GGF 2022 Global Cyber Security Governance Working Group September 2013
Today’s globalized and interconnected world is increasingly reliant on the Internet and cyberspace. These innovations have the potential to help maintain peace, increase prosperity and access to information across the globe. Recent events, however, have evinced a trend of increasing threats and diminished security in cyberspace. The disclosures of massive cyber surveillance operations in North America, Asia and Europe have raised additional concerns. The question of how global cyber security governance will evolve over the next decade is therefore of the utmost importance.
We argue that the range of possible outcomes for global cyber security governance is bounded at the extremes by two paths. At one end of the spectrum lies the death of the Internet as we know it. Though many stakeholders would label this future outcome dystopian, others might welcome it. At the other end of the spectrum is the potential for a utopian resolution to mistrust and conflict in cyberspace, which presumably satisfies all stakeholders. The actual path will likely fall somewhere in between. But these two poles can aid policymakers by conveying diverging directions that we might head into and the implications of those scenarios.
Could the Internet actually die? The path to this outcome might be precipitated by an inability to address growing mistrust, the continued existence and exploitation of major cyber vulnerabilities, and mass fear created by new kinds of cyber attacks. Even in such a dystopian scenario, communication networks are likely to survive in some form. But we need look no further than the headlines about Internet kill switches, sovereign control of information, and national firewalls to witness the fragmentation of the “open” foundation, both in terms of technology and governance, that has thus far prevented the extreme balkanization of the global Internet. When every country has its own search engine, social network, micro blog and video-sharing site, how many users will actually notice the lack or disappearance of international connections?
Will the international community ever reach a formal agreement regarding the rules of the road and enforcement mechanisms in cyberspace? Multilateral trust building, substantial advances in technology that mitigates cyber vulnerabilities, and inclusion of a more representative set of stakeholders would all make this outcome more likely. Unfortunately, recent developments do not provide a sense of tremendous optimism. And while distinctions between different types of espionage based on the purpose of collection is difficult enough, agreement on the rules of engagement in cyberspace would be even harder to resolve if actual conflict were to break out. Nevertheless, an appropriately empowered international body might be the only way to avoid the pitfalls of a disconnected world that is likely to emerge should the current rifts regarding cyber security grow so wide as to make any form of global governance impossible.
Ultimately our future is what we make of it. We therefore offer a lead strategy that identifies beneficial actions regardless of which future emerges and a set of four policy recommendations that aim to strike an optimal balance between the threats and opportunities presented by each scenario.
Taken together, these recommendations present a robust set of actions that pave a path towards establishing an environment in which a more cooperative form of global cyber security governance could evolve.