EXECUTIVE SUMMARY
Today's globalized and interconnected world is increasingly reliant on the Internet and cyberspace. These innovations have the potential to help maintain peace, increase prosperity, and increase access to information across the globe. Recent events, however, have evinced a trend of increasing threats and diminished security in cyberspace. The disclosures of massive cyber surveillance operations in North America, Asia, and Europe have raised additional concerns. The question of how global cyber security governance will evolve over the next decade is therefore of the utmost importance.
We argue that the range of possible outcomes for global cyber security governance is bounded at the extremes by two paths. At one end of the spectrum lies the death of the Internet as we know it. Though many stakeholders would label this future outcome dystopian, others might welcome it. At the other end of the spectrum is the potential for a utopian resolution to mistrust and conflict in cyberspace, which presumably satisfies all stakeholders. The actual path will likely fall somewhere in between. But these two poles can aid policymakers by conveying diverging directions that we might head and the implications of those scenarios.
Could the Internet actually die? The path to this outcome might be precipitated by an inability to address growing mistrust, the continued existence and exploitation of major cyber vulnerabilities, and mass fear created by new kinds of cyber attacks. Even in such a dystopian scenario, communication networks are likely to survive in some form. But we need look no further than the headlines about internet kill switches, sovereign control of information, and national firewalls to witness the fragmentation of the "open" foundation, both in terms of technology and governance, that has thus far prevented the extreme balkanization of the global Internet. When every country has its own search engine, social network, micro blog, and video sharing site, how many users will actually notice the lack or disappearance of international connections?
Will the international community ever reach a formal agreement regarding the rules of the road and enforcement mechanisms in cyberspace? Multilateral trust building, substantial advances in technology that mitigates cyber vulnerabilities, and inclusion of a more representative set of stakeholders would all make this outcome more likely. Unfortunately, recent developments do not provide a sense of tremendous optimism. And while distinctionsbetween different types of espionage based on the purpose of collection is difficult enough, agreement on the rules of engagement in cyberspace would be even harder to resolve if actual conflict were to break out. Nevertheless, an appropriately empowered international body might be the only way to avoid the pitfalls of a disconnected world that is likely to emerge should the current rifts regarding cyber security grow so wide as to make any form of global governance impossible.
Ultimately our future is what we make of it. We therefore offer a lead strategy that identifies beneficial actions regardless of which future emerges and a set of four policy recommendations that aim to strike an optimal balance between the threats and opportunities presented by each scenario.
LEAD STRATEGY
- Encourage domestic/bloc innovation
- Focus on technology that addresses cyber vulnerabilities
- Build confidence via incremental win-win cooperation
- Maintain the ability to act unilaterally
POLICY RECOMMENDATIONS
- Enhance trust through existing governance structures
- Address long standing points of contention by internationalizing control over ICANN and curbing economic espionage
- Build capacity to reduce exposure to cyber vulnerabilities across the entire system of stakeholders
- Build a "trust cell" for cyber security governance that evolves from current structures and includes representation from NGOs and the private sector
These recommendations taken together present a robust set of actions that pave a path forward towards establishing an environment in which a more cooperative form of global cyber security governance could evolve.
Download the entire report here: http://www.gg2022.net/fileadmin/media/gg2022/130826_GG2022_Cyber_Report_web.pdf
Abbassi, Puji, Martin Kaul, Vivek Mohan, Yi Shen and Zev Winkelman. “Securing the Net: Global Governance in the Digital Domain.” Global Governance 2022, September 2013
The full text of this publication is available via Global Governance 2022.