Latest News: Millions of devotees take the holy dip at Triveni Sangam during the 4th Amrit Snan on Magh Purnima * India is making remarkable strides in AI, leveraging it for public good: Narendra Modi * Prime Minister Narendra Modi co-chairs AI Action Summit in Paris

Sanction the use of cyberweapons, not weapons themselves

A recent analysis by Helene Pleil, research associate at the Digital Society Institute at ESMT Berlin, alongside colleagues from Technical University Darmstadt, outlines that rapid technological progress, a lack of political will, and uniform definitions, as well as the dual use of cyber tools, are the main challenges facing effective cyber arms control which is vital for foreign and security policy. As cyberspace is increasingly used in conflicts, cyber arms control needs to be addressed.

Pleil and colleagues conducted a literature review on challenges and obstacles facing the development of arms control measures in cyberspace. This review, augmented by expert interviews, identifies key hurdles in developing robust cyber arms control measures.

The lack of definitions was identified as a prime challenge. A fundamental challenge for establishing arms control in cyberspace is the lack of clear, uniform definitions of key terms, such as ‘cyberweapon’, especially since the conventional definition of a weapon does not truly capture a ‘cyberweapon’. It isn't easy to agree on what would be controlled in an arms control treaty if what you want to control cannot be explicitly defined.

The dual-use dilemma is also a challenge. For example, a computer, USB stick, or software can be used for civilian as well as military purposes. Therefore, no clear line can be drawn between these different use scenarios, so the products cannot be banned in fundamental terms for arms control. You can ban nuclear weapons, but you cannot ban USB sticks or computers.

Finding suitable verification mechanisms to establish arms control in cyberspace is extremely difficult. For example, it is impossible for cyberweapons to count weapons or ban an entire category, as has been the case with arms control agreements for traditional weapons.

Tools and technology for cyberattacks are changing rapidly. This means the development of new weapons outpaces regulatory efforts; by the time a regulation is discussed, the technology used has advanced.

Due to the dual-use factor, states do not have sole control over means used as weapons, but non-state actors also have ownership and operational rights in this domain. Thus, the private sector would need to be involved and committed for arms control to be effective.

Political will is crucial for establishing arms control measures, but states are reluctant to do so within cyberspace. Countries are just discovering the strategic value of cyber tools and have diverging interests. Complying with a new treaty on the use of cyber tools risks them missing out on potential advantages - in addition, the current geopolitical climate is another major challenge.

“Neither the control of a cyberweapon nor any other technological regulation for cyberspace will work,” states Pleil. “Instead, the focus must be on banning certain actions, since experts do not see any chance for verification mechanisms, especially because of the high level of intrusion that would be required.”

Traditional measures of arms and weapon control cannot be simply applied to cyberweapons. Instead, new alternative and creative solutions must be created. Defining and sanctioning the uses of weapons, rather than the tool itself, would allow agreements to be made and upheld, regardless of the pace of technological development, for example.

This research was published in the Zeitschrift für Außen- und Sicherheitspolitik, a journal for foreign and security policy.