Rules of Conduct in Information Space – An Alternative to an Information Arms Race

Rules of Conduct in Information Space – An Alternative to an Information Arms Race

Contemporary information technologies are increasingly being used for aggressive purposes. Combined with extremist, nationalist, racist actions, they are able to destabilize the situation and remove any government from power both in the most developed and undeveloped country alike. Today no country can consider itself secure from the cross-border information threats. Information technologies can become a trigger for unleashing even an interstate armed conflict.

At that, much lower expenses are required to create a conflict situation in comparison with the classical preparation of conventional war. You do not need to create large groupings of forces, concentrate aviation, artillery, air defense in certain areas, and bring up logistics divisions and so on. Information influence is without bloodshed, does not destroy the environment and may be implemented through quite peaceful means — mass media, the Internet, means of telecommunications, computer and communications capabilities and etc.

Through actions of misinformation, publication and dissemination of extremist statements, gathering of racist or xenophobic flash-mobs, cross-border cyberattacks on objects critical to daily living activities of society, etc. the situation in any country can be «brought to the boil» and lead to «social upheaval».

Such actions can also be used to put several States at odds with each other, and to bring them to a state of war. Drawing on the example of color revolutions and conflicts of the last decade one can say with confidence that such technologies have already been well run in.

The question is where, when and against whom will they be applied in the future?

Another question is what nation-state today can unequivocally and with confidence say that it is impossible to use these technologies against it, because it is fully protected?

The answer is obvious — there is no such nation-state.

Another aspect of confrontation in the information sphere is a rapid advancement and proliferation of information weapons. Experts have repeatedly noted that the damage caused by the use of such weapons may lead to industrial disasters on critical facilities of industry, economy, energy production and transport, collapse of financial system and economic crisis.

With the development of information technologies the range of information weapons will expand, and the list of objects that can become targets for its possible use will extend. The situation is exacerbated by the fact that such weapons could fall into the hands of terrorists and criminal organizations. In this case its effects will be unpredictable.

Many experts share the view that it is impossible to prohibit the development of such weapons, and most importantly to monitor its on-hand status in nation-states, let alone terrorist groups. But it is possible to develop a framework for their non-proliferation.

Today, it has become apparent for many nation-states that it is time to adopt universal rules that will help prevent the use of information technology to unleash wars and armed conflicts. For example, in January of this year, the Shanghai Cooperation Organization undertook such initiative, and submitted to the United Nations a draft of a sought-for code of conduct [1].

The SCO member-states propose the international community to adopt the obligations not to use ICTs in a manner contrary to maintenance of international peace and security, to build confidence and to refrain from threat or use of force in information space. Unfortunately, some countries believe otherwise. In their view, to maintain peace and security in information space one must adhere to the strategy of deterrence. Indeed, in the years of «cold war» the mutual threat of nuclear retaliation allowed us to escape the unleashing of a large-scale war.

However, that cannot be a reason to try to prevent conflicts only on a basis of deterrence — conflicts that, as believed in the West, may result from the use of information weapons [2].

We believe that this approach poses a serious threat to international security, since it is based on building and display of powerful military information capabilities. This move will inevitably lead to an information arms race, a serious violation of the principle of equal security and general destabilization of the military-political situation in the world.

Moreover, Russian military experts believe that the comparison of the current historical period with the situation in the beginning of the «cold war» is inappropriate.

Evaluating the statement of the head of the US Cyber Command Michael S. Rogers that «the acquisition of a nuclear potential by the US… made it possible to reduce confrontation and eventually led to negotiations on arms control», we think that the situation was exactly the opposite. The creation of a nuclear potential of the USSR was the event that led to a balance of power and allowed to avoid the catastrophe of a nuclear war, and ultimately forced the US to enter the very same negotiations.

With regard to the current situation, I would like to draw your attention to the following. Today there is no «cold war». Therefore, such statements by Michael S. Rogers as «…our opponents are determined to control their segments of cyberspace, steal our intellectual property, and disrupt the work of our institutions» and «…we have little hope they will behave responsibly in сyberspace» leave us perplexed.

Meanwhile, we have observed a different picture. According to the testimony of Edward Snowden, the United States are spying not only after adversaries but also allies and their own citizens in information space.

Therefore, we do not understand the motives which determine that the United States rely not on the force of law but the rule of force, based on the implementation of a deterrence strategy in information
space.

Now I would like to elaborate on this subject in an insightful way. I have to say that we have a negative attitude towards the very idea of «information deterrence» and are skeptical about its feasibility.

Firstly, unlike nuclear weapons, the use of information technologies doesn’t give raise to imminent threat of mutually assured destruction. Consequently, the political leadership of the parties to the conflict will not have the same fear of unleashing an «information war», which effectively motivates the reality of nuclear retaliation.

Secondly, given the large number of non-state actors operating in information space, it seems incorrect to use the analogy of nuclear deterrence, which in fact has been implemented by two major nuclear powers — the USSR and the USA. Now in order to prevent the transition of a conflict to the «shooting stage» it may be insufficient for one of the two nation-states with comparable information capabilities to convince the other not to escalate the conflict.

Thirdly, information weapons are much easier to develop, produce and transfer to someone else than military nuclear technologies. Therefore, it is extremely difficult to achieve a convincing superiority over the competitors.

Fourthly, is difficult to attribute the source of information attack on computer networks because of its anonymity and a set of special measures taken for «double backing» of traces. Therefore, it is unlikely to promptly investigate the incident and reliably collect all the necessary evidence for legitimate «retaliation», which will be justified by the international community.

Fifthly, we believe that in information space it will be very difficult to achieve a balance of military information capabilities based on reliable knowledge of key parameters of information weapons of the parties.

On the one hand, publication of information on development of new weapons systems will immediately result in development of tools and methods to counter them, i.e. disrupt the balance. On the other hand, any uncontrolled and covert development of these systems will also disrupt the balance, and destabilize the military and political situation.

I would like to note that for the time being there is only one known historical example that demonstrates the power of information warfare. It is the attack of Stuxnet computer virus on Iran’s nuclear facilities at Natanz and Bushehr. It can be assumed that it was conceived as a reincarnation of the nuclear bombings of Hiroshima and Nagasaki.

However, the world has not trembled as a result of this attack, and Iran has not announced its surrender and the abandonment of nuclear programs. This means that capabilities of information weapons are not yet comparable with the power of nuclear weapons, and it is generally wrong to bet on their further build-up.

If nation-states adopt intimidation in information space as their policy, this will only lead to new upsurge in an arms race and militarization of information space.

The only reasonable alternative to this insanity is the aforementioned peace initiative in the field of international information security, furthered by the SCO member-states in the UN. It also aims at preventing information aggression. However, in contrast to deterrence strategy it is based not on a fear of retribution, but on a voluntary adoption by nation-states of universal rules of conduct in information space, the responsible fulfillment of which will ensure peace, stability and equal security for all peoples in the global information space.

We stand for broad international cooperation in addressing the global problem of countering the threat of unleashing of information warfare and proliferation of information weapons. With that the main aim of furthering of cooperation, in our view, is to establish an international legal regime of international information security, which would in particular regulate the military activities of nation-states in the global information space on the basis of principles and norms of international law. We stand for establishing of frameworks for bilateral and multilateral cooperation on military aspects of international information security.

[1] International code of conduct for information security, UN Document A/69/723/, January, 13 2015.

[2] J.Nye The Mouse Click that roared, http://www.project-syndicate.org/commentary/ addressing-the-cyber-security-challenge-by-joseph-s—nye; K.Geers Deterrence of Cyber Warfare, http://www.iisi.msu.ru/forum/stenogramma/; Statement of Admiral Michael S Rogers Commander United States Cyber Command before the Senate Committee on Armed Services, 19 March 2015, http://www.armed-services.senate.gov/imo/media/doc/Rogers_03-19-15.pdf

I.N.Dylevsky, S.A.Komov
Ministry of Defense of the Russian Federation

This speech was delivered at the 11th Scientific conference of the International Research Consortium on Information Security, as part of the International Forum on «Partnership of state authorities, civil society and business community in ensuring international information security», held on 20-23 April 2015 in Garmisch-Partenkirchen, Germany. It is published on Digital.Report with an explicit permission from the conference organizers.