America – and world – must restrain cyber-warfare

Here’s the most pleasant explanation for this week’s blackout of North Korea’s Internet: China did it.

This would be welcome news, if true. It would mean that China’s rulers had become so royally fed up with North Korea’s dangerous antics – including its probable hack of Sony last month – that the politburo in Beijing decided to yank Kim Jong Un’s chain.

That might portend more chain-yanking in the future. The North Korean dictatorship depends on China’s patronage for its very survival; Kim’s regime would be a lot less dangerous and bellicose if the Chinese put their foot down.

Chinese intervention may be wishful thinking, though. Another possibility is that the despots in Pyongyang deliberately turned off their own Internet to avoid a retaliatory strike from either the U.S. government or independent hackers. Still, the North Koreans wouldn’t buy much protection by blacking themselves out for a day or so.

What’s left is the likelihood that the cyberattack on North Korea was staged by its enemies, hackers inside or outside the U.S. government. That would make it a retaliatory strike – a step deeper into an age of Internet attacks that has already entangled the United States and other advanced countries.

Hacker groups linked to hostile nations – especially Russia and China – have frequently attacked the computer systems of American banks and other companies. The United States now has a military department, U.S. Cyber Command, charged with defending the government and critical industries against hackers.

The United States develops and deploys code-based weapons of its own. The Bush administration pulled off the single most devastating known cyber offensive, Operation Olympic Games, which used a highly sophisticated virus to partially cripple Iran’s nuclear weapons program.

This is a 21st century-style arms race. It’s easy to imagine a virus becoming a weapon of mass destruction. A successful attack on a nation’s electrical grid, for example, could wreak vast damage and human misery. Defenses are necessary, and defensive strategies involve threats of retaliation.

Cyberspace lacks something that has often restrained traditional hostilities: mutually understood rules. In the Cold War, the United States and Soviet Union had a pretty clear idea of what would trigger a nuclear confrontation; for the most part, they avoided getting close to the edge.

There’s no such understanding about cyberattacks. President Obama was careful to describe the Sony hacking as “cyber vandalism” rather than warfare. But where does the line get drawn? The private sector must be protected, not just government agencies. An attack on America’s financial institutions, for example, could conceivably threaten the country’s entire economy.

The United States has a strong interest in securing international agreements – and international policing – that would prevent attacks from escalating. As the world’s largest economy, America has more industrial targets than anyone else. Primitive North Korea, in contrast, would have much less at stake in an exchange of cyberattacks.

Even taking down its entire Internet doesn’t take down much. North Korea has something like 1,000 Internet protocol addresses (which designate devices connected to the Internet). America has billions. The United States is not likely to be a winner in an era of rampant cyberwarfare.