All future wars will begin as cyberwars. Cyberattacks and online disinformation campaigns will define the next generation of conflict, and they will unfold silently, invisibly and relatively inexpensively. The threat is real, but we are equipped with the means to keep the cyberpeace. It’s now incumbent on policymakers and tech companies to help keep our information secure and our infrastructure safe.
In many ways, the tools of cyberwarfare are irresistible to governments. Cyberattacks have already been used to weaken infrastructure, disrupt communications and spread disinformation. It’s much cheaper and less risky to design malware that, for example, destroys Iranian nuclear centrifuges than it would be to bomb a nuclear facility. Cyberattacks are often hard to detect and even harder to attribute, making these weapons appealing for covert operations, when governments want the ability to deny their involvement.
Cyberwars will be supplied by cyber-arms dealers. Today you can buy “zero-day exploits” (tools to take advantage of previously unknown vulnerabilities in software) on the dark web for just tens of thousands of dollars. A shadowy set of businesses offer spyware, usually billed as tools for law enforcement, to authoritarian governments.
Not all actors in the cyberwars of the future will be governments, though. As the cost of these tools of cyberconflict comes down, the reach will expand, increasing the ease for nonstate actors to mount cyberattacks. A DDoS attack, a type of cyberattack that overwhelms servers with traffic, can be purchased online for as little as $10. It’s easy to imagine a scenario where nonstate actors—terrorists, militias, political factions—launch a cyberattack that is designed to seem as if it originated from a particular country’s government.
These are tools and tactics that policymakers don’t understand well. We lack the policies to inform consistent behavior among states. Take the doctrine of proportionality, the principle that responses to attacks should be proportionate to the impact of the attack itself. No such doctrine exists for cyberspace—or if it does, it’s been considered in secret and therefore doesn’t help to establish international norms.
But cyberwar is here to stay. That means that we need to find ways to harden critical infrastructure and protect crucial data. It means that our policymakers need to develop new rules and norms for warfare. And it means that we need the brightest minds working to build new tools that will help ensure peace in the digital age.
Machine learning, or computers able to learn from data, will be essential to decoding the battlefields of the 21st century. The more attacks we endure, the more training data we will have. This means for every attempted hack of an electrical grid or intrusion on a banking system, we will better understand how these attacks work and improve our defenses. Smaller countries with less data will be able to rely on their larger allies and partners to protect them.
The good news is that many of the tools to protect individuals from contemporary digital threats are freely available today. Seemingly simple steps like updating software regularly and using strong encryption provide an effective defense against many threats online. Where we need to make progress is in applying these tools and defenses at scale and incentivizing people to use them.
It’s easy to get caught up in the latest news cycle about a scandalous data leak or cybercrime, but amid the sensationalism we often lose sight of the longer-term technology trends and how they shape geopolitics. Technology companies and the private sector should confront these issues proactively. If all future wars will begin as cyberwars, surely technology should be part of the solution.
Schmidt is the executive chairman of Alphabet, and Cohen is the president of Jigsaw, formerly Google Ideas.
This appears in the December 26, 2016 issue of TIME.