The recently discovered SolarWinds hack holds obvious lessons for governments around the world, particularly after a year in which cyber attacks on critical infrastructure have surged. International action is urgently needed, not to write new treaties or codes of conduct, but to enforce existing norms.
The recent discovery of the devastating Sunburst hacking campaign against US and global targets is once again challenging the international community to respond to an increase in cyber attacks. Over the past year, cybersecurity personnel worldwide have faced a surge of hacks against critical infrastructure, including institutions fighting the COVID-19 pandemic. While governments have openly condemned some of this behavior, more collective action is clearly needed.
There is no international treaty for cyber matters, and the 11 non-binding norms of responsible state cyber behavior endorsed by the United Nations General Assembly are somewhat ambiguous. Additional norms are being put forward all the time, which is a good thing. But norms are not treaties and should not be treated that way. The better option is to concentrate on the spirit – not just the letter – of what the norms convey. Indeed, the latest hacking revelation shows precisely why an international cybersecurity treaty would likely fail.
To continue reading this articly by Michael Chertoff , Latha Reddy, Alexander Klimburg in Project Syndicate, go to: