Cybersecurity & Tech

A Proliferation Security Initiative for Cyber Cooperation?

Duncan B. Hollis, Matthew Waxman
Monday, June 4, 2018, 7:00 AM

National security adviser John Bolton is often caricatured as a unilateralist. One of his legacies during the George W. Bush administration, however, was a significant new multilateral effort: the Proliferation Security Initiative (PSI).

Published by The Lawfare Institute
in Cooperation With

National security adviser John Bolton is often caricatured as a unilateralist. One of his legacies during the George W. Bush administration, however, was a significant new multilateral effort: the Proliferation Security Initiative (PSI).

In a forthcoming symposium essay we suggest that PSI might offer a useful model for promoting cybersecurity cooperation. As the United States and others look to improve international rules for combating global cyber threats—whether through interpretation of existing legal frameworks, cultivation of new norms, or creation of new treaties or international bodies—PSI’s special architecture may be adaptable to some of the more notable challenges.

Bolton championed PSI in the early 2000s to improve interdiction of weapons of mass destruction, especially at sea where the absence of clear counterproliferation law and weak capacity of some states left holes for proliferators to slip through. The United States and a small group of like-minded states signed on to a set of common principles and committed to a set of joint activities to strengthen WMD interdiction efforts. There was no new binding treaty or bulky international organization. Instead, each country agreed to do what it regarded as authorized under international law and consistent with a common declaration of PSI political commitments. Though it started among just a small group of participants, other states were invited to join the PSI, and as of today, 105 states have endorsed the common pledges and support PSI-related interdiction efforts.

To be clear, our essay does not suggest that the United States should pursue a similar multilateral policy approach of interdicting cyberweapons. Rather, we highlight how PSI’s cooperative mechanisms may be a model for future cybersecurity cooperation. Its advantages, compared to many global treaties or new intergovernmental bodies, include low entry costs, accommodation of varying capabilities, flexibility, and evolution through experimentation. This approach also has limits, to be sure. On the one hand, it would leave in place significant gaps or uncertainties in international law that certain states are looking to fill. On the other hand, it may be perceived by some states as heavy-handed or designed to exclude and isolate them. And, of course, it is worth emphasizing that cybersecurity is not a unified problem set—it involves a complicated suite of different problems that emerge in a wide array of different contexts.

Nonetheless, there are several areas of cybersecurity cooperation for which the PSI model might be a possible fit. These could include multilateral efforts to remediate effects of cyberattacks, to assist in attributing them to perpetrators, or to impose sanctions against such bad actors. (Note that just last week, the State Department proposed to the president a cyber deterrence strategy recommending that “Partner states could, on a voluntary basis, support each other’s responses to significant malicious cyber incidents, including through intelligence sharing, buttressing of attribution claims, public statements of support for responsive actions taken following an incident, and/or actual participation in the imposition of consequences against perpetrator governments.”)

The merits of a PSI-like approach depend a lot, of course, on the substance and details of the commitments and activities. But the point of our essay is that PSI’s architecture is worth further consideration among the menu of ways to improve international cybersecurity cooperation and cultivate norms.

Duncan B. Hollis is Laura H. Carnell Professor of Law at Temple University Law School. He recently co-edited Defending Democracies: Combating Foreign Election Interference in a Digital Age (Oxford University Press, 2021) and is editor of the award-winning Oxford Guide to Treaties (Oxford University Press, 2nd, ed., 2020). He regularly writes on issues of international law, norms, and global cybersecurity. Professor Hollis is a Non-Resident Scholar at the Carnegie Endowment for International Peace, an elected member of the American Law Institute, and a regular consultant for the Microsoft Corporation's Digital Diplomacy team.
Matthew Waxman is a law professor at Columbia Law School, where he chairs the National Security Law Program. He also previously co-chaired the Cybersecurity Center at Columbia University's Data Science Institute, and he is Adjunct Senior Fellow for Law and Foreign Policy at the Council on Foreign Relations. He previously served in senior policy positions at the State Department, Defense Department, and National Security Council. After graduating from Yale Law School, he clerked for Judge Joel M. Flaum of the U.S. Court of Appeals and Supreme Court Justice David H. Souter.

Subscribe to Lawfare