Like-minded nations also ought to be able to agree to forswear attacks on the infrastructure that enables cyberspace: the series of routers, servers and databases that issue digital certificates used to identify trusted parties in online interactions, run domain-name addresses and manage multi-factor authentication systems. As with the international financial system, the trusted systems that make the Internet and cyberspace work must be protected. Unfortunately, in the 2011 attacks on the Internet security company RSA that compromised a cryptography algorithm relied upon by millions, the 2012 “Flame” attack that compromised Microsoft’s digital certificate authority and other recent activity, some nations appear to have targeted the infrastructure itself as a part of sophisticated espionage campaign. This is dangerously shortsighted and undermines global commerce.
Like-minded nations should also agree that governments should not steal data from private corporations and then give that information to competing companies, as the government of China has been doing on a massive scale. The victims of Chinese economic espionage should seek to establish clear guidelines and penalties within the World Trade Organization system or, if China blocks that, victim states should seek to develop countermeasures and sanctions outside of that structure. The necessary initial steps, however, are agreeing on international norms governing online economic espionage and telling China about them.
Or, we could just continue to do nothing while Russian cybercriminals and Chinese cyber-spies steal from us without any risk or penalty.