Cyberattacks

A People-Centric Approach to Securing Cyberspace

Voiced by Amazon Polly

Candace Rondeaux 
Friday, May 14, 2021

The internet today is on the brink of reaching a state of entropy, as anyone who tried to fill up the gas tank of their car anywhere along the Eastern Seaboard of the United States this week knows. Nearly a week after a crafty network of cybercriminals penetrated the databases of the company that operates the massive Colonial fuel pipeline, which runs nearly the entire length of the East Coast, the United States is still reeling from the crippling cyberattack.

The ransomware attack forced the Colonial Pipeline company to close down a sizable portion of its 5,500-mile-long fuel conduit for days. Only quick action to isolate a server where the ransomware was lodged prevented an even worse catastrophe. Still, the impact was keenly felt and prompted the governors of Virginia, Georgia, Florida and North Carolina to declare a state of emergency over gas shortages after news of the hack drove up consumer anxieties. The online assault on the Colonial Pipeline not only triggered a rush of panic buying at the fuel pump, but also served as another reminder of the dismal state of U.S. cyber defenses—and the even sorrier state of global internet governance.

Only in the past few years has the conversation about how to deal with the very real-world consequences of the lawless realm of cyberspace started to take on real urgency. Safeguards are clearly needed to rein in the activities of criminal gangs, but also Big Tech and governments, in cyberspace. At stake is the future of the global architecture for information-sharing and economic exchange, and all that implies. One of the thorniest issues in these debates is that tech companies and their private-sector financiers hold much more power over the internet than governments. But what is often left out of the discussion is that, in the contest between governments and big tech companies to shape the digital new world order, it almost always seems to be ordinary citizens who lose.

There are no quick or easy answers to solving the challenge of digital global governance, and given the rapid pace of emerging technological developments in artificial intelligence and quantum computing, solutions could remain elusive for a long time. The future of internet governance looks cloudy at best. The only real certainty is that if ordinary citizens continue to allow governments and tech companies to dictate all the terms, existing flaws in a system that is already poorly governed will only further entrench divisions between nations and communities.

The problem of global digital governance must now be addressed with the same urgency as nuclear proliferation or climate change. In much the same way that the latter precipitated a worldwide movement that eventually led to the Paris Agreement, the highly networked problem of transnational data exchange and security in our information architecture demands a highly networked solution.

Some experts at the Nobel Prize Summit recently suggested the formation of an Intergovernmental Panel on the Information Environment as a possible remedy, modeled on the Intergovernmental Panel on Climate Change, or IPCC, that informs global climate diplomacy. The proposed U.N.-backed body would serve as a policy-neutral, globally accessible source of data and information about emerging technologies as well as gaps in internet governance, and the effects they have on human society. The panel’s dynamic analysis could then inform the process of setting rules and norms in cyberspace.

In the contest between governments and big tech companies to shape the digital new world order, it almost always seems to be ordinary citizens who lose.

That is a good place to start. But to ensure that citizens—and not just governments and well-endowed elites in more connected countries—have a voice in the conversation, I would tweak the concept. What the world needs now more than ever is a Wikipedia-style intercontinental panel on information and telecommunication technologies. The only way to navigate the sticky wickets of sovereignty, privacy and proprietary information and technologies is to build out the capacity for decentralized input from citizens around the world on the direction of our digital future.

The need to put citizens at the heart of these efforts became evident this week when the White House and FBI pinned the blame for the Colonial ransomware attack on the DarkSide cybergang, a shadowy network of hackers believed to be based in Russia and Eastern Europe. That set off speculation as to whether the Russian government was somehow involved, since the group typically only strikes targets in non-Russian speaking countries.

From the Biden administration’s perspective, whether or not the Russian government is directly involved, it should take responsibility for dealing with DarkSide and other cyber-criminal gangs that operate from Russian territory. Not surprisingly, the Kremlin’s top spokesman, Dmitry Peskov, was quick to deny any Russian involvement in the Colonial Pipeline hack this week. Russia’s diplomatic mission also said that the Russian government has repeatedly pressed the United States to engage in a dialogue about safeguarding cybersecurity infrastructure.

The only problem with Russia’s offers to discuss the future of the internet and information technology more broadly with the United States and other democracies is that Moscow appears bent on a one-sided conversation. Russia is currently pushing for changes to the Budapest Convention on Cybercrime, a 2001 treaty that outlines protocols for dealing with and developing national-level legislation on internet-based crimes such as trafficking in child pornography as well as stealing proprietary and private data. Russian officials say a global treaty would ensure cooperation between states on investigation of cybercrimes like the ransomware attack on Colonial Pipeline. But there are strong reasons to be skeptical of the Kremlin’s motives, as Human Rights Watch recently pointed out. Much like China, Pakistan and the Philippines, Russia sees the prospect of inking a global deal as an opportunity to criminalize internet-based dissent and criticism of government actions.

But while alarm over the Russian—and Chinese—model of internet autocracy characterized by extreme government control over information is warranted, the American alternative currently on offer seems to give free rein to surveillance capitalism driven by unbridled power for Big Tech. It is becoming blindingly clear that the American public and citizens in other democracies would be ill-advised to rely solely on governments, tech giants or even the U.N. to solve the problem of widespread insecurity on the web.

Resolving these competing visions of the digital future will be key to reining in cybercrime and defending data privacy from governments and Big Tech, but it will require the same kind of global response that precipitated the rise of the climate change activism. The truth is, if we want to save the internet from becoming the hunting ground of criminal bandits, dictators, demagogues and wealthy tech dilletantes with a political axe to grind, the public itself is going to have to take radical action.

Candace Rondeaux is a senior fellow and professor of practice at the Center on the Future of War, a joint initiative of New America and Arizona State University. Her WPR column appears every Friday.

World Politics Review