Towards An International Treaty on Cyber Security: A Bilateral Dialogue Between India and The US

As worldwide concerns on cyber security grow, preventing war and regulating conflict in the cyber domain through a treaty have come to the top of the international agenda. The last few years have seen a growing body of effort to bring the cyber domain under international law. It is based on two sets of convictions. The first is the historical experience. Every new domain that has emerged over the last few centuries of the modern age-maritime, air or space-has been brought under international regulation despite the unique complexities that each presented. All these domains were inevitably securitised; yet, a set of rules and norms have been negotiated for each by the international community.

The second is the assessment that no single country can address on its own all the security challenges the cyber domain presents. Therefore, a measure of international cooperation in the cyber realm, many believe, is a necessity. As international negotiations on a cyber security treaty advance incrementally, there is need for a sustained and purposeful engagement between India and America. This paper explores some of the challenges of constructing such a dialogue.

The UN Group of Governmental Experts (GGE) established by the Secretary General has provided a valuable forum for discussion on cyber security issues in the last few years among major powers. In a report submitted in August 2013, the GGE presented a number of propositions agreed upon by consensus among its members. The GGE asserted that the traditional principles of international law are applicable to the cyber domain, thereby concluding an important debate. Given the difficulties of delimiting state boundaries and affixing state responsibilities in the cyber domain, many had argued that traditional international law was not of much value in regulating cyberspace. Technological diffusion and the capacity of individuals and non-state actors to inflict considerable damage have also been viewed as limiting the possibility of inter-state agreements. In cyberspace, the GGE held, states should comply with the prohibition on the use of force, respect territorial sovereignty and the principle of settling disputes by peaceful means in much the same way as in the physical world. The right, specified in Article 51 of the UN Charter, to self-defence, including the use of force, would apply if a cyber attack reached the level of an 'armed attack'. The report, however, refrained from spelling out when this could be the case.

The report offered a set of recommendations on the principles of responsible behaviour in cyberspace, proposed a slew of confidence building measures such as exchange of information on national cyber policies, sharing of knowledge on best practices, promotion of regional consultations and expansion of cooperation in law enforcement and international assistance for capacity building. While the recommendations of the report are a step forward, translating them into treaty language will not be easy. The devil, as they say, is always in the detail. Yet, the idea of a formal treaty to regulate cyber warfare draws mixed responses in both Washington and Delhi. For an entirely different set of reasons, some of which are rooted in their strategic culture, India and the US are both ambivalent towards cyber security treaties.

For America, the question is about sustaining its extraordinary lead in cyber technologies and its freedom of operation in the cyber domain. Many in the US see cyber regulation as they do arms control: they believe both will end up constraining America while allowing its rivals and others catch up. Opponents of cyber arms control also point out that while the US is compelled by its laws to abide by international agreements, other countries may not be so fastidious. This approach of the right is contested by the multilateralists in the American establishment who believe the US should take the lead in regulating cyberspace because American technological primacy is likely to be short-lived in the cyber domain. They also argue that the US is far more vulnerable than its adversaries, given the centrality of cyberspace in the advanced US economy. This also makes the US more susceptible to asymmetric warfare. Therefore cyber arms control is a useful way of limiting potential threats and serves American interests over the long term.

The latter arguments prevailed with President Barack Obama, who has moved beyond the previous administration's opposition to multilateralism in cyberspace. Since then, the US has been more open to engagement with other powers in various UN and other forums. This does not mean there is a domestic consensus in America on the best approach to cyber security. The divide between unilateral and multilateral approaches within the US is deep. The history of arms control reminds that these differences limit US room to negotiate agreements and implement those that have been agreed upon in multilateral forums. This in turn makes other nations wary of engaging the US on security negotiations.

India, too, has an unresolved tension between multilateralism and unilateralism in dealing with international treaties. Given the liberal internationalist orientation of its national movement, India was a strong votary of international institutions, multilateralism and the development of norms in the global arena. Some of the security challenges it faced and the negative experience of taking the Kashmir question to the United Nations Security Council has dampened this enthusiasm for multilateralism, but has not eliminated it as a major element in its approach to global issues.

Over the decades, India has taken the lead in multilateral negotiations, including those relating to security and arms control. India's emphasis was on three D's—disarmament, development and non-discrimination. This emphasis on universalism won India many plaudits from liberal internationalists around the world. The problem, however, was that India's idealist approach ran afoul of realpolitik at the international level and its security imperatives at the national level. India, which initiated the debate on nuclear non-proliferation at the Eighteen-Nation Disarmament Conference in Geneva in the 1960s, found itself at odds with the nuclear non-proliferation treaty (NPT) that was finalised in 1968. Similarly, on the question of a comprehensive test ban treaty, India was a great champion of the concept but was utterly isolated when the treaty came into being in 1996.

India's current positions at the international level on cyber security are largely derived from the Foreign Office's inherited traditions of its multilateralism, deeply influenced since the 1970s by the North-South dimension. The national security establishment in Delhi, however, is conscious of the urgent imperative of building domestic capabilities. The realists there have no time for grandstanding on the global stage on cyber issues. India's approach to international security issues in the past was dominated by principles of equity and non-discrimination. As a potential power in its own right, however, India might have to carve out a path that is bound to diverge from its traditional approach to international security. As in the nuclear domain, so in the cyber realm, India's national interests may not be aligned with the collective positions of the South. India's primary challenge is to bring in a measure of pragmatism to its engagement on cyber security issues that can effectively combine its traditional tenets of internationalism with the strategic dynamic unfolding in the cyber domain.

As the weakest of the major powers, India must learn to nimbly navigate the dynamic among the great powers on cyber security issues. In the past, India used to urge great powers to abide by norms in the management of security challenges, but was deeply perturbed by any collaboration between the major powers. For example, India was deeply concerned about bilateral nuclear arms control between Washington and Moscow and the implications of their joint championship of the non-proliferation regime. Today, India worries about the potential consequences of a cyber security treaty that might emerge out of bilateral negotiations between America and China. India must also be conscious of the fact that technological change and the rise of new powers generate pressures for rewriting the international rules.

India has indeed stepped up its engagement with the major powers on cyber security issues. This engagement was hobbled by weak governments in Delhi that were unable to overrule individual departments in the making of important policies. With a strong central government now in place under the leadership of Narendra Modi, considerations of national security and power balances are likely to have a greater salience in India's international approach to cyber issues. As the cyber domain draws attention from the Modi government, India must necessarily look towards building functional coalitions to secure its own interests in the global arena. Any which way that India looks at cyber security issues, the US looms large. Despite being a democracy, internal security considerations often put India at odds with the US and on the same side as Russia and China on some aspects of cyber regulation. But broader considerations of international regime building on cyber security, and the new compulsions for security partnership between Delhi and Washington in Asia, Indian Ocean and beyond, demand substantive consultations between Delhi and Washington.

The current India-US dialogue on cyber security is currently focused narrowly on technical issues. This needs to be expanded to cover the international dimensions of cyber security. Two factors constrain the prospects for such a dialogue. One, there is vast asymmetry in the cyber capabilities of India and America. Two, the national policy towards international regulation of the cyber domain is a work in progress in both Delhi and Washington. These realities, however, do not reduce the imperative for the Indo-US dialogue on cyber security. Despite many differences, India and the US have a shared interest in developing a sensible framework for regulating security politics in the cyber domain. Both are democracies and are vulnerable to similar threats like terrorism. Both have concerns triggered by the rise of China and Beijing's approach to international security. There are strong corporate sectors in both countries and there is a growing integration between their IT industries. In the past, India and the US ended up on opposite sides of drafting international security treaties. They can't afford to let that pattern re-emerge in the cyber domain.

This article originally appeared in “Indo-US Cooperation on Internet Governance and Cyber Security”, a joint research project of the Observer Research Foundation and the Heritage Foundation, published in October 2014. 

• Privacy & Data Protection
• America
• Bhutan
• The Pacific
• East and Southeast Asia
• East Asia
• Agenda
• Copyrights
• Covid 19
• COVID-hit
• DEVELOPING AND EMERGING ECONOMIES
• EAST AND SO
• EAST AND SOUTH EAST ASIA
• EAST AND SOUTHEAST
• gasht-e-ershad
• impeachment trap
• INTERNATIONAL TRADE AND INVESTMENT
• life-saver
• marine resources
• Mohammad Jafar Montazeri
• Pedro Castillo
• PRIVACY & DATA PROTECTION
• rioters
• severe infection
• SUSTAINABLE DEVELOPMENT
• एपेक 2022
• जी20
• तकनीकी विशेषज्ञ
• ताताइवान
• पूर्व एवं दक्षिण-पूर्व एशिया
• बीसीजी बैंकॉक मॉडल
• विकासशील एवं उभरती अर्थव्यवस्थाएं
• सीपीएन – एमसी
• सैन्य सुरक्षा
• हिंद प्रशांत

The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.