Global Cybersecurity and the Internet Conundrum Thumbnail
Internet Governance 11 November 2018

Global Cybersecurity and the Internet Conundrum

By Olaf KolkmanPrincipal - Internet Technology, Policy, and Advocacy

Today marks the 100th anniversary of the armistice that ended the first World War. The 1918 ceasefire re-introduced a fragile peace that had collapsed when the world failed to defend common rules and international cooperation. International security and stability are as important now as they were a century ago.

That’s why French President Emmanuel Macron and leaders from around the world are about to gather in Paris for the first Paris Peace Forum. The forum will attempt to pave a way forward for a world that is shifting and changing faster than most of us can keep up with. That change and shift, and the speed of it is enabled by the Internet.

That is why the Internet Society is participating in the Forum.

I will be in Paris to speak on a panel about creating peace in cyberspace. Cybersecurity concerns across the world are real and justified and need to be addressed. We believe that the collaborative approach that helped to drive the growth of the Internet and allows it to thrive is essential for establishing cybersecurity.

The essence of a collaborative approach is that it allows stakeholders to create a shared vision for security.

The Shared Vision

At the Paris Peace forum there will be many places where we will talk and try to converge on a shared vision

For example, we  support the work of the Global Commission on the Stability of Cyberspace (GCSC) – for which I am allowed to serve as commissioner. The GCSC has developed the “Call to Protect the Public Core“.  In fact, in the lead up to the Paris Forum, the GCSC  introduced six more norms towards cyber stability.

But while a shared vision is necessary for successful collaboration, it is not sufficient. We need to get to action.

Securing Cyber

Implementing the cybersecurity vision doesn’t come from a single technical fix or upgrade, nor will it come from a treaty or declaration. Improving security is done in a highly distributed way with the responsibility in the hands of many. This means participation not only by policymakers and a few companies from Silicon Valley, but millions of security practitioners, developers, implementers, protocol developers, network operators, civil society groups, and researchers.

And as we work to secure the broader cybersecurity environment, we have to make sure that we do not break the Internet along the way.

Can You Actually Break the Internet?

In short: specific regulatory or even technical interventions may break the Internet.

And now for a longer explanation of what that means.

For the Internet Society, the Internet (capital I) is the open network of networks voluntarily interconnecting to deliver connectivity globally. This network of networks enables those that connect to develop and deploy applications.

A metaphorical description of the Internet Architecture is an hourglass.

The sand in the bottom half is the physical infrastructure that makes the Internet work. It is the network of networks each making their own competitive and technical choices to compete in the market of offering connectivity.

The sand in the top half of the hourglass is made of Internet applications like social media, blockchain, email, messaging, and all the apps we use in our daily lives.

While the top and bottom parts of this hourglass need each other for the hourglass to work, they are very loosely coupled and their interaction is limited. Basically, they are the two most co-dependant strangers you will ever come across.

The thin funnel at the center of the hourglass contains the protocols and technologies that provide the ability for the applications in the top half of the hourglass to benefit from a single global Internet. The Internet Protocol (IP), the global Domain Name System (DNS), various transport protocols such as the Hypertext Transport Protocol (HTTP), and global authentication and encryption infrastructure provide the ability to interoperate and establish a baseline of trust that allows all of these applications to flourish.

The beauty of the Internet is that the technology is agnostic. The bottom half and funnel of the hourglass have no idea what is running above it – whether it’s an email to your mom, a cat picture to Instagram, or a million rupee transaction.

It is the loose coupling between the top and bottom of the hourglass, that offers the ability to invent new applications without having to negotiate with the network; the networks do not need to have detailed knowledge about the working of the applications, and the applications do not have to understand the workings of the networks. Without this property of permissionless innovation, inventions like the World Wide Web, messaging apps, or Blockchain would likely not have been possible.

Losing out on either global connectivity or permissionless innovation will impact the ability that the Internet brings for social and economic prosperity.

A growing number of countries are putting these opportunities at risk by proposing policies or laws to regulate technology in the bottom half of the Internet hourglass in reaction to security challenges appearing on the top half of the hourglass. An example of this would be a law that restricts Internet connectivity in reaction to concerns about social media content. It is these kinds of policy approaches that worry us – while individual measures may not immediately break the Internet, they will lead us down a path where we find that we have lost the properties that make the Internet what it is. It will no longer be a global network of networks, but a tightly controlled tool where someone else is in charge of what we see and do.

We may think that pulling a hair or two is OK, but at some point, we’ll be bald.

Back to the Paris Peace Forum.

In Paris, we join a vision for a secure society in which the Internet plays a major role.

That vision calls for action.

  • Action that is deliberate, distributed, and takes a global perspective.
  • Action that is already ongoing all across the Internet technical community.
  • Action in which regulation, tax, and other government tools have a role but are not the only tools in the box.
  • Action that attempts to address issues at the appropriate layer – the half of the hourglass where the problems arise. And most important;
  • Actions that do not break the Internet itself while also addressing the legitimate needs of society.

The Internet Society CEO, Andrew Sullivan, recently summarized this as, “We must not save the Internet by breaking it, denying humanity this tool that can benefit us all.”

Tweet your support for an Internet that’s for everyone! #DontBreakTheInternet

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Strengthening the Internet 18 March 2024

What Governments Can Learn from Canada when Regulating Online Harms

Canada's Online Harms Act should be an example of how to protect the fundamentals of the Internet while improving...

Shaping Future of the Internet 1 February 2023

Your Chance to Be the Changemaker

It's not every day a fellowship program changes lives. But that's exactly what we see when our alumni set...

Internet Governance 6 December 2021

Uniting the Internet at IGF 2021

Numerous Internet Society experts will be taking part in the Internet Governence Forum 2021.