Sapsiwai - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

President Obama urges focus on non-state actors, not cyber arms race

President Obama said he wants to avoid a cyber-Cold War and urged nations to focus more on the dangers of non-state actors and less on a potential cyber arms race.

At the international G20 Summit in Hangzhou, China, President Obama spoke to other heads of state about forming pacts to avoid of the dangers of a cyber arms race.

In comments that lasted less than two minutes and thirty seconds, President Obama noted the history of Russian cyberattacks on the U.S., asserted American supremacy in cyberwar capabilities and suggested that the world would benefit from avoiding a potential cyber arms race and cyber-Cold War.

Obama said he had spoken with Russian President Vladimir Putin about cybersecurity and noted the U.S. has "had problems with cyber intrusions from Russia in the past, from other countries in the past," but tried to leave those issues behind.

"We are moving into a new area where a number of countries have significant capacities. And frankly we've got more capacity than any other country, both offensively and defensively," Obama said. "But our goal is not to suddenly, in the cyber arena, duplicate a cycle of escalation that we saw when it comes to other arms races in the past but rather to start instituting some norms so that everybody is acting responsibly."

Jim Reavis, CEO at the Cloud Security Alliance and president at Reavis Consulting Group, didn't quite agree with the president's assessment of U.S. cyber capabilities and suggested potential troubles in implementing the cyberwar norms suggested.

"There is no doubt that the USA has very strong offensive cyber capabilities. Defense is harder to do, which is why I believe offensive cyber capabilities provide a necessary deterrent," Reavis said. "Everyone will agree to norms in concept, but no one will easily agree to be put in a competitive disadvantage or lose a competitive advantage by complying to those norms."

President Obama also said there are other cyberthreats that deserve attention rather than a cyber arms race.

"We are going to have enough problems in cyberspace with non-state actors who are engaging in theft and using the internet for all sorts of illicit practices and protecting our critical infrastructure and making sure that our financial systems are sound," Obama said. "What we cannot do is have a situation in which suddenly this becomes the wild, Wild West where countries that have significant cyber capacity start engaging in competition, unhealthy competition or conflict, through these means, when I think, wisely, we put in place some norms when it comes to using other weapons."

President Obama also said the discussions with Russia and other countries like China have already seen movement.

"We have started to get some willingness with a lot of countries around the world to adopt these norms but we have got to make sure we are observing them," President Obama said.

But Reavis said it may be difficult to separate state and non-state threat actors.

"We should focus on criminals, but to not do so in exclusion of nation-state cyber weapon activity would be a mistake, in light of the close cooperation state and non-state actors have," Reavis said. "A cyber arms race is well underway, it doesn't require the same type of investment that characterized the Cold War military industrial complex which increases the difficulty in identifying the players. Reining in a cyber arms race will take a long time. We can only hope that governments will be rational and understand that they have more to gain economically in the long run by cooperating on positive cybersecurity practices, policies and treaties."

Reavis added that the first step in any process of creating norms has to start with acknowledging the threat of a cyber arms race.

"We must acknowledge offensive cyberweapons. Governments around the world are compiling their own stockpiles of hacking tools," Reavis said. "Recognizing the existence of these cyberweapons, and categorizing them will allow us to develop more mature, realistic policies and rules of engagement. We know that governments will spy on each other using hacking tools. However, using these tools to cripple a power grid and shut down hospitals would be a most egregious use of technology. Having treaties agreeing not to use cyber weapons in a destructive manner during peacetime is a positive, and knowing that opposing countries have these weapons will provide the necessary deterrent to provide heft to these treaties."

Next Steps

Learn more about how software and system investment are better in a cyberwar than hacking back.

Find out how hiring more women can help win the cyberwar.

Get info on why China's cyberwar rhetoric has dangerous implications.

Dig Deeper on Government information security management

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

What do you think about the risks of a potential cyber arms race?
We have all this tools to hack, but I always ask; why don't we study this hacking tools to defend from them? But with technology our tools are constantly changing that is what technology is "keeping up with this tools is the problem" and yes governments will spy on each other using hacking tools. Most my concern is not government spying, is hospitals, banks, any major utilities that our society depends on I think "a hacker can bring the world to its knees as we depend more and more on computers systems managing everything form banking to a red light on the streets. The more we depend on technology the more is going to have to be protected.
A cyber arms race is already here for decades.

Whether rogue hacker, group, or government, ALL pose immediate destabilizing threat to the governments' agencies' that act to protect freedom and democracy. Everyone everywhere who use digital resources, laptops, cloud, tablets, phones MUST become security alert.  Data is such a fragile thing and recovering the huge masses of it is immensely problematic.  We need to both protect it viciously and also reduce our reliance on it concurrently.

Any resource that cannot be lost, is the target the Malpeople target. And they are very smart.
Obama is wrong, as usual. My military service was deeply involved in the Cold War and the MAD principle held true until Reagan ended it by establishing a leadership in technology that could not easily be surpassed. The old adage that "the best defense is a good offence" was true then and holds true across disciplines. Maintaining leadership in the cyber arms race is always the most effective way to mitigate cyber warfare from both private and government originators.
Arms race doesn't presume active use, and that is what's happening already. Another thing, arms race meant manufacturing race most of all. And hacking is a skills based thing.
Typical Obama- this war has already been raging for 6 or 7 years. Glad he's on it.
Informational attacks don't have to be direct software attacks. Propaganda, "news", carefully composed facts - this kind of wars was going on for decades.