There are essentially two types of arms control: structural, which limits things such as missiles and tanks, and operational, which proscribes certain activities such as manufacturing chemical weapons or weaponizing biological agents. Structural arms control in cyberspace is difficult if not impossible, given the nature of cyber weapons, the importance to nation-states of maintaining their access to cyberspace for all aspects of warfighting, and nonstate actors’ participation in cyber-based warfare and crimes. Operational arms control offers more promise—particularly when combined with complementary approaches such as deterrence through preparedness and collective defense.
Structural arms control is impractical and difficult to enforce in cyberspace. Instead, the article suggests that progress be made to curb aggression and national security threats in the cyber domain by elaborating a strategy combining proactive technical and legal means with operational arms control and deterrence.
Published in: Computer, vol. 43, no. 8, pp. 91-94.