As the cyber war of words heats up between the U.S. and China, the rest of the world is taking notice….and proposing action.

Most recently, the head of the United Nations’ communication and technology agency, Secretary General Hamadoun Toure of the International Telecommunications Union, proposed a treaty whereby member countries agree not to precipitate a cyber attack against other member countries. “The framework would look like a peace treaty before a war,” he is reported to have said.

Secretary Toure’s proposal follows a series of concerns expressed at last month’s World Economic Forum in Davos-Klosters, Switzerland, including a harsh warning that cyber attacks could amount to a declaration of war. According to Secretary Toure, “[a] cyber war would be worse than a tsunami – a catastrophe.” Because of the potential devastating consequences of a cyber war, the Secretary strongly recommended that countries agree not to harbor cyber criminals and “commit themselves not to attack another.” Of course, nothing is quite as simple as that. For example, John Negroponte, the former director of U.S. intelligence, cautioned that intelligence agencies would “express reservations” about such a treaty. Given the breadth and scope of China’s, Russia’s and other countries’ intelligence operations and their reported limits on information disclosures, Mr. Negroponte’s remarks likely would be echoed by other nations.

Still, the U.S. is preparing itself for a cyber war. Speaking at the World Economic Forum, U.S. Senator Susan Collins (R- Me) acknowledged as much, reportedly stating that “if someone bombed the electric grid in our country and we saw the bombers coming in, it would clearly be an act of war…. If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are getting closer to saying it is an act of war.” Similar sentiments were echoed by Senator John D. Rockefeller (D-WV), Chairman of the Senate Committee on Commerce, Science, and Transportation. In April 2009, Senator Rockefeller introduced a comprehensive cybersecurity bill, The Cybersecurity Act of 2009, S. 773, which, according to the non-profit Authority on Managing Records and Information, is designed to:

• Significantly raise the profile of cybersecurity within the federal government and streamline cyber-related government functions and authorities
• Promote public awareness and protect civil liberties
• Create teamwork and a partnership between government and the private sector on cyber security
• Foster innovation and creativity in cybersecurity to develop long-term solutions

Senator Rockefeller’s bill also proposes to establish the Office of the National Cybersecurity Advisor within the Executive branch. The Office would be headed by an Advisor who would serve as the President’s lead official on all cyber matters. He/she also would be responsible for coordinating activities between the intelligence community and civilian agencies.

While the Cybersecurity Act of 2009 has not engendered much discussion in the media, it has drawn attention in the face of recent cyber attacks on Google. Referring to the cybersecurity breaches at Google and elsewhere, Senator Rockefeller issued the following statement:

Cyber-attacks are increasing exponentially and we need to get serious about America’s cybersecurity – our nation’s public and private infrastructure is too critical to remain vulnerable and unprotected… I intend to markup my cybersecurity bill early this year to address these ever-evolving attacks and secure our networks. It’s an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now.

According to the Christian Science Monitor, the U.S. energy industry already has been the subject of at least one foreign cyber attack. The Monitor reports that three U.S. oil companies suffered previously unreported security breaches in 2008 by way of intrusions which focused on data detailing the value, quantity and location of global oil discoveries. The stolen information reportedly was transferred to a computer in China, leading some to believe that Chinese authorities may have been complicit. We emphasize, however, that there is no concrete evidence linking the Chinese government to the 2008 attacks.

In short, as physical wars in Afghanistan and elsewhere rage on, a different, but equally insidious, form of war is being fought over the Internet every day. And, as difficult as it is to achieve an armistice in the physical context, so too a cyber peace accord seems unachievable at the present time. Similarly, while the U.S. government is striving to deal with this situation, no legislative panacea seems to be in the offing. Meaning, of course, more insurable risks.