The rapid growth of the Internet, and the risks and rewards this brings, are moving issues of cybersecurity and Internet governance to the forefront of policy debates around the world. As more people are connecting to the Internet and using it for myriad reasons, both public and private, and as infrastructure sectors such as energy, transport and water become interconnected, societal dependence on the Internet increases dramatically. How can this international ecosystem be adequately secured and governed? What might things look like in 2020?
The public Internet is approximately 20 years old, and in that time, one-third of humanity — roughly 2.4 billion people — have been connected. The majority of this growth has been in the United States and Western Europe, where the technologies and protocols underpinning distributed systems were developed and honed. But the dramatic expansion of networked users and devices is currently taking place in other regions, such Africa, Asia and Latin America.
Asia alone has more Internet users than North America, Europe and Latin America combined. By 2020, the number of users worldwide will double to approximately five billion. One leader in network systems and services estimates that by 2015 there will be twice as many networked devices as people, and by 2020 more than 50 billion “things” will be connected to the Internet.
This is an environment that is quickly becoming more international and less Western-centric, and the richness, diversity and opportunity that is being unlocked is cause for celebration. The barriers to entry are steadily lowering, and many new users are skipping fixed-line access altogether. Instead, they access the Internet through mobile devices and leverage the power of cloud computing services to run graphical and processing-intensive applications. The advantages and efficiencies to be gained from this interconnection are significant for individuals, corporations and governments. The commercial and social benefits and incentives cannot be ignored, as they are the real motivation behind Internet expansion.
This dependence, however, brings risks and potential vulnerabilities to the system and to individual users. Governments are struggling to keep up with the pace of technological change. It is difficult enough for them to exploit the environment for economic gain, much less provide security. In any case, greater connectivity tends to militate against higher security. The fabric of the Internet — its internetworking protocols — is based primarily on trust relationships, and it is impossible to depend on trust while ensuring iron-clad security.
Security and governance (both of which ultimately boil down to levels of control) are becoming more difficult in this diverse environment. The “permission-less innovation” of the Internet allows for immense creativity, but also introduces systemic dependencies and vulnerabilities. Organized criminals exploit legal and jurisdictional gaps, and industrial espionage is a persistent threat to the public and private sectors. As “big data” (large and complex data sets) becomes a reality for governments and corporations, there is the risk of large-scale losses of personal or proprietary information.
Governments are also part of the problem, and many are attempting to exert sovereignty in cyberspace in the same way as they do in physical domains. The fact that private companies are dominant in this ecosystem is a foreign concept to many policy makers, and the unfettered Internet access of their fellow citizens is unsettling. Policy initiatives to cope with these challenges are often highly contested, both at home and abroad, and governments are gradually realizing that they must adapt and develop new strategies.
Pathways for Progress
It is easy to become fixated on the latest incidents of hacking, cybercrime or espionage, and while there are a host of technical measures that can be implemented to address these issues, they only capture part of the solution. Political progress is necessary, in particular, more frequent high-level discussion regarding the implications of global dependence on a shared network.
Those who fear that revised international regulations (for example, through the UN International Telecommunication Union) will allow for domestic surveillance and repression miss the point that these activities are widespread. In reality, little the United Nations says or does can persuade governments to take domestic actions that are against their own interests.
Many Western states are attempting to manage the decline of their once-dominant online power, making discussion or negotiation between them and rising powers a particularly difficult exercise. Increasing the level of predictability and stability in the Internet environment is important. Viewing stability as a zero-sum game is a losing strategy, and one that benefits no one.
High-level discussion on these issues is beginning to take place in forums around the world, but tangible progress remains nascent. At the recent Budapest Conference on Cyberspace, it was a sign of progress that representatives from the United States, China and Russia participated and openly vocalized areas of genuine disagreement.
Now is the time to engage, influence and negotiate on security and governance. The trade-offs required to build confidence among states may appear high, yet “cyber power” is becoming increasingly diffuse, with fewer dominant actors and more mid-level players.
Engaging with the private sector and non-governmental organizations (NGOs) is integral to this process, and governments that overlook this do so at their peril. To speak of critical “national” infrastructure is increasingly anachronistic, as supply chains stretch around the world and privatized infrastructure is operated by foreign-owned multinationals. NGOs bring an independent voice to the table, and can be vocal when necessary (for example, the demise of the proposed Stop Online Piracy Act/Protect Intellectual Property Act legislation in the United States).
Current Internet governance mechanisms must adapt and be responsive to these power shifts if they are to retain legitimacy and survive. This adaptation can also lay the foundations for better security, by first raising the level and frequency of political interaction needed to develop governance measures.
The composition of the Internet is changing rapidly — while attempts are being made to stabilize it — and it will only grow more crowded and complex with time. The Internet of 2020 is likely to be more turbulent than tranquil, with far more stakeholders who desire a share of the decision-making process. Bridging these ideological divides and building confidence in security and governance measures will not get easier or cheaper. Do policy makers want to pay now or in 2020?
Dave Clemente is a research associate in the International Security department at Chatham House, London, UK.