The US and China are said to be working on a cyber arms control accord in which both sides would agree not to use certain types of cyber attacks during times of peace. Such arms control treaties are best known for limiting the use and development of nuclear weapons, like the accords struck between the US and the Soviet Union during the Cold War. The accord, if finalized, could be the first of its kind for a new age of covert attacks that target computer systems in an effort to gain valuable intelligence or cripple key infrastructure.
Officials privy to discussions between the two nations tell The New York Times that both sides would commit not to use cyber attacks against "critical infrastructure" in peacetime. That would include such facilities as power grids and plants, communication systems, and more. The Times does note one other official who says that the announcement — which could occur as soon as this week — may used scaled back language that merely sees both sides support a code of conduct that's in the works at the United Nations.
An arms control treaty for a new age of weaponry
Notably, the accord would likely not stop the vast amount of cyber activity perpetrated by both the US and China. Spying activities, infiltration of foreign networks, and theft of intellectual property wouldn't count as attacks on critical infrastructure. China, in particular has been repeatedly blamed for such attacks, like one that targeted millions of secure US government personnel records, and others that sought to steal intellectual property to bolster its technological competitiveness.
It will likely prove challenging to enforce any arms control accord for cyber warfare. Unlike physical missiles, the source of any attack is often unclear. And nations can easily sponsor a third party to perpetrate a hack — a move that can help mask their culpability. Particularly successful attacks can also go unnoticed for years.
Murmurs of a pact on cyber activities have been spreading for some time — the US and China announced plans to discuss a possible agreement back in June. But a proper arms control accord that sees both sides agree not to use cyber attacks against infrastructure in a first strike capacity could be a key first step in regulating a new type of warfare.