International Agreements on Internet Protection
This study examines the technical and political feasibility of international agreements to limit cyberattacks.
The American Academy is undertaking an examination of the potential of negotiated agreements to establish norms for the behavior of nation-states in cyberspace. This project will explore the feasibility of international agreements to limit cyberattacks, how verification and enforcement of key provisions might be achieved, and what cyberattack capabilities (if any) would have to be surrendered by the signatories to such regimes.
Answering these questions will require sophisticated knowledge of the Internet along with an understanding of both the societal and the technical issues that are driving its evolution. With input from experts in international relations, information technology, computer science, economics, and law, the Academy will evaluate the problem in the context of projected Internet evolution; assess the technical feasibility of upgrading protection for critical social assets; review the available legal options; and analyze the underlying interests of the United States, Russia and China as major countries of concern.
Possible components of international regimes on cyberwarfare include:
- An agreement on what constitutes a cyberattack (for example, destroying data or monitoring industry and government systems through the use of Trojan horses and other software);
- An agreement on what constitutes proof of attribution for an attack;
- An agreement prohibiting first-use of cyberweapons;
- An agreement on what constitutes a war crime in cyberspace; and
- An agreement prohibiting destructive attacks against civilian infrastructure, including hospitals, power grids, and air traffic control systems.
A critical component of this study will be to determine the extent of geographical and cultural variability on the Internet and to examine how this variability will affect the prospects for international negotiations. The study will produce white papers targeted at government decision makers, presenting technically, economically, and politically feasible policy recommendations for international agreements aimed at limiting the extent and severity of cyberattacks, and outlining opportunities for constructive collaboration in areas of common interest.