The Internet, Cyberspace, and Cybersecurity

The Internet, Cyberspace, and
Cybersecurity
The internet is central to modern life.
• Developed over the past few decades, it has evolved at a speed and
scope and gained an importance that was truly unimaginable to its
creators.
• Nearly 300 billion email messages are sent every day.
• The internet allows the flow of enormous amounts of data and
information among billions of users at extraordinary speeds—be they
individuals, businesses, governments, or organizations.
• Geography and distance count not at all.
The technology associated with cyberspace has its
constructive and destructive uses.
• What we know is that the internet functions
smoothly for the most part, facilitating a
worldwide flow of information and
communications.
• At the same time, we also know that the internet can be used to
 steal money and intellectual property (for instance, manufacturing secrets and
cutting-edge technology);
 compromise identities;
 violate individual and corporate privacy;
 influence political processes;
 inspire, train, and instruct terrorists;
 interfere with communications central to managing military operations; and,
 perhaps in the future, carry out attacks no less consequential than those
conducted with military force.
• The very connectivity and openness of the system also
makes it vulnerable, as does the rapid pace of change.
• Furthermore, we are introducing new weaknesses and
complexities as billions of sensors and devices are connected
to each other through the Internet of Things, and millions
more are coming online.
• The relative lack of oversight and policing of a domain and a
technology so critical to so many aspects of life and work.
• What has “governed” the internet is not a single authority so much as
a collection of individuals, civil society groups, corporations, and
governments, sometimes working together, at other times in parallel
or not at all.
Important Questions
1. How the internet should be used?
2. Who should have access to the data that users generate?
3. Who has the authority to decide policy when it comes to
the internet?
4. Do governments and formal international authorities
ought to take over?
The internet should be open, interoperable, secure,
and reliable.
• The internet already appears to be fragmenting, resulting in the
creation of several distinct internets. (This trend is sometimes
described as the “splinternet.”)
• Citing sovereignty, some governments, most prominently China, want
to restrict what the internet can bring into their country as well as the
ability of people in their country to communicate with one another.
The internet should be open, interoperable, secure,
and reliable.
• Some governments fear the internet will be used by political opponents to bring
about what they view as threatening political change, while others believe certain
content judged harmful (say, pornography) should be restricted.
• It is also becoming more common for governments to completely shut down the
internet or social media websites in response to terrorism or acts of communal
violence, fearing that people will use the internet to spread rumors or fan the
flames.
• In 2019 alone, Sri Lanka, Iran, and India all shut down social media or the entire
internet amid crises.
There is some international governance of the internet.
• In 1998, the Internet Corporation for Assigned Names and Numbers, or ICANN, was
created as a nonprofit organization to bring some order into what would otherwise be
chaos.
 As its name suggests, ICANN established a process to manage the granting of domain
names and addresses, that is, what you type into a browser when you want to go to a
website.
• There have also been international conferences and agreements to facilitate commerce,
advance human rights, protect privacy, and combat crime and terrorism.
 For instance, the UN has recognized that people have the same human rights online
as off.
There is some international governance of the internet.
• There have also been bilateral efforts to determine what is

permissible in cyberspace.
In 2015, for example, the United States and China agreed that they
would not “conduct or knowingly support cyber-enabled theft of
intellectual property” for commercial gain.
Ought there to be an exception to any potential ban on using
the internet to attack another country?
• Some would argue that an exception should be made that

allows countries to attack terrorists or countries that are
seeking to develop weapons of mass destruction or
advanced delivery systems.
The United States and Israel appear to have carried out such
cyberattacks to slow Iran’s nuclear program, and the United States
reportedly carried out cyberattacks to disrupt North Korea’s
nuclear and missile programs.
Ought there to be an exception to any potential ban on using
the internet to attack another country?
• Others might embrace such a rule in principle but violate it in

practice, seeing cyberattacks as a useful tool of war, be it to
deter or retaliate against an adversary that is stronger by
more conventional military measures.
 In this sense, the cyber domain can be a weapon of the weak,
because it is low cost and can cause a tremendous amount of
damage to a militarily superior enemy.
• Even if some collective agreement were possible, collective
enforcement would not be.
 What comes to mind as a parallel are the international rules and
norms as to when and how armed force should be used. Such rules
can serve a purpose in shaping behavior but frequently are ignored if
economic or national security interests are judged to be important.
• Beyond the lack of agreement, there is the reality that the
relevant technologies are quickly evolving and will continue
to do so. This makes it hard, if not impossible, for any
international rule-making body to keep up.
• Indeed, any such effort would need to include not just
governments but corporations central to the functioning of
the internet.
Improving global governance will be extraordinarily difficult.
• There is probably no realistic way of preventing or even discouraging

espionage by one government against another.
• But there are other government activities that might be ruled out of bounds,
including
 preparing for or carrying out attacks on one another’s physical infrastructure (for
instance, shutting down its power grid),
 interfering with one another’s politics (as Russia did during the 2016 U.S. presidential
campaign),
 stealing intellectual property, or sabotaging an entity such as a corporation, as North
Korea did to Sony Pictures.
There are a number of tensions and trade-offs when it
comes to regulating cyberspace.
• One is between individual privacy and collective security.
 The internet has emerged as a principal and widely shared
means for communicating.
 As a result, governments must determine under what
circumstances law enforcement and intelligence agencies
could read what is sent by one citizen to another with the
presumption that it is between them and no one else.
There are a number of tensions and trade-offs when it
comes to regulating cyberspace.
• There is as well the issue of what data pertaining to
individuals corporations should be allowed to collect and
keep.
In fact, in 2018 the EU implemented the General Data
Protection Regulation, which provides certain protections
to individuals in the EU regarding their data and has fined
U.S. companies such as Google for violating this law.
What are the alternatives to building an international
consensus on how best to govern and regulate cyberspace?
• Deterrence - is often discussed as one way to discourage certain unwanted
actions.
• If a government can determine who was behind some action in cyberspace that it
deems illegal or hostile, there is a range of potential responses.
Those violating the law can be treated as criminals and punished.
In the case of terrorists, a response could involve a physical attack.
If a government is behind the cyberattack, either directly or by supporting some
individual or group, economic sanctions, military action, and even some cyber-
related response can be options.
Steps can be taken to make systems less vulnerable even if not

invulnerable.
 Many actions for individuals and small companies come under the
rubric of cyber hygiene, such as
o using complicated, random sets of characters for passwords (as opposed to something like
“password123”),
o not writing passwords down next to your keyboard,
o using a password manager, and
o enabling two-factor authentication on social media, email, and banking accounts.
 Encryption may be an option.

 A user can also make sure he or she is running the most
recent software and continue to update that software.
 There is also a case to be made for resilience, including
o making critical equipment redundant,
o creating multiple backups of critical information, and
o ensuring business continuity under severely degraded conditions.
Conclusion
• Governing the internet promises to be one of this
century’s greatest and most important challenges,
and right now those favoring establishing rules are
losing out to fast-changing technologies that are
increasingly available to the many and not just a few.

The Internet, Cyberspace, and Cybersecurity

Uploaded by

Copyright:

Available Formats

The Internet, Cyberspace, and Cybersecurity

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

The Internet, Cyberspace, and Cybersecurity

Uploaded by

Copyright:

Available Formats

The Internet, Cyberspace, and

• There have also been bilateral efforts to determine what is

• Some would argue that an exception should be made that

• Others might embrace such a rule in principle but violate it in

• There is probably no realistic way of preventing or even discouraging

Steps can be taken to make systems less vulnerable even if not

 Encryption may be an option.

You might also like