It is almost impossible to read the news without coming across a lead story cataloguing the latest cyber breach or misuse of data. Intellectual property is being stolen from companies at an alarming rate, foreign actors are meddling in elections and criminals operate in the dark recesses of the internet. From the state to the individual level, these events lay bare the paradox of the digital economy and cyber security: on one hand, technology has led to convenience, efficiency and wealth creation. On the other hand, this great push to digitize society has meant building inherent vulnerability into the core of the economic model. This is all taking place atop a deeply fragmented and underdeveloped system of global rules.
Given this paradox, the Centre for International Governance Innovation (CIGI) has launched a new series titled “Governing Cyberspace during a Crisis in Trust.” In this video, Aaron Shull, managing director and general counsel for CIGI discusses the purpose of the series: to bring together members of the private sector, academics and policy makers to provide fresh thinking on data governance, cyber security and new technology. Ultimately, he concludes, the goal is to get trust in cyberspace right.
There’s a paradox in cyber security. On the one hand we’re trying to drive wealth creation and economic opportunity and prosperity, on the other hand what we’re doing is building economic vulnerability into our model because we’re connecting everything that we can to the internet.
The difficulty when it comes to making cyber security policy is that when we think about our governance structure, we usually do it in one of three ways. We look at economics on the one hand, we look at national security on the other hand and we look at international stability as a third and final pillar. The problem with that, of course, is now cyber security runs between all three of those pillars. So when I think about the rules that govern cyberspace, one of the starting points is actually the United Nations Charter. And that governs the use of force — or the threat of the use of force — between states. The problem, of course, is that the UN Charter was drafted in the 1940s and we’re sitting here today in 2019 dealing with transformative technology. So when you think about the way that states are operating in cyberspace the problem is they’re operating in this hybrid zone where it’s certainly aggressive, it’s certainly adversarial but it doesn’t necessarily meet the traditional thresholds that we see in modern international law as it relates to the conduct between states. So what we’re seeing is states being able to use that grey area to effectively undertake aggressive cyber action and cyber security knowing that the current governance structure is a little bit inadequate and antiquated.
The fact that the global rules are still in their infancy has led to a waning of trust in two important respects: one at the individual level and the second at the state level. So with respect to individuals, it’s hard not to see individuals changing the way that they’re interacting with technology because you can’t pick up a newspaper without there being a story about the greatest exploit that just happened. Think of Facebook, think of Cambridge Analytica. So we’re starting to see an erosion of trust at the individual level, which is deeply problematic. But even more so we’re seeing an erosion of trust at the state level. We’re looking at foreign adversaries meddling in elections, we’re looking at people stealing intellectual property, which erodes trust in the system, and that is the most dangerous thing that we’re seeing.
CIGI wanted to convene a group of experts to deal with this issue because of its importance and we took a bit of a different tack than most think tanks. We brought in CEOs of companies that are actually working day to day in this space. We brought in academics and policy makers to convene what we’re hoping will be an important national and international conversation to be able to get trust in cyberspace right.