of interaction between nation states.

Conclusion: The lack of trust will inhibit agreement on a cyber arms limitation treaty.

Factor 2
Absence of Common Value and Visions.

Njølstad also argues that the United States and Soviet Union had very different values, and this was another element in why détente fell apart. In its simplest form, this difference was Communist orthodoxy versus the human rights, democracy and justice values of the United States. In the Communist view, “peaceful coexistence” was possible between the superpowers, but there always would remain a competition in the realm of ideology. Many observers have argued that the Third Basket of the Helsinki Accords, concerning human rights, was responsible for generating a wave of anti-regime behavior throughout the Soviet Union, ultimately leading to its collapse.

Application to Cyber Arms Control. As pointed out elsewhere in this blog, China, Russia and the United States have very different views regarding Internet governance, and regarding the role of information in society. In particular, in Russia and China, there is an acceptance of the role of the government in controlling information and communications. Generally, these actions of censorship, or information regulation, are carried out with a view to maintaining stability. So that is a very different point of view from much of the West. The counter-argument is that whereas there are different views on the role of government in controlling information, there actually is an almost perfect agreement regarding the need to control cyber crime. In this connection, there is obviously a great potential for international agreement. The counter-counter argument is that although there is a shared interest in controlling cyber crime, this does not necessarily translate into interest in getting cyber arms control.

Conclusion: There are strong points of agreement between the superpowers on the need to control cyber crime. This would indicate potential for some type of international agreement to help accomplish this goal. In this connection, different philosophies regarding the role of government in controlling information is not relevant. So there are places where it should be possible to reach international agreement, but it remains to be seen what advantage countries would have in limiting their own ability to develop and deploy cyber weapons.

Factor 3
Lack of Real Economic Interdependence

Between the United States and Soviet Union, there was no substantial economic interdependence. There was little produced in the Soviet Union that was needed in the United States. The Soviet Union produced little of value except oil and raw materials. More than 40% of its GDP was being spent in the military industrial complex, and almost all of the money from oil exports was being used to pay for importation of meat and grains from the West. In addition, the Soviet Union was burdened by its overseas commitments, all of which were costing substantial amounts of money. Njølstad’s notion is that had there been greater economic integration, then this would be a booster of détente, or at least something to prevent its deterioration.

Application to Cyber Arms Control. Between China and the United States, there is significant economic integration; between the US and Russia, the situation has not changed much since the 1980s. Between China and Russia, there is some trading for energy, but little else. Compared to China, Russia’s economy is very small. In the area of cyberspace, the United States is dominant, and it does not need either of the other two markets to have a viable Internet ecosystem. Nevertheless, there is acknowledgement on all sides that cyberspace, the Internet, plays a crucial role in economic development. Therefore, it is a priority on all sides for the Internet to continue to function so that infrastructure and economic functions can continue to operate smoothly. Even though each nation views development of defensive weapons in its own jurisdiction a sovereign right, in the realm of cyberspace, there may be an incentive on all sides to reach agreement on international procedures and other mechanisms to keep cyberspace open for business.

Conclusion: Favorable for cyber arms control.

Factor 4
Mutual Lack of Constraint

Njølstad argued there is a “zero-sum logic of Cold War geopolitics”. That is, if one side gained, the other lost. In the Cold War, there was a mistaken tendency for the two superpowers to consider detente to be a bilateral matter but without reference to competition taking place in the developing world. So under this thinking, it would be possible to continue to probe for geopolitical advantages elsewhere while maintaining détente between the superpowers themselves. It didn’t work. The Soviet invasion of Afghanistan, and the problems in the Middle East, Angola and the Horn of Africa (Ethiopia, Somalia) led to continued problems. The fall of the Shah of Iran and the Soviet Invasion of Afghanistan led to the “Carter Doctrine” which threatened war if the Soviet Union moved to exert control in the Persian Gulf. It also lead to a giant military build-up, which President Reagan inherited.

Application to Cyber Arms Control. For this analogy to work, we would need to see evidence of continued probing for advantage in cyberspace while at the same time attempting to maintain a regime of cyber arms control. We can expect that nations would continue to engage in cyber espionage, and therefore it would not be possible to have any international agreement limiting this important government function, on any side. On the other hand, cyberspace is such that there may not necessarily be a zero sum game. Does innovation in one area (country, application portfolio) automatically lead to losses on the other side? One could argue “yes”, and give the example of how China has discriminated against foreign social media and other Internet services groups so as to create its own native Chinese companies. But it is difficult to show harm to the other side, which continues to grow and prosper. It can also be argued that the interest in keeping the Internet running will be strong enough to encourage work at international agreements that limit cyber weapons and their proliferation.  For example, cyber weapons should not be allowed to fall into the hands of non-state actors (information terrorists). This would be also the case if other nations were coaxed into joining the control regime, because the superpowers would see the treaty as a way to limit weapons developed elsewhere. This would limit threats to Internet (cyberspace) stability and thus be of benefit to everyone. And at the same time it would not prevent competition from continuing.

Conclusion: Favorable for cyber arms control.

Factor 5
Dynamics of the Arms Race

Njølstad argues that on each side there were “intellectual, institutional, and economic pressures” coming from “groups, companies, and bureaucracies with a vested interest in the arms race”. As a result, it became much easier after détente began to weaken to raise voices calling for a harder line. In the same way Carter eventually was overwhelmed by hard liners, Brezhnev faced the same problem in the Soviet Union with pressures from the military and intelligence parts of the government.

Application to Cyber Arms Control. There is no strong institutional or economic pressure to continue building cyber weapons. They are not expensive to build. For example, the cost of cyber arms are nothing compared to the price of rolling out a new strategic bomber, fighter jet, or missile system. So we can conclude that there is no such strong institutional lobby standing by to back up hard liners should this possibility emerge.

Conclusion: Favorable for cyber arms control.

Overall Conclusion

Njølstad’s analysis gives crucial insights into why détente between the Soviet Union and the United States eventually fell apart. When we apply these same factors to the possibilities for cyber arms control, the picture is not as negative. But it is not completely positive either.


One limitation (of many) in this analysis is that détente was seen as a bilateral policy between the United States and the Soviet Union. This is quite different from what would be required for the negotiation of a multilateral treaty for cyber arms control. So in a strict sense, applying a bilateral framework of explanation against a possible multilateral problem set is problematical. The counter-argument to this is that in arms control, leadership can be shown by superpowers, with the prospect that smaller less consequential nations will follow the example of the superpowers. A second counter-argument is that this bilateral framework can be applied to any set of multi-lateral relationships. For example, one could apply it to US-Russia relations, then to US-China relations, then to Russia-China relations. So it probably is possible to apply it to multilateral relations, although that is not its original design intent.


Olav Njølstad, “The collapse of superpower détente, 1975-1980”, in Melyn P. Leffler and Odd Arne Westad, Eds., The Cambridge History of the Cold War, Vol. III Endings, Cambridge U. Press, 2010, pps. 135-155

China’s National Strategy for Cyberspace (Pt. I)– Vocabulary

Part I – Vocabulary

China’s national strategy for cyberspace is breathtaking in its comprehensiveness. It recognizes the importance of the Internet in all domains of human activity (education, science, business, communications), but also acknowledges what it views as being major problems with the Internet as it operates now.

Notable Quotations

没有 网络 安全 就 没有 国家 安全 (méiyǒu wǎngluò ānquán jiù méiyǒu guójiā ānquán)
Without cyber security, there is no national security.
网络空间 是 国家 主权 的 新疆域 (wǎngluòkōngjiān shì guójiā zhǔquán dí xīn jiāngyù)
Cyberspace is the new territory of national sovereignty. (Lit. Cyberspace is national sovereignty [of] new territory.)
网络 攻击 威胁 经济 安全 (wǎngluò gōngjī wēixié jīngjì ānquán)
Cyber attacks threaten economic security.
网络 有害 信息 侵蚀 文化 安全 (wǎngluò yǒuhài xìnxī qīnshí wénhuà ānquán)
Harmful online information corrodes cultural security.

Chinese Cyberspace Terminology

NB: Many of the terms are more or less the same as in English, others are different for two reasons: First, there is an inherent ambiguity in the Chinese language that makes it possible for a work (or character combination) to have a number of meanings in English, some narrow some general; Second, even though some of the terms translate into English, the context of the Chinese text indicates that their meaning actually is slightly different or may have a specific Chinese context.

In addition, a few terms are used in a way that indicate the overall policy thrust of the Chinese government both internally and in international fora, and this is noted.

We have inserted spaces into the Chinese phrases to separate the characters into words, usually two-characters in length. In written Chinese, there is no spacing between words. After the characters, we have inserted the romanization of the characters with the Mandarin 4-tone accent marks, and also clustered together these into words with spaces.

The order is according to the romanization of the Chinese. This is because there are numerous variations in the english equivalents (or semi-equivalents).

安全 (ān quán)

暴力 (bàolì)
Violence. This refers to content. (It is peculiar that violent gaming is very popular in China.) We can conclude that this refers to the use of the Internet to provoke or condone violence or political upheaval.

颠覆 (diānfù)

多边 国际 互联 网治 理体 系 (duōbiān guójì hùlián wǎngzhì lǐtǐ xì)
Multilateral (international) network governance system.

道德 失范 (dàodé shīfàn)
Moral anomie; moral degeneracy.

分裂 国家 (fēnliè guójiā)
Split the country; separatism. This refers to any communications on the Internet that discuss the break-up of China. Examples would be Tibet, which was occupied by China in the 1950s, and also Occupied East Turkistan, which is occupied by China. It is specifically prohibited to communicate information that would suggest any change in current political arrangements.

国家 关键 信息 基础 设施 (guójiā guānjiàn xìnxī jīchǔshèshī)
National critical information infrastructure. This definition appears to be the same as in the West.

公众 监督 (gōngzhòng jiāndū)
Public supervision. This refers to government “control” of the Internet and its content, but also control over all aspects of the technology, including standards, governance procedures, domain name registration, and so on.

国家 网络 安全 保障 体系 (guójiā wǎngluò ānquán bǎozhàng tǐxì)
National network safety protection system; national network security system.

规则 制定 权 (guīzé zhìdìng quán)
Right to make rules; Internet governance.

关键 信息 基础设施 (guānjiàn xìnxī jīchǔshèshī)
Critical information infrastructure.

计算机 病毒 (jìsuànjī bìngdú)
Computer virus; malware.

迷信 (míxìn)
Blind faith; superstition. This refers to what the West would call “religion”. In other words, the spreading of “superstition” is considered to be a danger on the Internet. It is in the class of information that must be controlled and weeded out.

渗透 (shèntòu)
Penetration. This term is used for hacking, that is, the illicit access to an information system through the Internet.

数字 鸿沟 (shùzì hónggōu)
Digital divide. This is the standard terminology used to express the difference in access to information technology between the developed and developing countries. It is a holdover from the New World Information Order that was started originally in UNESCO as an anti-Western movement seeking government control over mass media.
社会 主义 核心 价值 观 (shèhuìzhǔyì héxīn jiàzhí guān)
Socialist core values viewpoint. This term is used to express what China believes should be a guiding principle in content available through the Internet. The other side is that is that information without this viewpoint is officially not welcome.

颓废 文化 (tuífèi wénhuà)
Decadent culture; dispirited culture. This term refers to content on the Internet that does not have the correct and acceptable point of view or theme.

网络 (wǎngluò)
The internet.

文化 安全 (wénhuà ānquán)
Cultural security. This term refers to a vulnerability caused by the Internet, by Cyberspace. There is a fear that without appropriate control, the Internet will harm “cultural security”. This term is alien and more or less unknown in the West.
网络 安全 (wǎngluò ānquán)
Cyber security, network security; network protection.

网络 安全 防御 (wǎngluò ānquán fángyù)
Network security defense; cybersecurity defense. This term is general in nature and does not specifically refer to actions of the People’s Liberation Army (PLA).

网络 安全 审查 制度 (wǎngluò ānquán shěnchá zhìdù)
Network security review system. This term refers to a national program or set of policies that will enforce security checks on the Internet, that is, on the entire Internet within China. By necessity, it is a centrally directed effort of the government.

网络 空间 冲突 (wǎngluò kōngjiān chōngtū)
Cyberspace conflict. There is no specific example of this. For example, it is not clear if it applies to only the technology and network level or also includes information operations. Within the context of the overall policy, it would include information operations. Therefore, we can conclude that providing unacceptable information into China is a form a aggressing leading to cyberspace conflict.
网络 空间 (wǎngluò kōngjiān)

网络 空间 国际 规则 (wǎngluò kōngjiān guójì guīzé)
International rules for cyberspace. In the Chinese point of view, this term refers to a negotiated set of treaties and international agreements that will govern the Internet. These rules and norms will be negotiated by countries. This model of Internet Governance is not compatible with the Western point of view which emphasizes a multi-stakeholder approach.
网络 空间 国际 反恐 公约 (wǎngluò kōngjiān guójì fǎnkǒng gōngyuē)
International convention against terrorism in cyberspace; (Lit. Internet (cyber) international against terrorism convention). There is no such convention, but it is interesting that China is interested in the negotiation of such a treaty.

网络 空间 军备 竞赛 (wǎngluò kōngjiān jūnbèi jìngsài)
Cyberspace Arms Race; Internet space arms competition. Although China recognizes there there is a cyber arms race, there is no discussion we have seen of a desire for an international treaty to limit the proliferation of cyber weapons.

网络 空间 秩序 (wǎngluò kōngjiān zhìxù)
Cyberspace order. This term to refer to internal Internet conditions (within China), and also internationally. It reflects the China ideal notion of a type of stable and “ordered” international information system of Internet and “cyber space”.
网络 空间 治理 (wǎngluò kōngjiān zhìlǐ)
Cyberspace governance; internet governance.
网络 空间 主权 (wǎngluò kōngjiān zhǔquán)
Cyberspace sovereignty. This is a broad concept. In general, it considers that Chinese networks are integral to the nation and themselves are connected with national sovereignty. Therefore, an attack on Chinese cyberspace is the same as an attack on the landmass of China.
网络 空间 战略 资源 (wǎngluò kōngjiān zhànlüè zīyuán)
Strategic resources of cyberspace. This concept does not appear in Western thinking and may be a unique perspective in China. It considers that cyberspace is a type of territory in which there are various “resources” that can be acquired and controlled. In the Chinese view, it is an important aspect of national cyberspace policy to acquire and control these resources.

网络 伦理 (wǎngluò lúnlǐ)
Network ethics. Behavioral aspects of citizen activities online.

网上 思想 文化 (wǎngshàng sīxiǎng wénhuà)
Online ideology and culture. This refers to type of values and behaviors of people that spend much time online, and to expected behavior and cultural norms presented.

网络 窃密 (wǎngluò qièmì)
Cyber espionage; Using the Internet to steal secret information. China does not specifically define “secret” information, but in practice has a very broad definition. Chinese rules concerning cyber espionage are similar to other countries.

网络 威慑 战略 (wǎngluò wēishè zhànlüè)
Cyber deterrence strategy. There is no specific discussion of this in the cyber context. However, it presumably means that it is official Chinese policy to develop cyber weapons that can be used to counter-attack in case China itself is attacked in cyberspace.

网络 谣言 (wǎngluò yáoyán)
Network rumors; Fake news and false information spread through social media. This is another class of prohibited information. The Chinese government spends significant resources on monitoring and controlling rumors.

信息 传播 秩序 (xìnxī chuánbō zhìxù)
Information dissemination order. Here the term “order” refers to a state in which everything is under strict control. So this implies that how information is distributed, and what the information is, should be under strict control. This, of course, is incompatible with Western thinking. It also may be incompatible with the Universal Declaration of Human Rights.

淫秽 (yínhuì)
Obscenity. Same meaning as in the West, but obscene information is specifically prohibited by national policy. There is no exact definition of obscenity.

应急 响应 (yīngjí xiǎngyīng)
Emergency response. This has the same meaning as in English, and in the West. It refers to quick response in case of a computer network emergency, such as a massive denial of service attack.
有害 信息 (yǒuhài xìnxī)
Harmful information.
有害 信息 (yǒuhài xìnxī)
Harmful information (harmful to national security or national interests). Chinese doctrine defines large classes of harmful information, and there is a specific policy to prevent this harmful information from spreading.

依法 治理 网络 空间 (yīfǎ zhìlǐ wǎngluò kōngjiān)
Governance of cyberspace according to the law; (Lit. According to the law govern cyberspace). This concept sounds neutral, but actually it is a more limited concept than found in the West. In the Chinese view, the “law” will be determined by governments and multilateral institutions without significant input from multi-stakeholder groups. So what this phrase means is something like “government monopoly on Internet governance”.

政治 安全 (zhèngzhì ānquán)
Political security. This term is unique to China. It has no equivalent in the West. In general, it refers to political stability or the credibility of the political system. Within the context of cyberspace doctrine, “political security” is a risk factor. That is, there is a fear that content transmitted on the Internet will generate or magnify dissent against the political system. In the Chinese context, it is government policy to censor or otherwise prevent such information from being transmitted through the Internet.