Cyberstability Paper Series
Pro and Contra: The Incidents at Sea Agreement is a Poor Model for Cyberspace
Benjamin Bahney, Jonathan Reiber, and Brandon Williams
Benjamin Bahney, Jonathan Reiber, and Brandon Williams
Tensions between the major powers have risen significantly in recent years, and cybersecurity matters have been some of the key flash points. The U.S. has long perceived that China has fueled its economy and military rise by stealing intellectual property, and the Russian government interfered in the 2016 U.S. elections using disinformation and influence operations in cyberspace. Conversely, Russia and China have expressed consternation about U.S. “left of launch” and Stuxnet-like capabilities that threaten their infrastructure and their strategic forces.[1],[2] Reciprocal concerns have been widespread over quotidian hacking, interference, and in some cases destruction of private-sector data and systems.
U.S. Government responses to these challenges have run the gamut. U.S. policymakers have indicted foreign military operators for cybertheft, treating these incidents as traditional espionage, and analysts suspect that in other cases the U.S. has undertaken reciprocal responses where the behavior was more injurious.[3] But the policy community also seeks new diplomatic solutions. A 2014 bilateral agreement between Presidents Obama and Xi Jinping attempted to reduce cybersecurity tensions by proscribing states conducting intellectual property theft in cyberspace for commercial gains, and by establishing new track 1.5 groups to work on cyberspace law enforcement and military stability issues. But tensions around cyberspace issues have only risen since 2014, and arms control proponents seek additional rules of the road and consultative mechanisms to build stronger adherence to international law and norms and to create new channels of engagement between militaries and diplomats.
At first blush, a cyberspace agreement that emulates the 1972 incidents at sea (INCSEA) agreement—which built similar mechanisms for the high seas once the Soviets established a blue water Navy—seems like a plausible avenue toward stabilizing military cyberspace affairs. However, in our analysis the idea of an INCSEA for cyberspace fails to be relevant to today’s security environment on three key counts: it does not match the political conditions between the major powers, it does not fit the operational realities of the cyberspace domain, and it does not address the key policy challenges and stability challenges related to cybersecurity. To make these points, first we will lay out the INCSEA agreement in historical context to understand the conditions leading to its promulgation and the problems it solved. Second, we will analyze the INCSEA concept in the face of the operational realties and policy problems in the cyberspace domain, and third we will discuss how it falls short of addressing the key problems of the cyberspace domain today.
The Agreement between the U.S. Government and the Government of the Russian Federation on the Prevention of Incidents On and Over the High Seas was signed on May 25, 1972, by Secretary of the Navy John Warner and the Soviet Union’s Commander in Chief of the Navy Sergei Gorshkov. Commonly referred to as INCSEA, the bilateral agreement binds both parties to stated rules for the conduct of each country’s ships and airplanes on and over the high seas to reduce the risk of escalation.[4]
INCSEA established a code of conduct for transparency, non-interference, information sharing, advanced notice of activity, and annual consultations, as well as an agreement to avoid threatening activity. INCSEA built on previous international agreements—such as the 1958 Geneva Convention of the High Seas—that codified rules for the operation of military and civilian vessels on and above the high seas. INCSEA does not restrain limits on force size, exercises, or the operation of each nation’s navy or air force.
Representatives from the United States and Russia meet annually on a bilateral basis to reaffirm INCSEA and to discuss its application of ship-to-ship and air-to-air contact during the previous year. The consultations preserve INCSEA’s continuity and place it in a suite of important bilateral confidence building measures originating in the relaxation of Cold War superpower tension in the early 1970s period of détente.
President Lyndon Johnson’s administration exchanged the first diplomatic notes with the Soviet Union that ultimately culminated in INCSEA’s 1972 signing at a high tide of superpower diplomacy. Informal bilateral discussions between the navies began in 1966, but a worrying crescendo of near misses in 1968 convinced the Departments of State and Defense to amplify requests for a formal agreement. A TU-16 bomber, in one instance, crashed in May 1968 after buzzing U.S. ships operating in the Norwegian Sea, raising the risk of collisions that could spiral into escalation. Undersecretary of State Nicholas Katzenbach wrote Deputy Secretary of Defense Paul Nitze in 1968 warning him of the risks and an ostensible lack of interest from the Soviet Union. Overtures throughout 1968 from the U.S. Departments of State and Defense to Soviet counterparts went unanswered until the climate of superpower relations improved.[5]
Henry Kissinger notified Richard Nixon that the impasse broke in 1971 after Soviet diplomats formally requested consultations on incidents at sea. The president approved Kissinger’s request to proceed with formal dialogue and consolidate the effort in the hands of the National Security Council in place of overlapping formal and private conversations.[6] “We seem to be enjoying something like an ‘era of good feeling’,” the United States’ ambassador to Russia reported after productive deliberations between the two superpowers on incidents at sea. Forward progress on a future INCSEA occurred, however, only in the context of Détente’s thaw.[7]
The Soviet Union and the United States signed INCSEA during a 1972 summit in Moscow when Nixon and Soviet Premier Leonid Brezhnev signed the Strategic Arms Limitation Treaty. In preparation for the state visit, Kissinger alerted Nixon that a raft of agreements on disparate subjects were slated for announcement: space, the environment, health, science and technology, commerce, and incidents at sea. Both parties formalized INCSEA amidst a rewiring of the frayed bilateral circuits to resume conversations on traditional state-to-state matters.[8]
INCSEA and the decades of annual consultations improved the condition of naval security and strategic stability for approximately fifty years. It ensured safety of navigation on and over the high seas even during instances of heightened tension, provided commanders with stated rules, created the bilateral machinery for dialogue, and reduced the opportunity for pilot or captain miscalculation. By the mid-1980s, troubling episodes on and above the high seas had declined markedly, and INCSEA served as evidence of a successful confidence-building measure.
INCSEA, ultimately, was a product of a specific historical moment when two competing powers mutually agreed to diminish the strategic, tactical, and accidental escalatory catalysts. Senior leaders in the United States and the Soviet Union recognized that competition could occur without risky conduct below the threshold of war. Confidence-building measures governing visible objects and domains, such as the high seas, proved easier to implement. Policymakers in Washington and Moscow mutually agreed that they benefited by reducing tension, and a transparent code of conduct on the high seas was one lever by which to restore stability for bilateral relations and geopolitics.
However, the political conditions that led to INCSEA are largely missing today. While there is a movement toward some agreement on normative measures in the United Nations, the required political conditions are much broader than that. The relationships between the three major cyberspace powers today—namely, the U.S., China and Russia—are far more contentious than what was present during the period of détente leading up to the INCSEA agreement. There is no common view between the powers on how cyberspace relates to strategic stability, which was a clear precursor to INCSEA. There is also no clear motivation by the major powers to explore new arms control measures for cyberspace, and no shared drive to tamp down tensions as there was in the late 1960s and early 1970s after the U.S. and the Soviet Union had come close to the brink during the Cuban Missile Crisis in 1962.
Today’s arms control environment, rather, is one where we see significant backsliding with major treaties having been recently jettisoned, such as the Anti-Ballistic missile treaty, the Intermediate Nuclear Forces Treaty, and the Open Skies Treaty. Rather than cooperation and threat reduction, the major powers appear to be in a mindset of unbridled competition—more akin to the 1950s and early 1960s when we saw significant international crises, and when arms control seemed far off into the future. But surely, political conditions could change in the wake of a major crisis, or given significant changes in the leadership of the major power states. So if these conditions do change, could INCSEA address the fundamental realities and challenges of cyberspace competition?
Not really. The reasons are three-fold.
First, cyberspace operations occur in cyberspace via a network of data centers, servers, routers, switches, computers, and devices owned by private and government entities in sovereign territory—and there is no similar consensus upon the existence of an equivalent of the “high seas” in cyberspace. Even if operators conceal their locations, they are always operating in sovereign territory on someone’s network. Damage, disruption, or theft done to data on a network therefore impacts a specific data owner or operator, and is a violation of sovereignty.
Second, while cyberspace operators might “bump into” each other on the infrastructure if they are both present on a network—two intruders passing in the night, as it were—these are virtual interactions and seem unlikely to cause inadvertent material harm in the same way that navies could do so on the high seas. The intruder would need to manipulate data and cause material and irreversible harm for it to be analogous, in some way, to two ships colliding on the open seas. Similarly, there would need to be some risk that an incident of cyberspace operators bumping into each other could rise to the level of an armed attack under international law, via the irreversible destruction of life or property, if it were to plausibly carry a significant risk of escalating to war. This is an unlikely occurrence in cyberspace.
Third and most importantly, if the United States and Russia or China are to have productive conversations about cyberspace, the most important issue is for the states to make progress on adhering to bounds of acceptable state behavior in peacetime and conflict. This is a far greater legal and policy challenge for the bilateral relationship, and an INCSEA-like agreement is wholly irrelevant to its resolution.
Cyberspace is a new arena of operations. Over the last decade, as access has increased exponentially across the globe, adversaries have flourished in the “gray space” below the level of outright conflict that cyberspace affords, escalating their operations against the United States without fear of real retribution. That is how China has stolen U.S. intellectual property through cyberspace with impunity, why North Korea broke into and damaged Sony Pictures Entertainment’s networks before the release of the parody film The Interview, and why the Russian Federation conducts cyber-enabled disinformation operations in advance of U.S. elections, penetrates U.S. critical infrastructure, and sows seeds of social discord within the U.S. population. For more than a decade, revisionist nation states have exploited the vulnerabilities that cyberspace affords. Countries have conducted hostile operations online, through disinformation and cyberspace operations, without ever having to leave their home, with limited resource investments, recognizing that the United States was not entirely sure how best to respond.
For years the United States largely held back against each of the above actors, not wanting to trigger a tit-for-tat response in cyberspace that could escalate. Instead, the United States sought to impose retributive costs through indictments and sanctions. This did not help achieve deterrence in cyberspace. But perhaps the Russian government’s interference in the 2016 U.S. Presidential election was a watershed moment. In 2018, the United States military gained the authority with which to conduct cyberspace operations to stop cyberattackers in advance of attacks against core U.S. interests, an expression of the new U.S. strategy to “defend forward” in cyberspace.[9] This suggests that, if the United States has indicators and warning of a potential cyberattack against its vital interests—such as its critical infrastructure—as it did in advance of the 2018 elections, the United States may take action to defend American interests online. Outside of the U.S. military’s use of operations in cyberspace, following a spike in ransomware attacks in 2020 and 2021 against hospitals and infrastructure, the U.S. Department of Justice targeted cybercriminals by seizing their bitcoin holdings,[10] and the U.S. Treasury Department implemented sanctions on the global malware market by targeting cryptocurrency instruments.[11]
The goal of this increasingly forceful response posture is to help set and assert the bounds of acceptable behavior, along with deterring hostile activities, to include countries that allow ransomware operators to conduct criminal activities without fear of arrest. The Russian government’s actions in the SolarWinds intrusion and in allowing ransomware groups to flourish within its borders remains a pre-eminent concern in matters of policy and law for the United States in cyberspace. This problem cannot be addressed through an INCSEA-like agreement because the principal issue is that the Russian government allows malicious cyberspace operators in its territory to act with impunity.
If there is any place for legal agreements in matters of cybersecurity, diplomacy should occur around the question of how to set and maintain responsible state behavior in cyberspace. The cybersecurity community has made progress here in multilateral fora. Concurrent with the United States increasing its efforts to deter and disrupt attacks on its interests, the United Nations countries have built on decades of work from the UN’s cybersecurity Group of Governmental Experts (GGE) to affirm the need for norms of operations in cyberspace, such as refraining from targeting medical devices or other critical infrastructure.[12] But unlike with INCSEA, these multilateral agreements do not seem to have curtailed Russian malign influence operations in cyberspace.
Bilaterally, the U.S. and Russia put in place emergency communications during the Obama administration to tamp down the chance of conflict spiraling out of control. Increasing communication about strategic capabilities is certainly to the good, and that might be what has urged the call for an INCSEA-like treaty: to discuss and shape how forces operate. But the United States can pursue those discussions through existing lines of communication around norms and crisis management.
The analogies of an INCSEA treaty otherwise fail to demand a new direction for U.S. policy and law. Recall that the original INCSEA treaty established rules of the road for maneuvering military weapon platforms (and later, merchant marine ships as well) to include the use of flag communications between vessels. At times these frightening close maritime engagements involved nuclear weapon platforms such as strategic missile submarines and bombers. INCSEA also set rules of the road for the use of weapon engagement threats such as the opening of bomb bay doors on bombers that are nearby ships, the use of fire control radars against other vehicles or vessels, and simulated attacks.
For these two conditions, there is clearly no analogue yet in cyberspace. There is no record of threatening engagements between military cyberspace operators of one country and the strategic platforms or weapon systems of another, nor do we know of equivalent “dangerous maneuvers” in cyberspace that could put either side at risk. Last, there is no clear way to brandish weapons threats from cyberspace operators against specific weapons systems or platforms. Cyberspace operators do not seem to saddle up to one another and show off their malware in a chat room to threaten the other side. The absence of these conditions makes it unlikely today that cyberspace operations could result in inadvertent nuclear escalation, or that cyberspace operators could scare strategic weapons operators and their chain of command into using their weapons.
For these reasons, it is doubtful that an INCSEA-like agreement for cyberspace would be germane to the security concerns of today’s cyberspace competition, that it could tamp down strategic tensions between states, or that such an agreement could be practicable.
The INCSEA treaty of 1972 was clearly a product of a period when the major powers sought détente and a reduction in tensions, and incidents on the high seas—outside of sovereign waters—between military combatants in peacetime were a potential vehicle to accidental or inadvertent escalation between nuclear armed states. There is no relevant mapping of this historical context to the political situation in 2021, nor does the situation in maritime affairs in the late 1960s and early 1970s have any relevance to cyberspace operations today. While the political conditions for such agreements could change rapidly given a change in geopolitics, it is hard to imagine how the strategic and operational context of military competition in cyberspace could approximate the maritime context of the period.
The views and opinions of the authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, Inc. LLNL-JRNL-829171
ENDNOTES
[1] Kenneth Lieberthal and Peter W. Singer, “Cybersecurity and U.S.-China Relations,” Brookings Institution, February 2012. https://www.brookings.edu/wp-content/uploads/2016/06/0223_cybersecurity_china_us_lieberthal_singer_pdf_english.pdf
[2] Vladamir Radyuhin, “Stuxnet could have created Chernobyls: Russia,” The Hindu, January 27, 2011. https://www.thehindu.com/news/international/Stuxnet-could-have-created-Chernobyls-Russia/article15535416.ece
[3] Julien Barnes, “U.S. Begins First Cyberoperation Against Russia Aimed at Protecting Elections,” New York Times, Oct 23, 2018. https://www.nytimes.com/2018/10/23/us/politics/russian-hacking-usa-cyber-command.html
[4] “Agreement Between the Government of The United States of America and the Government of The Union of Soviet Socialist Republics on the Prevention of Incidents On and Over the High Seas,” conclusion date: May 25, 1972, U.S. Department of State, https://2009-2017.state.gov/t/isn/4791.htm .
[5] Nicholas Katzenbach, “Letter From the Under Secretary of State (Katzenbach) to the Deputy Secretary of Defense (Nitze),” Foreign Relations of the United States (FRUS), 1964-1968, Volume XIV, Soviet Union, Document 284, August 16, 1968. https://history.state.gov/historicaldocuments/frus1964-68v14/d284
[6] Henry Kissinger, “Memorandum From the President’s Assistant for National Security Affairs (Kissinger) to President Nixon,” FRUS, 1969-1976, Volume XIII, Soviet Union, Document 113, February 16, 1971. https://history.state.gov/historicaldocuments/frus1969-76v13/d113
[7] U.S. Embassy in the Soviet Union, “Telegram From the Embassy in the Soviet Union to the Department of State,” FRUS, 1969-1976, Volume XIV, Soviet Union, Document 7, October 22, 1971. https://history.state.gov/historicaldocuments/frus1969-76v14/d7
[8] Henry Kissinger, “Memorandum From the President’s Assistant for National Security Affairs (Kissinger) to President Nixon,” FRUS, 1969-1976, Volume XIV, Soviet Union, Document 227, May 15, 1972. https://history.state.gov/historicaldocuments/frus1969-76v14/d227
[9] US CYBERCOM, “Achieve and Maintain Cyberspace Superiority: Command Vision for US Cyber Command,” US CYBERCOM website, April 2018. https://www.cybercom.mil/Portals/56/Documents/USCYBERCOM%20Vision%20April%202018.pdf
[10] U.S. Department of Justice, “Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside,” U.S. Department of Justice, June 7, 2021, available at https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside.
[11] U.S. Department of the Treasury, “Treasury Sanctions Individuals Laundering Cryptocurrency for Lazarus Group,” U.S. Department of the Treasury Office of Public Affairs, March 2, 2021, available at https://home.treasury.gov/news/press-releases/sm924
[12] Josh Gold, “Unexpectedly, All UN Countries Agreed on a Cybersecurity Report. So What?,” CFR Blog, March 2021, https://www.cfr.org/blog/unexpectedly-all-un-countries-agreed-cybersecurity-report-so-what
About the authors
Benjamin Bahney is a Senior Fellow at Lawrence Livermore National Laboratory’s Center for Global Security Research (CGSR) where he studies strategic competition in the 21st century in the areas of space, cyber, and advanced science and technology. His research is focused on how these new areas of competition alter strategic stability, deterrence, and escalation management. Also as the laboratory’s Space Program leader, he oversees all work on both space science and space security.
Ben has written for Foreign Affairs magazine, Foreign Policy, Lawfare, War on the Rocks, and has contributed to the opinion pages of the New York Times. Ben was a contributor to the U.S. Cyberspace Solarium Commission, particularly on public private partnerships. He was also a contributor to the edited volume Cross-Domain Deterrence: Strategy in an Era of Complexity published by Oxford University Press (2019). Ben was formerly an analyst at the RAND Corporation.
Jonathan Reiber is Senior Director for Cybersecurity Strategy and Policy at AttackIQ, where he leads the company’s narrative and content creation programs and directs key strategic issues. During the Obama administration he served as Speechwriter and Chief Strategy Officer for Cyber Policy in the Office of the Secretary of Defense, where he authored the first two national cyberdefense strategies of the United States. His commentary has appeared in TIME Magazine, Foreign Policy, Lawfare, and The Atlantic Monthly and his research has been supported by the Smith Richardson Foundation, Watson Foundation, and Berkeley’s Center for Long-Term Cybersecurity. He is the author of A Public, Private War, the findings of which were adopted by the U.S. Cybersecurity Solarium Commission and the National Defense Authorization Act of 2021. He is a graduate of Middlebury College and The Fletcher School.
Dr. Brandon Kirk Williams is a cybersecurity postdoctoral fellow at the Center for Global Security Research at Lawrence Livermore National Laboratory. His research focuses on the intersection of cybersecurity, emerging technology, and national security policy. His work addresses geopolitical competition and alliances in the Indo-Pacific and has been published in Lawfare and CGSR reports on Indo-Pacific Cybersecurity, strategy and emerging technology, and strategic competition with China. He earned a PhD in history from the University of California, Berkeley, where he completed a dissertation examining national security history that was supported by a Fulbright-Hays Grant for research in Indonesia.
About the Cyberstability Paper Series
Since the release of the final report of the Global Commission on the Stability of Cyberspace in November 2019, the concept of cyberstability has continued to evolve. A number of new ‘conditions’ are emerging: new agreements on norms, capacity building and other stability measures have been proposed and solidified within the United Nations and elsewhere, and stakeholders are exploring ways to increase stability and minimize the risk of conflict in cyberspace through technical fixes or governance structures. The constellations of initiatives involved in working towards cyberstability is expanding, underlining the need to connect the traditional state-led dialogues with those of the Internet communities from civil society and industry. Gaps continue to close, between the global north and south, between technology and policy, but also the stability in and the stability of cyberspace.
The first Cyberstability Paper Series explores these “New Conditions and Constellations in Cyber” by collecting twelve papers from leading cyber experts, each providing a glance into past or future challenges and contributions to cyberstability. The papers are released on a rolling basis from July until December 2021, culminating in an edited volume. All papers will be available for open access, and a limited number of printed hardback copies are available.
The opinions expressed in this publication are those solely of the author(s) and do not reflect the views of the Global Commission on the Stability of Cyberspace (GCSC), its partners, or The Hague Centre for Strategic Studies (HCSS).
© 2021 The Hague Centre for Strategic Studies and the Global Commission on the Stability of Cyberspace. This work is licensed under a Creative Commons Attribution –Noncommercial – No Derivatives License. To view this license, visit (www.creativecommons.org/licenses/by-ncnd/3.0). For re-use or distribution, please include this copyright notice.