July 5, 2012
TSG IntelBrief: The Evolution of Cyber Governance
As of early July 2012, documents recently made public by WCITleaks.org revealed proposals from various United Nations member states to the International Telecommunications Union (ITU) — the U.N. agency for information and communication technologies — that would increase government controls over the Internet. These proposals were being developed in advance of the World Conference on International Telecommunications (WCIT) to be held in Dubai, United Arab Emirates, December 3-14, 2012. Although billed as a "landmark conference [that] will review the current International Telecommunications Regulations, which serve as the binding global treaty outlining the principles which govern the way international voice, data and video traffic is handled, and which lay the foundation for ongoing innovation and market growth,"" issues regarding Internet governance are likely to be put before the membership for consideration and approval, including: cybersecurity, regulation of traffic routing, spam, data protection, and the mandatory application of technical standards.
Among the draft proposals is an initiative by China to give countries authority over "the information and communication infrastructure within their state" and require that online companies "operating in their territory" use the Internet "in a rational way," which telecommunications engineers believe would require member states to design and implement an Internet policing role. Other proposals would give the U.N. new and much broader authority to regulate online content with the objective of protecting against computer malware or spam. Yet another proposal would vest the U.N. with authority over allocating Internet addresses, replacing the Internet Corporation for Assigned Names and Numbers (ICANN), a private sector entity with responsibility for maintaining stable and secure functioning of the Internet through a contract from the U.S. Department of Commerce.
Conflicting Government Efforts to Manage Cyberspace
In response, the U.S. House of Representatives energy and commerce committee approved by voice vote a resolution demanding that the U.S. delegation to the WCIT reject any such proposals, and urging the preservation and advancement of a "multi-stakeholder governance model under which the Internet has thrived." This is in reaction to what some security observers see as an alarming trend toward imposing greater restrictions over the Internet and expanding government access to information.
Since 1998, Russia has proposed a draft resolution on cybersecurity in the U.N. General Assembly. The U.S. has consistently objected to this resolution on the grounds of non-convergent views of cybersecurity, and a Group of Governmental Experts (GGE) convened to discuss the issue failed to reach a consensus report. However, in 2010, another GGE was subsequently convened and produced a report in which the U.S. seemingly reversed its objections to the original resolution.
In September 2011, Russia and China proposed an international code of conduct for information security. Historically, the U.S. has opposed any arms control-styled agreements, citing the lack of viable verification and compliance regimes, as well as loopholes in the arrangements that would allow the use of third party proxies to conduct cyber attacks.
Within the U.S., several legislative proposals have been introduced that contain an Internet governance component. The Stop Online Piracy Act, which was suspended after massive protest, contained provisions that would allow certain Internet addresses to be blacklisted, which some have compared to the Chinese government's online censorship practices. Critics of the Cybersecurity Information Sharing and Protection Act contend that the legislation, which would facilitate information sharing between government and Internet service providers, gives the government the ability to police private citizens' Internet use.
Building the Hierarchy
Other U.S. legislative proposals included the creation of a White House office, and a Senate-confirmed position, with responsibility for cyber policy coordination across the federal government. In 2009, the White House announced the appointment of a U.S. Cybersecurity Coordinator — colloquially known as the "cyber czar" — and a cybersecurity office within the National Security Staff. Critics contend that because the position lacks budgetary authority and must report to both the National Economic Council and National Security Advisor, there is very little the cybersecurity coordinator can either concretely influence or realistically accomplish. Upon the recent resignation of the first cybersecurity coordinator, Howard Schmidt, there have been renewed calls for a position with statutory authority that could compel agencies to adopt cyber policy recommendations. Others have proposed further expanding the role of General Keith Alexander, who currently serves as the head of the military's U.S. Cyber Command and National Security Agency (NSA), to include responsibility for civilian cybersecurity policy.
The U.S. Department of Homeland Security (DHS) is the executive agent for civilian critical infrastructure protection and public-private partnerships, but has been criticized for its lack of technical expertise and resources. The Department of Defense (DOD) provides assistance to DHS through a Memorandum of Agreement on cybersecurity and under defense support to civil authorities provisions. However, critics argue that attempts to expand the DOD/NSA role into federal cybersecurity amounts to the militarization of cyberspace and could further inhibit consumer access to online information.
Two decades after the founding of the Internet, and with a number of supporting entities such as ICANN in place, the role of individual nations in managing — and controlling — cyberspace remains a hotly contested issue with widely diverging perspectives. Evolving well beyond its initial role as an unprecedented means of communication within the scientific, national security, and financial communities, and of far more importance than its position at the center of the entertainment universe, the Internet has also proven to be a powerful tool in the political realm. As such, whatever form of Internet governance that ultimately emerges will almost certainly be driven as much by political interests as by technological promise.
Also available: TSG Specialized Reports: The Soufan Group's world-class network of intelligence analysts produces specialized geopolitical and risk assessment products tailored to the unique needs of our clients in the public and private sectors. We welcome the opportunity to discuss your requirements and explore how our intelligence services can assist you in achieving your strategic objectives. For more information, please contact us at: email@example.com