At the recent EastWest Institute Worldwide Cybersecurity Summit, BT Group chairman Sir Michael Rake suggested that the introduction of a cyber security treaty would be difficult but worthwhile.
In his keynote address, Rake said: “The move to introduce a cyber security treaty, it will be difficult to administer but it is critical to talk about these areas. Compared to a nuclear proliferation treaty, it will be easier.”
Despite the difficulties, is it worth trying rather than abandoning?
Talking to SC Magazine, IronKey CEO Art Wong said that while the idea of creating a global treaty has its merits, the organisations that run vital global infrastructures, such as the global banking system and utilities, must first set about creating a secure computing environment through which they and their customers can conduct business.
“Once this has been established, a global treaty would stand a much better chance of being successful,” he said.
David Harley, senior research fellow at ESET, said he was not convinced that it would be easier than a nuclear proliferation treaty to implement.
He said: “It's easy in principle to define restrictions on nuclear processing, missile deployment, agreed terms of engagement and so on, which isn't to say that it was easy in practice. Cyber warfare is a different kettle of fish.”
One of the problems, he said, is that most people could draw up nuclear guidelines but there are no authoritative definitions to distinguish between various cyber issues such as espionage, sabotage and warfare.
“Even if you can get enough agreement on definitions of what activities should be subject to the terms of a treaty, the practical difficulties of monitoring, attribution and enforcement would probably make its existence of little more than academic interest,” he said.
“It is worth trying anyway, as long as no one is relying on a gentlemen's agreement to keep the world safe. Obviously, some nations will not see any need at all to sign up to any such treaty and those who do will not always honour it.”