A popular joke circulating online among Russian dissidents goes something like this: A Moscow woman asks her husband if he understands what the war in Ukraine is about. Yes, thunders the husband, repeating the regime’s talking points – it’s a Russian campaign against NATO aggression! The wife goes on to ask how the war is going, and here the husband gets gloomy and says that the brave Russian military suffered heavy casualties, including more than 18 thousand dead. And how many victims, the woman asks, does NATO have to mourn? The husband shrugs. “I don’t know,” he says. “NATO hasn’t appeared yet.”
Like all good punchlines, this one is multi-layered. Embedded in the outspoken critique of Putin’s carnage is a greater realization of how we wage war today and that the old structures put in place to keep world peace no longer work.
Unfortunately, NATO is Exhibit A. How did the alliance, formed after World War II and designed to stop the very kind of aggression now being displayed by Russia, react to Putin’s invasion? The most honest assessment we have comes from the President of Ukraine. At a NATO leaders’ summit earlier this spring, Volodymyr Zelenskyy ticked off a long list of NATO failings, from refusing to establish a no-fly zone to undersupplying arms and ammunition. “All the people who will die that day will also die because of you,” said Zelenskyy.
This urgent critique raises an equally urgent question: if NATO is no longer an effective bulwark to keep the world’s bad guys in check, what might its replacement be? Having made a career in cybersecurity and having assessed and defended a different and emerging set of risks, allow me a humble suggestion: If you want world peace, think less about England, France and Germany and more about Google, Apple and PayPal.
Let’s look at the evidence. For one thing, the multinational corporations that drive much of our economic growth have the technological capacity—not to mention the budgets—to design and implement the kind of rapid and effective deterrent that no government could readily provide. For example, when PayPal exited the Russian market in March, it became significantly more difficult for Russians to engage in cross-border e-commerce, ie buying or paying for almost anything online. These kinds of impacts on daily life used to require a protracted concerted effort by nation-states; Today companies can work much better and much faster.
However, corporations become even more important for world peace when one considers the new fronts of the world war. In April, for example, Viktor Zhora, a top cybersecurity expert for the Ukrainian government, reported on an attempt by the GRU, Russia’s military intelligence agency, early in the war to shut down power plants, including some in and around the capital Kyiv, most likely as a prelude to ground operations.
The attempt was thwarted, but it served as a necessary reminder that while images of destroyed buildings and displaced civilians leave an emotional mark, much modern warfare involves the computer keyboard as likely as, say, a short-range missile. Recently, Tom Kellerman, a cybersecurity expert who is a member of the Secret Service’s Cyber Investigations Advisory Board, authored a report arguing that while Russia may not have had success in conducting efficient cyberattacks on Ukraine, it has lagged behind A spate of ransomware attacks are raging around the world that are being used to fund the high cost of Putin’s war.
So what to do when “civilian” companies are just as involved in business-critical conflicts as troops and military units? The answer is simple: we need a new NATO centered around collaboration between nations and those corporations and other stakeholders that make the information age so dangerous at this moment in history.
If you’re uncomfortable with the thought of tech CEOs sitting next to secretaries of state and army generals, I’ve got some uncomfortable news for you: these interactions are already happening. For example, Amazon recently renewed its $10 billion deal with the NSA, helping the agency store all of its highly sensitive data on its AWS servers. And while NATO and other national and international defense organizations all have cyber-weapons at their disposal, none are equipped to tackle the maze of complicated issues — legal, ethical, and tactical — that arise from a new reality in which nations and corporations are thriving Shoulder to shoulder are the virtual battlefield.
In other words, what we need now is not just more investment in cybersecurity – which is fortunately already happening – but a new institution that can help us keep the peace even as the challenges grow more complex and diverse. We propose a new Geneva Convention that will limit cyber war targets such as hospitals, retirement homes and schools. And it could lead to a collective investment in R&D that will provide us with the most advanced cyber defense systems.
It is a tall order, but too many lives are at stake for us to stand idly by. Big Tech prides itself on having revolutionized every existing human industry, from healthcare to finance to logistics. It’s high time we learned how to disrupt war.
Shlomo Kramer is the co-founder and CEO of Cato Networks.