There’s a paradox in cyber security. On the one hand we’re trying to drive wealth creation and economic opportunity and prosperity, on the other hand what we’re doing is building economic vulnerability into our model because we’re connecting everything that we can to the internet.
The difficulty when it comes to making cyber security policy is that when we think about our governance structure, we usually do it in one of three ways. We look at economics on the one hand, we look at national security on the other hand and we look at international stability as a third and final pillar. The problem with that, of course, is now cyber security runs between all three of those pillars. So when I think about the rules that govern cyberspace, one of the starting points is actually the United Nations Charter. And that governs the use of force — or the threat of the use of force — between states. The problem, of course, is that the UN Charter was drafted in the 1940s and we’re sitting here today in 2019 dealing with transformative technology. So when you think about the way that states are operating in cyberspace the problem is they’re operating in this hybrid zone where it’s certainly aggressive, it’s certainly adversarial but it doesn’t necessarily meet the traditional thresholds that we see in modern international law as it relates to the conduct between states. So what we’re seeing is states being able to use that grey area to effectively undertake aggressive cyber action and cyber security knowing that the current governance structure is a little bit inadequate and antiquated.
The fact that the global rules are still in their infancy has led to a waning of trust in two important respects: one at the individual level and the second at the state level. So with respect to individuals, it’s hard not to see individuals changing the way that they’re interacting with technology because you can’t pick up a newspaper without there being a story about the greatest exploit that just happened. Think of Facebook, think of Cambridge Analytica. So we’re starting to see an erosion of trust at the individual level, which is deeply problematic. But even more so we’re seeing an erosion of trust at the state level. We’re looking at foreign adversaries meddling in elections, we’re looking at people stealing intellectual property, which erodes trust in the system, and that is the most dangerous thing that we’re seeing.
CIGI wanted to convene a group of experts to deal with this issue because of its importance and we took a bit of a different tack than most think tanks. We brought in CEOs of companies that are actually working day to day in this space. We brought in academics and policy makers to convene what we’re hoping will be an important national and international conversation to be able to get trust in cyberspace right.