Dr. Strangelove: Of course, the whole point
of a Doomsday Machine is lost, if you *keep*
it a *secret*!
It aggravates me that other governments aren't making a bigger deal about this. This is a WMD where non-combatants are being unwittingly used to fight a computer war between countries they have nothing to do with.
We knew this was coming for 20 years![1] But instead of taking the high road and defending the internet from militarization, the governments of the world raced to become the first to make computer weapons and hasten the downward spiral to destruction. Sixty years ago we said "no weapons in space" and it was the right thing to do. It allowed the commercial use of satellites to grow without threat of being caught in the petty conflict of nations. The internet was supposed to be the next extra-national frontier and for a time it was. But now that there are weapons being fired why would I want to invest money in an internet business that may become the victim of a DDOS? My insurance doesn't cover acts of war, if I lose money because of it there's nothing I can do.
We've got treaties limiting the use of nuclear arms so innocent civilians aren't at risk of being irradiated. We've got treaties limiting chemical weapons so innocent civilians don't get their lungs burnt away. We've got treaties limiting land mines so innocent civilians don't get blown up when taking a hike through the woods. (Oh, and thanks for not ratifying that, Obama.) We need a treaty limiting computer weapons so innocent civilians don't have their computers hijacked and personal data put at risk.
The problem with cyberweapons non-proliferation treaties is that, unlike nuclear weapons NPTs, they are incredibly hard to verify and enforce.
Estimating the offensive capabilities in cyberspace of any government is incredibly difficult, as is attributing attacks. Governments can attack you in the internet without you realizing you have been attacked or without you being able to distinguish between a government attack and that of a small criminal cell (the GFW attack is noteworthy because it is very easy to attribute, and even then we can't know for sure it wasn't a third party trying to falsely implicate the Chinese govt... not that I think it was, the point is that even in this case we can't be sure). In fact, many of the capabilities that governments have in cyberspace are quickly matched by non-state actors, making the attacks even harder to tell apart.
And that is only about enforcing norms on the use of cyberweapons. Verifying that states are not hoarding vulnerabilities or attack technologies is basically impossible.
The only real alternative is to build safer systems, mandate higher security standards and basically assume that companies and individuals are going to be the target of government attacks (their own and others) on the internet. The role of a good government, should one exist, would be to provide support to their citizens to increase their security (via research, mandating stronger standards, monitoring the supply chain for sabotage, economic insurance, etc).
Does China respect the no-space-weapons treaty? Would China respect a treaty regarding cyber weaponry?
American politicians have little stomach for confronting China. If a treaty were put into place, they'd be in the position of having to confront someone they really don't want to.
A treaty might be useful in some ways, but the best defense is ... well, a good defense (i.e. educating the masses, improving browser security, etc).
In January 2001, a (US) congressionally mandated space commission headed by Donald Rumsfeld recommended that βthe U.S. government should vigorously pursue the capabilities called for in the National Space Policy to ensure that the president will have the option to deploy weapons in space to deter threats to, and, if necessary, defend against attacks on U.S. interests."
Moreover, the U.S. withdrawal from the Anti-Ballistic Missile Treaty in 2002 has allowed the United States to pursue missile defenses, including space-based.
In response to US weaponisation of space, the Chinese started a space defense program, including anti-satellite defense.
We knew this was coming for 20 years![1] But instead of taking the high road and defending the internet from militarization, the governments of the world raced to become the first to make computer weapons and hasten the downward spiral to destruction. Sixty years ago we said "no weapons in space" and it was the right thing to do. It allowed the commercial use of satellites to grow without threat of being caught in the petty conflict of nations. The internet was supposed to be the next extra-national frontier and for a time it was. But now that there are weapons being fired why would I want to invest money in an internet business that may become the victim of a DDOS? My insurance doesn't cover acts of war, if I lose money because of it there's nothing I can do.
We've got treaties limiting the use of nuclear arms so innocent civilians aren't at risk of being irradiated. We've got treaties limiting chemical weapons so innocent civilians don't get their lungs burnt away. We've got treaties limiting land mines so innocent civilians don't get blown up when taking a hike through the woods. (Oh, and thanks for not ratifying that, Obama.) We need a treaty limiting computer weapons so innocent civilians don't have their computers hijacked and personal data put at risk.
[1] http://fmso.leavenworth.army.mil/documents/chinarma.htm