President Barack Obama told reporters at the G-20 summit in China that he has been in discussions with other world leaders, including Russian president Vladimir Putin, about creating a set of standards for cyber warfare. The debate over how and when to hack another nation has also reached the presidential race, with Democratic candidate Hillary Clinton calling last week for increased cyber capability for the U.S. military and for international norm-setting.
“Look, we’re moving into a new era here where a number of countries have significant capacities,” Obama said. “But our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past, but rather to start instituting some norms so everybody’s acting responsibly.”
But as Obama and Clinton call for discussions of cyber attacks, experts say that government-led hacking is already booming, and the lack of international guidelines has led to unintended consequences for ordinary civilians caught up in cyber conflict. The U.S. and the United Nations are each working to develop rules of engagement for the digital arena, but in the meantime, countries are deciding for themselves whether or not to follow the same guidelines for cyber capabilities as they do for traditional weaponry.
“This behavior is already being engaged in. We don’t have the procedures in place but we’re already engaging in that way, so we’re putting the cart before the horse,” says Amie Stepanovich, U.S. policy manager at the digital rights organization Access Now.
Stepanovich points to examples of U.S. hacking efforts like Stuxnet, malware believed to be developed in a U.S.-Israeli collaboration that spread beyond the Iranian nuclear facility that was its initial target, or a 2012 NSA exploit that knocked the entire country of Syria offline. These incidents, she says, demonstrate how cyber attacks can unintentionally impact broad swaths of the population — and show why nations need clear rules about cyber attacks on infrastructure.
“It’s something the next administration is going to have to address. All of our interactions are moving into the digital space very quickly and we’re seeing cyber activity that could determine the outcome of an election,” Stepanovich says. “Making sure there are protections for human rights and for people becomes exceptionally important on the internet because we all use the same infrastructure.”
Clinton is positioning herself to lead that conversation. Her remarks last week at the American Legion convention offered insight into how the Democratic presidential candidate views the recent cyber attacks against Democratic organizations, and how she believes the U.S. should respond.
The U.S. military should be ready and able to hack back against governments who target the country online, Clinton said. She pointed to the breach of the Democratic National Committee as an example of a cyber attack against the U.S., and advocated political, economic and military responses to such attacks.