Unlike the Cold War, when the adversary was clear, there are many more nations engaged in cyber espionage. China, Russia North Korea and Iran have all been suspected as culprits.
Jason Healey, senior fellow at the Atlantic Council’s Cyber Statecraft Initiative, said that in the Cold War, there was a set of unwritten “Moscow rules” illuminating red lines that would not be crossed.
Cyber espionage is an open secret now
“It wasn’t a treaty, but there was this sense of where each side could go and if they overstep that, than there might be repercussions,” Healey said at the August 19 panel discussion. “We would never kill a Russian. They will never kill an American spy.”
In contrast, Healey said no set of unifying standards exist for resolving cyber espionage conflicts.
“We have had some cyber espionage cases going back to 1986 where the KGB was spying,” said Healey.
In a telephone interview, Daniel Garrie, founder and editor in chief of the Journal of Law and Cyber Warfare, said countries’ varying attitudes towards cyber warfare make it harder to establish standards between the U.S. and other countries.
“Not only is there no playbook for countries and companies looking to respond to a cyberattack,” said Garrie, “but there are arguably a hundred different playbooks, for each country, making the appropriate and permissible response all the more challenging.”
In some countries, Garrie said, hacking is “not per-se illegal and it is certainly not taboo or shameful.” On the contrary, Garrie continued, “it appears in some countries that such activity is encouraged.”
No matter how sweet it seems, revenge remains an option the U.S. government doesn’t openly engage in. While it’s tempting to fighting back against perpetrators aggressively, a tit-for-tat approach risks creating more problems than it would solve.
Sign up for Computerworld eNewsletters.