Current:Home > StocksHacks Are Prompting Calls For A Cyber Agreement, But Reaching One Would Be Tough-LoTradeCoin
Hacks Are Prompting Calls For A Cyber Agreement, But Reaching One Would Be Tough
View Date:2024-12-23 21:48:12
The recent ransomware attacks on the U.S. gas and meat industries have sparked renewed conversations about the possibility of an international cyber agreement that would set the ground rules for what is and isn't permissible, and spell out sanctions for violators.
In the latest sign of the U.S.-Russia cyber tensions, the National Security Agency and other government security branches issued a joint advisory Thursday on how Russia's military intelligence has been trying to break into government and private computer networks for the past two years.
The statement did not cite specific hacks, though it provided pages of technical details, noting, for example, that the attackers often sought to go through Microsoft's cloud services to reach an intended target.
The timing of the U.S. government advisory was also seen as noteworthy. It came just two weeks after President Biden held a summit with Russian leader Vladimir Putin in Geneva, warning the Russian leader the U.S. would respond to future hacks, especially those directed at "critical infrastructure."
As shown by the attack on Colonial Pipeline that shut down a major East Coast oil distribution network, the U.S. and other countries have a compelling interest in containing such a threat, says Glenn Altschuler, a professor of American Studies at Cornell University.
"We're talking about the possibility of taking out power grids, water systems, hospital services," he tells NPR.
Altschuler thinks such an agreement — at least a bilateral version of it between the U.S. and Russia — could be loosely modeled on Cold War arms agreements.
Such discussions have been kicking around for years, but many cyber experts remain deeply skeptical that such an agreement could be reached, let alone enforced.
Cyber strikes are low-cost and high-reward
The first big challenge would be simply getting everyone to agree to the rules. Russia, China, Iran and North Korea have all been blamed for significant hacks against the U.S., and analysts say those countries see cyber strikes as cheap, effective and easy to deny.
It's not even clear if such countries would be willing to actually agree to terms, because cyber attacks for them are "really useful in their geopolitical positioning," April Falcon Doss, a former National Security Agency official who now heads a technology program at Georgetown's law school, tells NPR.
Compared to the arms agreements between the U.S. and Soviet Union, a cyber treaty would be extremely difficult to monitor and enforce. That's because the production, development and stockpiling of nuclear, biological and chemical weapons is fundamentally different from the ephemeral nature of cyber weapons, says Doss.
"If the question is whether or not a signatory to a nuclear arms control treaty is building up their nuclear stockpile, there will almost certainly be some evidence, factory production, storage of nuclear weapons," she says. "There will be satellite imagery or there will be on the ground reports."
Tests of nuclear weapons or ballistic missiles, such as those carried out by North Korea in recent years, are also relatively simple to monitor compared to the challenge of keeping an eye on the dark corners of the Internet to track down new cyber weapons, Doss says.
"Detecting their development is much harder because you don't have big stockpiles of missiles sitting around and there's nothing that's visible in that sense," she says.
Thomas Graham, a U.S.-Russia expert at the Council on Foreign Relations, says any analogy to a Cold War-style arms agreement would be tenuous.
"We're dealing with computer code. So this is radically different from some nuclear weapons," he tells NPR.
Cyber treaties have been tried
The Budapest Convention on Cybercrime, currently the only binding international agreement governing cyber crimes and hacking, dates to the early 2000s. It aims to increase cooperation, harmonize national laws dealing with hacking and improve techniques for investigating cyber crimes. While Washington has signed on, Moscow, Beijing, Pyongyang and Tehran have not.
In 2015, when Barack Obama was president, the U.S. and China reached a cyber agreement declaring that neither side would "conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage."
The Trump administration criticized the deal, which has been widely seen as ineffective.
Priscilla Moriuchi, a former National Security Agency official, calls the U.S.-China deal "a great experiment" that "failed for a number of reasons."
While at the NSA, Moriuchi's job was to monitor Chinese compliance. In an email to NPR, she said her view is that "the Chinese government never really complied with the agreement."
Meanwhile, China, Russia, North Korea and particularly Iran have reasons to be just as suspicious of the U.S. and its allies. What many consider the most successful cyber attack ever — the 2010 Stuxnet worm that targeted Iranian nuclear centrifuges — has been attributed to the U.S. and Israel, though neither country has ever officially acknowledged it.
Moving from state actors to criminals
Recent hacks, including the one against Colonial Pipeline, the major gasoline supplier, and JBS, the world's largest meat producer, were blamed on Russian criminal gangs, not the Russian government itself.
This activity by non-state actors makes the problem of "attribution" that much more difficult, says Graham. "There's also the possibility of false flag operations, because people can disguise the IP addresses," he says.
Cornell's Altschuler says while Cold War arms agreements might not be a perfect prototype, they could at least provide a framework for a cyber treaty.
Instead of inspectors on the ground to guarantee the destruction of nuclear weapons, such a cyber treaty might ensure compliance via remote monitors, he says.
"It would also have to include limiting the monitoring to international cyber traffic and it would have to have protection for privacy so that in most instances, metadata could not be converted into an investigation of an individual," Altschuler says. But he acknowledges that "all of those things are complicated, extremely difficult to work out."
Robert G. Papp, a former director of the Center for Cyber Intelligence at the Central Intelligence Agency, has also called for a cyber agreement with Russia. "It is in our national interest to negotiate some limits to this activity to reduce these threats and the human and financial resources needed to address them," he writes.
Cyber spying is a separate category
Meanwhile, it's important to distinguish between electronic snooping and other types of cyber activity, such as the theft of intellectual property, and attacks that cause physical damage, like shutting down an electrical grid.
"[Cyber] spying is unlikely to go away," Doss says. "No nation is going to want to give up that ability."
So, where does that leave things? Is there a way to limit the damage done by hacking without a formal treaty?
At the recent summit in Geneva between Biden and Putin, the U.S. leader presented Putin with a list of 16 areas of critical infrastructure — from energy to water — that the U.S. considers off limits.
"[If] in fact they violate these basic norms, we will respond," Biden said.
U.S. officials say Putin has used cyber for his own political purposes and has shown little interest in curbing Russia-based ransomware attacks that prove disruptive to the West. Still, the Russian leader said after the summit that the two sides could "begin consultations" over cybersecurity issues.
A set of such norms would be more obtainable that any sort of formal treaty, Moriuchi says.
She says the only way to establish that kind of norm is outlining clear red lines — and imposing consequences if lines are crossed.
veryGood! (56)
Related
- Just Eat Takeaway sells Grubhub for $650 million, just 3 years after buying the app for $7.3 billion
- Dominion’s Proposed Virginia Power Plant Casts Doubt on Its Commitments to Clean Energy
- Unprecedented surge in anti-Arab, anti-Muslim bias incidents reported in U.S. since Israel-Hamas war, advocacy group says
- 42,000 Mercedes-Benz vehicles recalled over missing brake inspection gauges: See models
- A wayward sea turtle wound up in the Netherlands. A rescue brought it thousands of miles back home
- Palestinian soccer team prepares for World Cup qualifying games against a backdrop of war
- Judge rules Willow oil project in Alaska's Arctic can proceed
- France blames Russia for a digital effort to whip up online controversy over Stars of David graffiti
- Federal judge denies request to block measure revoking Arkansas casino license
- Wisconsin judge orders former chief justice to turn over records related to impeachment advice
Ranking
- Ashton Jeanty stats: How many rushing yards did Boise State Heisman hopeful have vs Nevada
- If You Need Holiday Shopping Inspo, Google Shared the 100 Most Searched for Gift Ideas of 2023
- A Belarusian dissident novelist’s father is jailed for two weeks for reposting an article
- UVM honors retired US Sen. Patrick Leahy with renamed building, new rural program
- Judge sets date for 9/11 defendants to enter pleas, deepening battle over court’s independence
- Class-action lawsuit alleges unsafe conditions at migrant detention facility in New Mexico
- Federal judge puts Idaho’s ‘abortion trafficking’ law on hold during lawsuit
- Brent Ray Brewer, Texas man who said death sentence was based on false expert testimony, is executed
Recommendation
-
After entire police force resigns in small Oklahoma town, chief blames leaders, budget cuts
-
New UN report paints a picture of the devastation of the collapsing Palestinian economy
-
LeBron James’ rise to global basketball star to be displayed in museum in hometown of Akron, Ohio
-
Abigail Breslin sued by 'Classified' movie producers after accusation against Aaron Eckhart
-
Karol G addresses backlash to '+57' lyric: 'I still have a lot to learn'
-
Drinks giant Diageo sees share price slide after warning about sales in Caribbean and Latin America
-
Appeals court set to consider Steve Bannon's contempt of Congress conviction
-
Netflix's teaser trailer for 'Avatar The Last Airbender' reveals key characters, locations