Cybersercurity is an important component of national security, says Tais Maldonado Niffinegger. Coordination between private and public sector is highly required, he says. A number of international organizations are working to improve cybersecurity.
Cybersercurity is an important component of national security, says Tais Maldonado Niffinegger. Coordination between private and public sector is highly required, he says. A number of international organizations are working to improve cybersecurity.
Cybersercurity is an important component of national security, says Tais Maldonado Niffinegger. Coordination between private and public sector is highly required, he says. A number of international organizations are working to improve cybersecurity.
Initially designed for academic purposes, the Internet started as a tool for improving the communication between users. By that time, cybersecurity was not a relevant issue. Along with the development of this important technological tool, the use of the Internet in contemporary life became absolutely essential. The Internet is present everywhere and we became increasingly dependent on it (U.S. National Cybersecurity, 2004). Today we cannot think of communication, commerce, control systems, entertainment industry, education, health system, data storage, among others, without thinking about the Internet. Many kinds of threats, however, accompany the growth of he information society. As most of the essential services depend on information and communications technology (ICTs), attacks against informational applications and cyber infrastructures take a very destructive potential. According to the International Telecommunications Union (ITU), making the Internet safer is fundamental for the development of new services and also for protecting governmental policy. In this sense, cybersercurity is an important component of national security. Similarly, the he Organization for Economic Co-operation and Development (OECD) stresses that cybersecurity strategies recognize that the economy, society and governments now rely on the Internet for many essential functions and that cyber threats have been increasing and evolving at a fast pace (OECD, 2012). Those strategies seek for governmental coordination and
1 Master student in International Public Management at the Paris School of International Affairs Sciences Po. definition of responsibilities and roles. According to OECD studies, the key points are the respect to common values (privacy, free flow of information and freedom of speech). In that sense, coordination between private and public sector and international cooperation are highly required. Modern economys dependency on the Internet brings several consequences on cybersecurity policy making. Thus it is necessary to adopt strategies that approach cybersecurity in a more integrated and comprehensive manner. An important multilateral initiative, ITUs Global Security Agenda (GCA) comprises seven main strategic goals, built on five work areas: legal measures, technical and procedural measures, organizational structures, capacity building and international cooperation. Also in the international level, other initiatives also focus on cybersecurity, like G8s Subcommittee 773 on High-tech Crimes, the General Assembly of the United Nations and Council of Europe (CoE). At the regional level, the most relevant action plans have been carried out by the European Union (UN), The OECD, the North Atlantic Treaty Organization (NATO) the Asia-Pacific Economic Cooperation (APEC), the Commonwealth, the Arab League and Gulf Cooperation Council and the Organization of American States. The international framework on cybersecurity includes the Council of Europes Convention on Cybercrime, several bilateral arrangements between countries and a large number of recommendations from international and regional organizations. Representing an important regional player, the European Commission Joint Research Center (JRC) provides independent, technical and scientific support throughout the whole policy cycle and. It plays an important role by stimulating innovation, cooperation, standardization and also by sharing its know-how with the Member States, the scientific community and international partners (OECD, 2012). One of the most actives State actors is the United States of America, who maintains bilateral agreements on legal cooperation in criminal matters (including cybercrime) with more than twenty other countries (those are called Mutual Legal Assistance in Criminal Matters Treaties). At the multilateral level, the ITU is one of the most operating institutions, and, beyond coordinating general policies towards international communications technologies (ICTs), the organization produces a large number of security frameworks, standards and architectural solutions. Along with the technical debate, the ITU also discusses political matters regarding technological development. Considering that communications infrastructure is globally interconnected, governments recognize it is necessary to address cybersecurity policies and guidelines holistically rather than in a fragmented manner as in the past (OECD, 2012). Many international organizations are now debating feasible models of cooperation and, despite divergences between various actors, a possible strategy would be to first address non sensible issues, by sharing informations and design common policies (e.g. combat to spamming and child pornography). Identifying those activities more likely to be part of wide-ranging agreement and establishing roles and responsibilities would certainly be a great contribution to the international community (Sofaer, D. Clark, and W. Diffie, 2010). The need for better alliances and more cooperation agreements between countries and counterparts are one of the shared key points in many national and regional strategies. For instance, governments often mention capacity building and legal cooperation as a clear objective for international coordinated action, however there is still little detail concerning how those shares objectives should be implemented. International agreements on cybersecurity can only be possible if they consider significant idiosyncrasies between activities regulated by established international regimes and cyber systems (D. Clark and Diffie, 2010). Some of those relevant initial barriers for international cooperation are limitations of governments regarding national security, contradictory national policies about, privacy and other sensible issues. However, whether the list of non-negotiable themes can be quite large, international cooperation may still address many of common problems that could prove beneficial. A global approach of information security would be extremely useful to facilitate the definition and execution of national cybersecurity strategies and international cooperation, to create a common know-how based on well recognized standards, to avoid redundancy of works and efforts and to optimize coordination between parties (Schjlberg and Ghernaouti-Hlie, 2009). In that sense, some important initial strategies shall comprise guaranteeing the free flow of information, creating common responses to increasingly serious risks, fostering risk-based approach and establishing roles and responsibilities. More sensible subjects could be more carefully examined in a further moment. Good practices: Cybersecurity has been largely discussed at the General Assembly of United Nations, which adopted several Resolutions addressing themes like the definition of cybercrime, cyberterrorism, critical infrastructure protection, spam, attacks on cyber infrastructure, and the need for capacity building. Other successful multilateral initiatives worth mentioning are the Conferences on Cyberspace (2011, London) and the Meridian Process, designed to provide to governments the background for discussing how to work together on policy-building on Critical Information Infrastructure Protection (CIIP). The Budapest Convention on Cybercrime appears as an interesting example on joint strategy shared by several countries. In conclusion, it is already consensual that the global nature of the Internet networks and the informational communication technologies industry require a multilateral understanding of cybersecurity, which can only be effective through cooperation in a multi-sector governance model. The effort of building a common legal understanding by multiple players certainly strengthens a global strategy concerning cybersercurity. The need for an international strategy is shared by important international actors and stakeholders like the ITU (Global Cybersecurity Agenda), the US government (White House, 2009), OECD, CoE and many regional organizations. Governments should therefore find the right balance between ruling their genuine competence in national security and addressing important issues that might impact economic security and private sector systems. Even though there are more recent initiatives in international level, the cooperation should be a priority.
References: Dynes, S., E. Goetz and M. Freeman. 2007. Cybersecurity: Are Economic Incentives Adequate? In Critical Infrastructure Protection.
Cybersecurity Policy Making at a Turning Point. OECD, 2012. Available at: http://www.oecd.org/sti/ieconomy/cybersecurity%20policy%20making.pdf
Kurbalija, Jovan. An Introduction to Internet Governance, 6th Edition. Published by DiploFoundation (2014). Available at http://issuu.com/diplo/docs/an_introduction_to_ig_6th_edition/1.
Sofaer, D. Clark, and W. Diffie, Cyber Security and International Agreements, in National Research Council (NRC), Proceedings of a Workshop on Deterring Cyberattacks: Informing Strategies and Developing Options for U.S. Policy (2010).
Schjlberg, Stein and Ghernaouti-Hlie, Solange. A Global Protocol on Cybersecurity and Cybercrime: An initiative for peace and security in cyberspace. Cybercrimedata, 2009.
The White House, Cyberspace Policy Review: Assuring a Trusted and Resilient Information and Communications Infrastructure, May 2009.
U.S. National Cybersecurity. William J. Perry. Martin Casado, Keith Coleman, Dan Wendlandt. MS&E 91SI. Fall 2004. Stanford University.