Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99per week for the first 24weeks
Just $1.99per week for the first 24weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

People use computers at an Internet cafe in Taiyuan, in north China's Shanxi province.

The Associated Press

Political Risk Correspondent



Increasingly worried about criminal hacking and state-on-state electronic warfare, governments are rushing to come up with cyber security strategies.

But with the Internet crossing borders and empowering non-state groups from criminals to activists, nation states appear to be inherently stuck behind the curve.

Story continues below advertisement

Policymakers acknowledge to a greater degree that existing legal and government structures are struggling to keep up with the information revolution and need more international agreement that also wraps in the private sector.

In recent weeks, a string of major companies including Sony, Google, Nintendo, Lockheed Martin and now Citigroup have come under hacking attacks, some believed to be criminal and others tentatively linked to government intelligence agencies.

But since tracing the attacks definitively is all but impossible, framing a policy response is difficult.

"The nature of cyberspace is borderless and anonymous," Shri R. Chandrasekhara, secretary of India's telecommunications department, told a cyber security conference in London last week organized by a U.S.-based think tank, the EastWest Institute. "Governments, countries and law - all are linked to territory. There is a fundamental contradiction."

Other speakers at the event also agreed their countries were only just beginning to think through the implications.

"We are feeling our way in what is largely new and unknown territory," said Tim Dowse, director of cyber policy at Britain's Foreign and Commonwealth Office.

So far, the United States, Britain and several other countries have published national strategies on cyber security and are channelling billions of dollars into both offensive and defensive technology. Some experts talk of a cyber arms race that could end with a devastating conflict in which countries attacked each other's essential systems.

Story continues below advertisement

There are a host of complexities. If cyber attacks and hacking attempt to pass through multiple countries - as they almost invariably do, which government and jurisdiction is responsible for investigating, if any?

Private companies - often multinationals over which governments may have particularly limited influence - control most of the systems that run the Internet.

They also run much of the critical infrastructure that could be targeted in the sort of cyber sabotage apparently seen against Iran's nuclear program last year. Many firms complain that current, nationally-based systems are simply not enough.

They want broad global standards to regulate data storage and theft, provide sanction against cyber criminals and perhaps even constrain the activity of states.

"The current range of national strategies and policies doesn't really help international companies," said Martin Sutherland, CEO of BAe subsidiary Detica. "We want airline-style international standards." Exactly what an international system might look like is far from clear. Some countries and groups want sweeping international agreements along the lines of nuclear or biological weapon treaties - but that could take years.

The priority, the United States says, is to build some international consensus relatively quickly.

Story continues below advertisement

That could mean setting down some basic principles, such as that countries are legally responsible for investigating attacks that appear to have come through their territory.

But some believe governments and legal systems themselves may be on the brink of losing what limited control they have over information and systems even on their own territory.

Last month, several British celebrities who had taken out expensive London court "superinjunctions" to gag media outlets reporting certain aspects of their private lives found themselves identified anyway on Twitter.

Thousands of users were openly flouting the court orders, making it impossible to take action against them all. Meanwhile, file-sharing websites that disseminate free music and videos regardless of copyright undermine intellectual property law.

Despite its "great firewall", China has also struggled to prevent online dissent littering website and message boards.

As ousted Egyptian President Hosni Mubarak found to his cost, even shutting down the Internet can be too little, too late - and comes with colossal political, economic and diplomatic costs.

Story continues below advertisement

Thrown into the mix are a handful of non-state groups - such as Anonymous, which targeted websites such as MasterCard they believed were implicated in attempts to block WikiLeaks - willing to mount their own cyber attacks. Analysts say militant groups such as Al Qaeda may adopt similar tactics.

Then there are semi-independent hackers in Russia or China who security experts believe state authorities may ignore, providing they only attack abroad and occasionally help the state obtain information or target adversaries.

The nightmare scenario is that a damaging cyber attack by a non-state actor - for example, one that hit essential systems such as water or air traffic control - might be misidentified as coming from a state - and sparks armed conflict.

"It gets talked about a lot and in fairness I think it is a risk," the U.S. State Department coordinator for cyber issues, Christopher Painter, told Reuters last week. "The way to make sure that never happens is to make sure the countries have close relationships and connections in place. I think those structures need to be improved and we are working on that."

But to really safeguard cyberspace - if such a goal is even feasible, which many doubt - may require going well beyond national agreements. While it might be years or more away, some envisage a truly inclusive "cyber peace treaty".

"We all know if there is another world war it will take place in cyberspace," said Hamadoun Toure, secretary general of the International Telecommunications Union. "A cyber peace treaty would be one of its kind. It would have to bring governments, the private sector and even individuals."

Report an error
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies