In recent years, as news of U.S.-Russian tensions in the cyber domain has dominated headlines, some strategic thinkers have pointed to the need for a bilateral cyber “rules of the road” agreement. American political scientist Joseph Nye, a former head of the U.S. National Intelligence Council, wrote in 2019 that, even “if traditional arms-control treaties are unworkable” in cyberspace, “it may still be possible to set limits on certain types of civilian targets, and to negotiate rough rules of the road that minimize conflict.” Robert G. Papp, a former director of the CIA’s Center for Cyber Intelligence, has likewise argued that “even a cyber treaty of limited duration with Russia would be a significant step forward.” On the Russian side, President Vladimir Putin himself has called for “a bilateral intergovernmental agreement on preventing incidents in the information space,” comparing it to the Soviet-American Agreement on the Prevention of Incidents on and Over the High Seas. Amid joint Russian-U.S. efforts, the Working Group on the Future of U.S.-Russia Relations recommended several elements of an agreement in 2016, among them that Russia and the U.S. agree “on the types of information that are to be shared in the event of a cyberattack” (akin to responses to a bio-weapons attack) and prohibit both “automatic retaliation in cases of cyberattacks” and “attacks on elements of another nation’s core internet infrastructure.” Most recently, in June 2021, a group of U.S., Russian and European foreign-policy officials and experts called for “cyber nuclear ‘rules of the road.’”
School Authors: Steve Fetter
Other Authors: Charles L. Glaser, James M. Acton