|
|
|
|
|
|
by Esras
674 days ago
|
|
|
I'm trying to read this in good faith, that what you're describing is about how "[formalizing] the rules of engagement for gray-zone operations using a third party" will help prevent certain kinds of tensions from rising again to a potential boiling point (arguably the _only_ point of the UN), but the tone comes off as so defeatist it's hard to see that as a positive. Can you elaborate a bit further on why you see this as a necessary step for a given outcome? Otherwise this just looks like giving in to bad faith actors and weakening our own protections in the process. |
|
|
Because it is.
The existing status quo over cyberwarfare is untenable, and runs the very real risk of causing chaos if we don't tamp down on the usage of third parties for plausible deniability.
Most countries have offensive security capabilities directly under direct government control, but a number of them will also tolerate third party actors attacking a rival country so long as they don't attack the host country.
This is what LockBit (Russia), ChamelGang (either China or NK), Appin (India), etc has done.
Either everyone allows cybercriminals in their countries to attack other countries (and spark actual chaos in our entire internet infra that could escalate into actual violence), or all nation states agree to tamp down on third party attackers.
The Budapest Convention was the previous cybercrimes agreement, but most countries outside of the West that matter didn't ratify it. This meant terms of engagement over cyberwarfare weren't truly formalized, and a bad actor like NK or China could in good faith argue that a North Korean or Chinese cybergang did no wrong.
The brutal reality is that performative treaties like the Budapest Convention have no teeth, and a global Internet means that terms of engagement are needed for warfare, or the entire Internet splinters.