Cyber Disarmament Treaties and the Failure to Consider Adequately Zero-Day Threats

Baer, Merritt
January 2013
Proceedings of the International Conference on Information Warfa;2013, p255
Conference Proceeding
Because the Internet carries a borderless aspect, it is unsurprising that international solutions to cybersecurity problems have become an increasingly insistent area for debate. The notion of a cyber disarmament treaty is appealing as we begin to wrap our minds around the destructive possibilities in cyber, including the potential for civilian casualties of cyber dimensions of recognized armed conflicts—a traditional arena for treatymaking. In this paper, I argue that calls for cyberwarfare treaties miss the mark because they conflate traditional forms of force with the avenues that nation-state cyber actors are exploiting. In this, I differ from existing cyber treaty skeptics because my rationale hinges on the substantive nature of the cyber threat as one ill-suited to treaties. I agree with others' critiques that definitions in the cyber world remain vague, often haphazard or poor adjustments of kinetic world definitions. Yet the search for terminology to best address cyber threats and behaviors is not a problem particular to cyber disarmament. Another common critique of cyber disarmament is that we have no enforcing body. Similarly, I find this critique true but not necessarily unique—international law of all sorts faces problems in law enforcement. I contend that the reason a cyber disarmament treaty is not an appropriate tool to address the threat of cyberwarfare is that it fails to recognize that the most threatening cyber warfare concerns involve quiet but lucrative zero-day threats. A zero-day threat is a foundational "hole" in software or hardware that can be exploited before its existence is even known. Emerging research shows that zero-day exploitations last longer and the payload is significantly higher than that of traditional hacking. Because a cyber disarmament treaty could only effectively bind countries to behavior that is known to the other players, it would not bind zero-day hacks or the deliberate installation of zero-day vulnerabilities in products. The notion of a treaty derives from a sense that violence is knowable at the moment when a defector acts. Cyber warfare simply acts outside of that assumption much of the time.


Related Articles

  • Copyright Protection Based on Contextual Web Watermarking. Mir, Nighat // Proceedings of the International Conference on Information Warfa;2013, p154 

    Interdependency of information, security and the advent of internet technologies bring more challenges to manage protection against threats like illegal copying, redistribution, tempering, reuse and forgery of online data. Web page is one of the main sources to trade online information and...

  • Attack-Aware Supervisory Control and Data Acquisition (SCADA). Alexander, Otis; Chung, Sam; Endicott-Popovsky, Barbara // Proceedings of the International Conference on Information Warfa;2013, p251 

    SCADA systems are used for geographically distributed process control. These systems are used in national critical infrastructure such as transportation, power grid, water facilities, etc. Malfunctions in these systems can be catastrophic and can potentially cause harm to the environment and...

  • A Vulnerability Model for a Bit-Induced Reality. Moore, Erik // Proceedings of the International Conference on Information Warfa;2013, p169 

    The increasing proliferation and psychological and physical embeddedness of the global digital infrastructure call us to reconsider traditional models of vulnerability, attack trees, and security auditing. The easy coordination of disparate digital means of attack suggests we should move to...

  • SAFEGUARDING POWER PLANTS AND UTILITIES.  // U.S. Black Engineer & Information Technology;Winter2012, Vol. 36 Issue 4, p70 

    The article focuses on cyber attacks on critical infrastructure by hackers, criminal gangs and state-sponsored disrupters. William McBorrough, a cyber solutions lead principal for the information technology (IT) provider Pragmatics emphasizes on securing critical systems, developing the software...

  • Action and Reaction: Strategies and Tactics of the Current Political Cyberwarfare in Russia. Lysenko, Volodymyr; Endicott-Popovsky, Barbara // Proceedings of the International Conference on Information Warfa;2013, p269 

    In this work in progress we investigate, what tactics and strategies are employed by the main opposing stakeholders in the current Russian politically-motivated local cyberwar. Particularly, we found further evidence which can indicate active Kremlin involvement in cyberattacks against its...

  • Results From a SCADA-Based Cyber Security Competition. Novak, Heath; Likarish, Dan // Proceedings of the International Conference on Information Warfa;2013, p177 

    On April 1 2011, Regis University hosted the 7th Computer and Network Vulnerability Assessment Simulation (CANVAS) competition with a turnout of 68 event competitors and at least two dozen faculty and spectators. The event was a major success and provided Regis University with valuable...

  • Identifying Tools and Technologies for Professional Offensive Cyber Operations. Grant, Tim; Prins, Ronald // Proceedings of the International Conference on Information Warfa;2013, p80 

    Since 2008, several countries have published new national cyber security strategies that allow for the possibility of offensive cyber operations. Typically, national strategies call for the establishment of a cyber operations unit capable of computer network defence, exploitation, and, in some...

  • GHOST IN THE NETWORK. BAMBAUER, DEREK E. // University of Pennsylvania Law Review;Apr2014, Vol. 162 Issue 5, p1011 

    Cyberattacks are inevitable and widespread. Existing scholarship on cyber-espionage and cyberwar is undermined by its futile obsession with preventing attacks. This Article draws on research in normal accident theory and complex system design to argue that successful attacks are unavoidable....

  • INFORMATION WARFARE: THE CHALLENGE OF RELATING INTENT WITH TECHNOLOGY IN CYBER INTELLIGENCE. Lanzendorfer, Quinn E.; Spangler, Scott C.; DeLorenzo, Gary J. // Issues in Information Systems;2016, Vol. 17 Issue 3, p39 

    The challenges that cybersecurity organizations face are different than those of traditional warfare. Many of these challenges hinge on the difficulties in relating the intent of cyber attacks with the outcome. The concept of information warfare used in the 1990's accounted for both the...


Read the Article


Sorry, but this item is not currently available from your library.

Try another library?
Sign out of this library

Other Topics