Back to blog

Ins-and-Outs of Cyber Governance

Pathlock
March 28, 2016

Ins-and-Outs of Cyber Governance

The evolution of the term, “Cyber Governance”

The internet started around 1969 as a local network within the government and military communities. However, as people outside of government began to use it and the World Wide Web began to form, the governance of the internet moved to the international voluntary sector. The 2003, the World Summit on Information Society (WSIS) laid down the principles of internet governance as a bottom-up, transparent structure.
The international management of the internet should be multilateral, transparent and democratic, with full involvement of governments, the private sector, civil society and international organizations.
It may not have been possible for WSIS to imagine, back in 2003, how the internet would become such a powerful force, not only for international communication but for the control of the hardware of the society. As more and more functions are addressable on the internet, and as the volume of people skilled in internet technology in an out of the rule of law increases, the internet has moved out of the world of bottom up idealism, sadly perhaps. In 1982, the darker side of the internet started to emerge as United States national security officials launched a cyber attack on Soviet Union which caused a pipeline to explode. In 1986, a University of California physicist uncovered a global hack of United States academic, military and government computers. This was the first cyber security investigation of its kind. It revealed online hacker threats around the globe. The first “worm” attack occurred in 1988. These several lines of code written by Cornell University student, Robert Tappan Morris, replicated itself wildly. It disrupted 10% of the 88,000 computers that were linked to the internet at that time. Then it got continuously more widespread. From 2008 when the Chinese GhoNet was discovered by Canadian researchers, to worms like “Stuxnet” in 2010, to major intellectual property thefts in 2012, the problem of internet lawlessness and the need for internet governance on a global scale has become increasingly evident. The term “internet governance” has evolved over time. When the internet first opened in the mid-1990s, the term simply referred to issues of domain names and global synchronization. It has recently become increasingly bound up with issues of cyber security from the local to the international scale.

Global Scale:

According to a report from the Council on Foreign Relations U.S. Officials are finally responding to the potential for global cyber attacks by agreeing to participate in talks to develop rules for the virtual world. The Council has some strong recommendations. It says,
…the United States should issue two ‘cyber declaratory statements,’ one about the thresholds of attacks that constitute an act of war and a second that promotes ‘digital safe havens’–civilian targets that the United States will consider off-limits when it conducts offensive operations.
The United States, The Council believes, should engage other nations as well as private corporations to issue similar statements. These statements would form the skeleton for a system of international norms which resolve themselves into a set of standards. Explicit statements, the Council believes, give potential attackers how the United States will respond to identified types of attacks, making signaling easier and improving stability. The world has finally come to the realization that cyberspace has a major impact on what we have always thought of as the “real space.” Systems of cyber governance have to be internationally worked out. Despite efforts to achieve international agreement on “rules of the road” in the cyber domain, progress has been slow. There are deep ideological divisions between nations that are exposed in talks about cyberspace. The need for this development is urgent, especially as the internet develops more systems for controlling infrastructure like power grids and communications. The rules of cyber governance have to include cyber attacks that are functionally equivalent to conventional armed attack and cyber attacks on a smaller scale that interfere with public data, government systems and financial markets. Pathlock is an international company that provides enterprise-wide approaches to effectively govern cyber risk. Please contact us to learn more.