Many governments now realize that their GDP growth is being eroded by a wide range of nefarious cyber activities.
This commentary is also available in Portuguese.
The Internet, together with the information communications technology (ICT) that underpins it, is a critical national resource for governments, a vital part of national infrastructures and a key driver of economic growth. Over the last 40 years, and particularly since the year 2000, governments and businesses have embraced the Internet, and ICT’s potential to generate income and employment, provide access to businesses and information, enable e-learning and facilitate government activities. In some countries, the Internet contributes up to eight percent of gross domestic product (GDP), and recent reports suggest that the industrial Internet opportunity (through modernization) represents a 46 percent share of the global economy.
Today, businesses around the world tender services and products through the Internet to more than 2.5 billion citizens using secure protocols and electronic payments. Services range from e-government, e-voting, e-banking, e-health and e-learning to next generation power grids, air traffic control and other essential services, all of which depend on a single infrastructure. The Internet is the fuel of the global economy and the backbone of the international financial system.
No country can afford to put their economy at risk. Increasingly, though, the availability, integrity and resilience of this core infrastructure are in harm’s way. For example, in March 2013, cyber criminals successfully launched a virus that penetrated the defences of multiple financial institutions in South Korea, including Shinhan Bank, the country’s fourth-largest bank, as well as two other banks — NongHyup and Jeju. The motive was destruction of data using a malware similar to that used in the recent incident against Saudi Aramco, which destroyed data and rendered the main operating systems of computers useless. Additionally, a distributed denial of service (DDoS) campaign has been underway for the last year against the United States’ top financial institutions, including JPMorgan Chase, Bank of America, Citigroup, U.S. Bank and PNC. The DDoS attacks are reaching levels at which the telecommunications providers can no longer guarantee quality of service. In both cases, Internet banking services are being degraded or blocked outright, and other e-services disrupted. These and other attacks and disruptions of Internet activity and connectivity have significant implications for global trade and global business continuity.
In addition, many governments now realize that their GDP growth is being eroded by a wide range of nefarious cyber activities. For example, it is estimated that the Group of Twenty (G20) economies have lost 2.5 million jobs to counterfeiting and piracy, and that governments and consumers lose US$125 billion annually, including losses in tax revenue. The United Kingdom estimates that it is losing £27 billion per annum to cybercriminals. Furthermore, research by TNO, an independent research organization in the Netherlands has shown that cybercrime costs Dutch society at least 10 billion euros per annum, or 1.5 to two percent of their GDP. This loss is equal to the Netherlands’ economic growth in 2010.No nation can afford to lose even one percent of their GDP to illicit cyber activities.
To counteract these risks, some governments and businesses are turning to international venues, seeking mechanisms to drive a path toward international cooperation and increased government intervention to “assert control,” all as part of an effort to manage exposure to cyber insecurity. These diplomatic discussions are emerging in dozens of international bodies, including: the United Nations, the Group of Eight (G8), the Organization for Security and Co-operation in Europe, the North Atlantic Treaty Organization, the European Union, the Council of Europe, the Asia-Pacific Economic Cooperation forum, the Association of Southeast Asian Nations, the Organization of American States, the Organisation for Economic Co-operation and Development (OECD), the International Telecommunications Union (ITU) and the International Organization for Standardization. Unfortunately, these fora are suffering from an operational collision of competing interests — privacy, piracy (for example, intellectual property protection), sovereignty and security (for example, corruption, theft, crime, espionage, war) — that are stifling progress. The cacophony of voices and lack of clarity of an action agenda of what to do suggests that it is time to change the conversation and establish executive ownership among those who have the most to lose.
Why not then place this agenda item on the G20 table?It is time to couple diplomacy with our national interest. The G20 represents 90 percent of global GDP, 80 percent of international trade and 64 percent of the world’s population. The leaders of the G20 could simplify the cybersecurity conversation and focus the world on enabling GDP growth, while limiting GDP erosion. This approach has a built-in advantage in that its membership includes Brazil, Russia, India, China and South Africa (the BRICS) with equal voices at the diplomatic table. In fact, it may be the only international forum that could propagate a simple narrative that communicates why a sustainable cyberspace is linked to GDP growth for every nation.
Currently, Russia is at the helm of the G20 and it has organized the agenda around three overarching priorities aimed at starting the new cycle of economic growth: growth through quality jobs and investment; growth through trust and transparency; and growth through effective regulation. Russia could leave its mark on the world by leading this conversation in the G20 now, and shepherd it forward as it assumes the presidency of the G8 in 2014. It could also lay the foundation for Australia to build upon as it assumes the presidency of the G20 in 2014.Brazil could echo the need for this leadership as it steps on to the world’s stage to host the FIFA World Cup in 2014 and the 2016 Olympic Games. Practical steps could be taken to add cybersecurity to multiple tracks of the current G20 program, including:
- Building infrastructure and providing inclusive access to basic amenities (such as high-speed broadband communications) to spur economic growth. Agenda item: Development for All.
- Support the Financial Stability Board with an information sharing forum/methodology to enable banks to better protect themselves from malicious cyber activities. Agenda item: Strengthening Financial Regulation. Alternatively, this same item could be addressed in the Agenda item: Fighting Corruption. Cybersecurity, fraud and e-crime could fit into the sub-tracks of deepening the engagement of the business community or eradicating corruption in major international events.
- Curbing protectionism and strengthening the development of multilateral trade (by limiting e-crime, especially across borders). Agenda item: Enhancing Multilateral Trade.
The G20 has an opportunity to articulate a vision for shaping the Internet economy for the next five to 10 years. The power of the leadership of this body, combined with its ability to assemble and speak to a simple, positive narrative for cybersecurity anchored in our collective economic well-being (and GDP growth), could be a watershed event. The GDP erosion that all nations are suffering places cybersecurity within the legitimate processes and “architecture” of international economic governance. By changing the conversation to being about the economy and growth, this approach would enable the G20 to de-escalate the militarization and balkanization of the Internet. It has the added benefit of enabling Russia to demonstrate executive ownership of the topic (especially cybercrime), potentially changing the dynamics between the United States and China, and changing the conversation from attack and war to economic well-being and GDP growth. Perhaps we should take a lesson from Sun Tzu, who instructs in The Art of War that “on the ground of intersecting highways, join hands with your allies.” The United States and other global leaders must marshal political will to change the cybersecurity conversation. As the main economic council of wealthy nations, the G20 is the right venue to move forward.
© 2013 Hathaway Global Strategies, LLC
Melissa Hathaway is president of Hathaway Global Strategies LLC and a senior advisor at Harvard Kennedy School’s Belfer Center. She served in two US presidential administrations, where she spearheaded the Cyberspace Policy Review for President Barack Obama and led the Comprehensive National Cybersecurity Initiative for President George W. Bush. Ms. Hathaway is a frequent keynote speaker on cybersecurity matters, and regularly publishes papers and commentary in this field.
 From David Dean et al., (2012). The Digital Manifesto: How Companies and Countries Can Win in the Digital Economy. Boston Consulting Group report. Perspectives, 27. January.
 From Peter C. Evans and Marco Annunziata (2012). Industrial Internet: Pushing the Boundaries of Minds and Machines. General Electric report. 26 November. Page 13.
 Services and applications include, but are not limited to: e-mail and text messaging; voice-over-IP-based applications; streaming video and real-time video-conferencing; social networking; e-government; e-banking; e-health, e-learning; mapping; search capabilities; e-books; and IPTV over the Internet.
 From Frontier Economics London (2011). Estimating the Global Economic and Social Impacts of Counterfeiting and Piracy. A report commissioned by Business Action to Counterfeiting and Piracy. Paris: ICCWBO. Page 47.
 From UK Cabinet Office and Detica (2011). Cost of Cyber Crime. A Detica report in partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office. Available at: www.gov.uk/government/uploads/system/uploads/attachment_data/file/60942/THE-COST-OF-CYBER-CRIME-SUMMARY-FINAL.pdf.
The research article is available at: www.tno.nl/content.cfm?context=overtno&content=nieuwsbericht&laag1=37&laag2=69&item_id=2012-04-10%2011:37:10.0&Taal=2.
 Another view regarding the ideological disagreements regarding the Internet by Michael Joseph Gross can be found at: www.vanityfair.com/culture/2012/05/internet-regulation-war-sopa-pipa-defcon-hacking.
 This has the added benefit in that it provides a more focussed international venue in which to bring the cybersecurity conversation, while at the same time complementing other agendas of the ITU, OECD, and similar fora.
 A schedule of forthcoming G20 eetings is available at: www.uschamber.com/sites/default/files/international/files/G20_RUSSIAN_PRESIDENCY_CALENDAR_eng_29_11.pdf.
Internet governance involves highly complex, transboundary governance challenges in a rapidly evolving technical environment. Identifying effective policy options that can balance competing interests and conflicting values requires foresight and analysis. Governing the Internet presents timely expert opinion from CIGI staff and a variety of guest authors on governance options across a range of vital Internet governance issues.
The opinions expressed in this article/comments are those of the author(s) and do not necessarily reflect the views of CIGI or its Board of Directors and/or International Board of Governors.