Saturday, October 25, 2014
1

Safeguarding Cyberspace

CAMBRIDGE – Brazil recently hosted NETmundial, the first global conference on Internet governance, attended by 800 representatives of governments, corporations, civil-society organizations, and technologists. Based on the notion of “multi-stakeholderism,” the meeting produced a 12-page “outcomes” document.

Nonetheless, at the end of the conference, there was still no consensus on global cyber governance. Many governments continued to advocate traditional United Nations voting procedures for making global decisions, and defend their right to control domestic cyber activities.

In a sense, this is not surprising. After all, though the Internet is a complex, fast-evolving, and all-encompassing global resource, it has not been around for very long. While the World Wide Web was conceived in 1989, it was only in the last 15 years that the number of Web sites burgeoned, and Internet technology began to transform global supply chains. Since 1992, the number of Internet users has exploded from one million to nearly three billion. Just like that, the Internet became a substrate of economic, social, and political life.

In its early days, the Internet was often characterized as the ultimate egalitarian conduit of free-flowing information – a harbinger of the end of government controls. But the reality is that governments and geographical jurisdictions have always played a central role in regulating the Internet – or at least have tried. Ultimately, however, the Internet poses a major governance challenge, exemplified in ongoing efforts to understand the implications of ubiquitous mobility and the collection and storage of “big data.”

The governance challenge stems from the fact that cyberspace is a combination of virtual properties, which defy geographical boundaries, and physical infrastructure, which fall under sovereign jurisdictions. Control of the physical layer can have both territorial and extraterritorial effects on the virtual layers. At the same time, attacks can be launched from the low-cost virtual realm against the physical domain, where resources are scarce and expensive.

The Internet began as a small village of known users, where an authentication layer of code was unnecessary and the development of norms was simple. But then it grew, and everything changed. Though cyberspace offered the advantages of access to information and easy communication to a growing number of people, it became a breeding ground for crime, hacker attacks, and threats to governments.

Efforts to limit the risks incurred in this volatile environment have focused on creating private networks and “walled gardens” (closed platforms) – cyber equivalents to the seventeenth-century enclosures that were used to solve that era’s “tragedy of the commons.” But this raises the risk of fragmentation, which, if allowed to go far enough, could curtail the Internet’s economic benefits.

Given that security is a traditional function of the state, some observers believe that growing insecurity will lead to a greater role for governments in cyberspace. Indeed, accounts of cyber war may be exaggerated, but cyber espionage is rampant, and more than 30 governments are reputed to have developed offensive capabilities and doctrines for the use of cyber weapons. Ever since the Stuxnet virus was used to disrupt Iran’s nuclear program in 2009-2010, governments have taken the threat posed by cyber weapons very seriously.

Governments also want to protect their societies from what comes through the Internet. For example, China’s government has not only created a “Great Firewall” of software filters; it also requires that companies take responsibility for censoring their public content. And, if China is attacked, it has the capacity to reduce its Internet connections.

But China’s government – and others that practice Internet censorship – still want to reap the economic benefits of connectivity. That tension leads to imperfect compromises.

A similar tension exists in the effort to create international Internet-governance norms. While authoritarian countries like China and Russia seek “information security,” including the kind of overt censorship that would be prohibited in countries like the United States, Western democracies pursue “cyber security.”

This divergence was starkly apparent in 2012, at a conference convened in Dubai by the UN’s International Telecommunications Union (ITU). Though the meeting was ostensibly about updating telephony regulations, the underlying issue was the ITU’s role in Internet governance.

Authoritarian regimes and many developing countries believe that their approach to sovereignty, security, and development would benefit from the multilateral processes that the ITU employs. But democratic governments fear that these processes are too cumbersome, and would undercut the flexibility of the “multi-stakeholder” approach, which stresses the involvement of the private and non-profit sectors, as well as governments. The vote in Dubai was 89 to 55 against the “democratic” governments.

This outcome raised concerns about a crisis in Internet governance – concerns that the recent conference in Brazil alleviated, but only slightly. Stayed tuned. There are many more conferences scheduled on cyber governance – and a lot more work to be done.

Hide Comments Hide Comments Read Comments (1)

Please login or register to post a comment

  1. Commentedj. von Hettlingen

    In an ideal world, the "cyberspace" would be an El Dorado for knowledge. Yet cyber technology could be a double-edged sword, cutting both ways. It enables ordinary people to have access to information online, while helping villains to steal others' secrets. Hence it is important to raise awareness about cyber security and protect oneself from the growing threat of attacks by criminals and terrorists.
    When the "World Wide Web was conceived in 1989", it marked the beginning of the Digital Revolution, which could be likened to the Industrial Revolution in Europe two centuries ago. The Internet has become "a substrate of economic, social, and political life" that we can no longer imagine ourselves returning to the status quo ante.
    While ordinary people appreciate the advantage of "ubiquitous mobility", they also loathe the intrusion into their privacy, as shown by the wilful "collection and storage of big data". Corporate companies have to safeguard their intellectual properties and protect themselves from data theft. Most of all government authorities face a "major governance challenge". Apart from combating online crime and thwarting internet attacks, they have to invest heavily in cyber security by adopting robust measures and protecting infrastructure as their priorities.
    Security experts estimate that there are about millions of cyber attacks a week. The number is growing rapidly all of the time, putting the damage to the economy at billions of dollars a year. Apart from industrial espionage that affects a company's competitiveness in the global market, national security can also be at risk, if a country's services like, banking, power, telecommunications, air traffic controlling and rail signalling are being targeted by hackers. Not only " the Stuxnet virus" , "used to disrupt Iran’s nuclear program in 2009-2010", that made international headlines. In 2012 a cyber attack on Saudi Arabia's national oil company shut down 30,000 of its computers. There was a series of cyber-attacks on US banks as well.
    All over the world "governments have taken the threat posed by cyber weapons very seriously". Yet the rapidly changing nature of cyber threats demands likewise a flexible response. Hackers, have become more dynamic, with constantly evolving new techniques. They take advantage of bureaucrats, who are slow to react. Very often government solutions to a security problem are inadquate to the scale of the challenge they face. This makes cyber technology both a blessing and a curse.

Featured