WAPO story on how a number of major powers have signaled a willingness to explore the use of arms control vehicles to reduce the risk of cyber attacks on one another.

While I have never felt that borrowing deterrence notions from the nuclear realm for cyberwarfare made a lot of sense, because I tend to view cyberwarfare as being more akin to chemical and bio weapons than nukes, I do see the logic of mutually agreeing to limit their use via arms control treaties like we've done successfully with chem and bio.

The good news:

Although the agreement, reached this week at the United Nations, is only recommendations, Robert K. Knake, a cyberwarfare expert with the Council on Foreign Relations, said it represents a "significant change in U.S posture" and is part of the Obama administration's strategy of diplomatic engagement.

Among other steps, the group recommended that the U.N. create norms of accepted behavior in cyberspace, exchange information on national legislation and cybersecurity strategies, and strengthen the capacity of less-developed countries to protect their computer systems.

When the group last met in 2005, they failed to find common ground. This time, by crafting a short text that left out controversial elements, they were able to reach a consensus.

Do I expect states to eschew pursuing cyber capacities as an asymmetrical hedge in the event of great-power war?  No.  I just expect them to agree to the notion that, outside of augmenting possible kinetics, advanced states will refrain from messing with each other with such capabilities.  Why?  Bigger and better fish to fry--all things being peaceful.

Expecting more is naive, but assuming the worse is unduly alarmist.  In a connected world, there are no clear and unambiguous advantages to be gained in cyberwarfare casually pursued (meaning outside the context of real war), but there are clear and identifiable costs to be shared.