The headlines recently have been full of “cyber-war” and “cyber-security” stories. We do face a clear and present danger in the ether-world. Classified sources on the scale and scope of the threats give far more ground for concern than even the public record. This is not a case of scare-mongering. If anything, the reverse is true. Public perceptions of the dangers lag behind the reality.
In announcing a new cyber-security policy on May 29, US President Barack Obama showed how far behind the United States feels it is in mounting its defences. He said that “We’re not as prepared as we should be,” and that “We’ve failed to invest in the security of our digital infrastructure.” In a December 2008 report, a commission organised by the Center for Strategic and International Studies (CSIS) in Washington D.C. called cyber-war the “hidden battle,” similar to those in signals intelligence in World War II. It concluded that “America’s failure to protect cyberspace is one of the most urgent national security problems”.
The vulnerabilities are immense: from personal information, banking records, and controls on sensitive medical equipment, to the controls on nuclear power plants and nuclear missiles. And in all of these domains, we can find horror stories from the last decade. One cyber attack reportedly gave access to the designs of one of America’s newest military aircraft. The curious fact is that the defence strategies adopted by the United States and Europe resemble fortress strategies emphasising physical defences more worthy of a mediaeval age than of the cyber age. In launching work on its new security concept, NATO officials have flagged their efforts to understand how the mutual commitment to defence of all members might play out in the event of a major cyber-attack by one state on another.
The idea of physical defences akin to borders (such as firewalls) will remain essential, but given the high levels of cross-border connectivity in cyber-world, new approaches for cyber-security must include the international dimension. Thus, instead of exclusively imagining cyber-defence or cyber-war, it is also important to begin to construct cyber-diplomacy. Few governments have even thought about the diplomatic dimension of cyber-security at the level commensurate with the threat. Most governments do assert the need for it, but do little beyond that.
They will need to start with a concept of what constitutes cyber-peace and a code of conduct on what is reasonable behavior and what is not. In the military domain, diplomats will need to frame ideas on deterrence, arms control and confidence-building especially appropriate for cyber-space. They will need to devise a cyber-hotline to allow quick communications between the ICT specialists in cases of presumed cyber-attack by one country on another. There are important examples within the field of cyber-security where international cooperation and trust levels are very high. One need go no further than the international system of bank settlements. Other examples include cyber crime and international standards development.
Yet, governments, especially those charged with cyber-security, seem to have little confidence in the tools of diplomacy as providing even part of the solution for the threat. Russia and China are regularly cited by American and European leaders as the main sources of threat. Military officials in those two countries complain equally as vociferously about American cyber-attacks on them. It appears we have a new area of military confrontation – or at least clashes – in a domain where there is almost no regulation. The traditional domains of land, sea and air, and even outer space, have far more rules for safe “international navigation” than cyber-space.
Most countries are now pervasively connected to each other and the world by choice because of the many benefits that cyber connectivity offers.  This connectivity brings profound interdependence that has far reaching impact on national security, economic stability and public welfare. We need to manage this interdependence with sophisticated diplomacy and we will need a new breed of diplomats to do it.       

Dr. Greg Austin is Vice President at the EastWest Institute and Director of EWI’s Global Security Program and Policy Innovation, with 30 years experience in international affairs, including senior posts in academia and government. He has also held senior posts at the International Crisis Group and the Foreign Policy Centre London. He is the Founding Chair of the Asian Century Institute in London and author of several highly reviewed books on international security, especially on Asia.