At the same time, using the Internet is not without risk. Malicious actors also see opportunities to gain benefit through fraud, thwart the activities of others or cause other damage.
Of course, closing the Internet is not the solution. Moreover, great care should be taken to preserve the positive potential of the Internet invariants when addressing “cybersecurity” issues.
The starting point is that there is no absolute security. There will always be threats and vulnerabilities, so our concept of “secure” has to reflect that reality. We need think about “secure” in terms of residual risks that are considered acceptable in a specific context. That is also why “resilience” is an important metric when defining the objective of Internet security efforts.
But the Internet, with its high degree of interconnection and dependencies, brings another dimension to the management of risks. Security and resilience of the Internet depends not only on how well risks to you and your assets are managed – the “inward” risks, but also, importantly, on the management of risks that you (by your action or inaction) present to the Internet ecosystem – the “outward” risks. Additionally, some risks need to be managed by more than one actor. This is the notion of collective and shared risk management – a notion that is well aligned with the “public interest” nature of the Internet.
Sounds easy right? Well … the problem is that, in many cases, good netizenship doesn't have an immediate business case, although many would probably agree that it benefits an organisation in the long run. The presence of externalities, which disconnects costs from benefits, is one of the key stumbling blocks here.
Even so, throughout the history of the Internet, collaboration among participants and shared responsibility for its smooth operation, have been two of the pillars supporting the Internet’s tremendous growth and success, as well as its security and resilience.
Interested in learning more?
To help explain these underlying aspects of Internet security and resilience, the Internet Society has produced a short paper available at:
We have also developed a section on our website to highlight our policy activities in this area:
http://www.internetsociety.