Cyberspace: Securing a future that has already arrived
Nuclear plant in South Korea hacked... Cybersecurity units to protect Russia’s nuclear weapons stockpiles... Cyberattack on German steel factory causes 'massive damage'... China warns of US arms race in cyberspace... Computer malware targets European agencies... No, North Korea didn’t hack Sony... Energy sector a prime target for cyber-attacks...
Cyberspace has become an essential component of modern society. Fast-developing information and communication technologies (ICT) are being connected to the Network of Networks ‒ the Internet. Both ICT as a technological information infrastructure, and cyberspace ‒ a toponym of a new global place in which already one-third of humanity socially interacts ‒ are direct enablers of sustainable development: new education models and outreach, improved healthcare systems, empowerment of women and marginalised groups, support for environmental protection, energy optimisation, more transparent and accountable governance, international peace and security... Because of the obvious benefits of this connection, critical societal infrastructure, the financial sector, governmental services, the security sector, schools, and hospitals are becoming increasingly and irreversibly dependent on interconnectivity and the global network. As are citizens.
The merits of an open Internet are accompanied by threats. In 2014, Bloomberg estimated that The global economy suffered to the tune of more than US$400 billion because of cybercrime; former US NSA Director General Keith Alexander warned in 2012 that ‘cyber-thefts from the networks of public and private organizations, including Fortune 500 companies, represent the greatest transfer of wealth in human history.’ Yet in spite of the high costs related to stolen data ‒ over US$250 per record (some attacks involve millions of records) ‒ companies spend less than the price of a cup of coffee per employee per day on IT security, warns Ed Gelbstein, Senior Fellow of DiploFoundation. Critical industry is increasingly becoming a prime target of cyber-attacks: according to Symantec, the energy sector was the fifth most targeted sector worldwide. To add insult to injury, recent cases confirm that ‘hacking gets physical’ as Forbes put it, resulting in physical disruption to operations; in today’s interconnected society (rather than tomorrow’s) this means that power plants, water supplies, traffic controls, and other critical infrastructure may be put out of service causing not only business but also social disruption.
Cybersecurity therefore is high on the priority list of concerns for national security as well as for international peace. Many countries, however, do not consider digital issues seriously, believing they are still digitally too underdeveloped for cyber-threats to pose a high societal risk. Countries of South-Eastern Europe are no different: very few of them have any institutional (operational or legislative) mechanisms to prevent or react to cyber-incidents. Research warns that the risk is, in fact, high: a financial loss of a potential country-scale attack on information infrastructures – similar to what happened to Estonia in 2007 – is over €10 million per day for Serbia, growing almost exponentially with each day in case the country doesn't have incident response mechanisms. At the same time, the asymmetry of cyberspace enables the attackers to conduct such a comprehensive attack with very little knowledge and an investment of less than €10 000.
Without national, regional, and global cooperation mechanisms in place to secure cyberspace, the end-users are also left to manage various online risks on their own. Kaspersky, a leader in anti-virus software, reports an average of over 4.5 million attacks on users every day ‒ identity theft, scams, financial fraud, bullying, child abuse, and others. This undermines trust in ICT by the citizens, causing an impediment for the adoption of new digital opportunities by the existing 3 billion connected citizens, let alone the next billions ‒ dominantly from the Global South ‒ we hope to connect in years to come.
Comprehensive global initiatives to ensure an open, safe and secure Internet are therefore a precondition for sustainable development. The UN World Summit on the Information Society (WSIS), one of whose objectives is to ensure that ICT helps deliver sustainable development, has taken security in the use of ICT as one of its action lines. The ongoing WSIS+10 review process will conclude this autumn and will contribute to the closing debates in the UN process on the Sustainable Development Goals (SDG). The UN Internet Governance Forum (IGF), however, is a leading global forum that involves different stakeholders ‒ governments but also the corporate sector, civil society, and academic and technical communities ‒ on an equal footing to discuss Internet governance challenges. At its 10th annual meeting in September 2015 in Brazil titled ‘Evolution of Internet Governance: Empowering Sustainable Development’, cybersecurity is one of the eight sub-themes that will frame the discussions. The OSCE has also stepped into the field in 2013 with the Permanent Council decision (No. 1106) defining a set of confidence-building measures related to the ICT security.
At the same time, a global response requires evidence-based digital policies and institutional mechanisms at national level and strengthened cooperation at regional level. The dual-use feature of ICT ‒ it can be used both for good causes and for cyber-attacks ‒ requires all users to work together to secure cyberspace, and especially SMEs and corporations, government institutions, operators of critical infrastructure, and academic networks. States, therefore, need to establish multistakeholder-based cooperation platforms that can help in setting up Computer Emergency Response Teams (CERTs) and national cybersecurity centres, as well as national strategies and legislative frameworks related to cybersecurity. On the top of this, regional cooperation should be established to include the exchange of information and best practices at a minimum.
South-Eastern Europe ‒ and particularly the Western Balkans ‒ is lagging behind with weak institutional mechanisms and frameworks and also the institutional awareness and capacity to respond efficiently to these emerging challenges. Countries like Switzerland or Finland, with comprehensive and inclusive cyber-policies and strategic views for cyber-diplomacy, are willing to share their experiences and assist our region in developing capacities. It remains a hope that specific opportunities ‒ such as Serbia’s chairmanship of the OSCE in 2015 ‒ will be used as a political trigger for the region to develop cybersecurity mechanisms and cooperation among the states and across the stakeholder communities, and get ready to reap the societal and developmental benefits of an open and secure cyberspace.
Director, E-diplomacy and Cybersecurity Programmes, DiploFoundation
Back to SEE Views