A quest for order amid cyber insecurity
A quest for order amid cyber insecurity
1. CONTEXT OF THE NEWS
The present time is both, the best and worst for cyberspace.
Apple, Amazon and Microsoft have amassed over a trillion dollars in market value since the beginning of the year 2020.
However, on the other hand, cyber-attacks have grown as well.
2. INCREASING CYBER-INSECURITY
2.1 Increasing malwares
- A report puts the number of daily malware and phishing emails related to COVID-19 to over 18 million in a single week in April 2020 monitored by a single email provider.
- This was in addition to more than 240 million COVID-19-related daily spam messages.
- Twitter hackers and ransomware targets too are increasing by the day.
2.2 Cyber-attacks and States
- Concerns about role of states in cyber-attack are also surfacing as mentioned by Australia.
- There are also allegations on China regarding hacking health-care institutions in the U.S. doing research on COVID-19 treatment.
- The United Kingdom has warned Russian state backed hackers targeting pharmaceutical companies working on COVID-19 vaccine.
- India has recently banned specified Chinese Apps stating that they are “engaged in activities prejudicial to the sovereignty and integrity of India”.
- This act of the Indian Government adds another layer of complexity to the contestation in cyberspace.
- Therefore, clearly the cyber insecurity of individuals, organisations and states is expanding amidst the COVID-19 atmosphere.
2.3 Better understanding of Global Cyberspace
- The world is increasingly moving in the digital space. People are adapting to new ways of digital interaction and an increasing number of critical infrastructure is turning digital.
- However, despite the accelerated pace towards digital technologies, most of us do not understand the parameters of the transformation towards digital.
- Much like the global public health, cybersecurity too is considered a niche area and is left to the experts.
- The covid-19 pandemic has underlined the importance of the global public health infrastructure and the need to abide by agreed rules.
- On similar lines, a better understanding of the global cyberspace architecture is also imperative.
3. NO GLOBAL COMMONS
3.1 The global commons
- International law identifies four global commons viz. the High Seas, the Atmosphere, the Antarctica and the Outer Space.
- The borderless global cyberspace is also considered a part of the “global commons”, however experts are of the view that it does not exist.
3.2 Border control on cyberspace
- The view of cyberspace in terms of connectivity across national boundaries is an illusion.
- Since the internet is dependent on the physical infrastructure that is under national control, the internet too is subjected to border control.
- States control the national networks through laws in accordance with their international commitments.
3.3 Responsibility of States vis-a-vis cyberspace
- States are also responsible for the following:
- Ensuring cybersecurity,
- Enforcing laws related to cyberspace
- Protection of public good
- Apart from their own actions, States are also responsible for actions taken from within their sovereign territory.
- However, the implementation of the States' responsibilities towards cyberspace is difficult, since the infrastructure on which the Internet is dependent, falls within the jurisdictions of multiple states.
- These states have differing approaches towards the view of cyberspace and cybersecurity.
3.4 Multiple Stakeholders
- There are multiple stakeholders in the cyberspace including both states and non-state actors.
- The non-state actors play key roles with both benign and malignant intentions.
- Furthermore, some networks are private which have different objectives than the states have.
- At last, the cyber tools too have dual use, cheap and make attribution and verification of actions quite a task.
3.5 Developing cyber norms
- Despite the presence of both state and non-state actors, only the states have the right of oversight.
- There is no single authority for the global cyberspace like the World Health Organization, which can monitor, assess, advise and inform about fulfilment of state commitments, in however limited or unsatisfactory a manner.
- To put it simply we are still searching for the cyber "rules of the road".
- Presently we are in the developing stage of “cyber norms” that can provide a balance between the competing demands of national sovereignty and transnational connectivity.
4. GAPS IN CURRENT PROCESSES
4.1 UN and Cybersecurity
- In 1998, Russia raised the issue of information and communications technologies (ICTs) in international security on the UN agenda.
- Since then, six Group of Governmental Experts (GGE) with two-year terms and limited membership have been working on the issue.
- In addition to the GGE, last year, an Open-Ended Working Group (OEWG) began working on the same issue with similar mandates. The group is open to all and many states have shown interest in the group.
- A report is expected by the next year.
4.2 Discussions in the group
- The discussions are focussed narrowly in line with the mandate.
- Issues that have been kept out are:
- Internet governance
- Digital privacy
- Issues like terrorism and crime are acknowledged as important but the discussions on these topics are not as thoroughly done as in other UN bodies.
4.3 Outcome of the UN Exercise
- The net outcome of the UN exercise on cyberspace is the acceptance that international law and the UN Charter applies to cyberspace as well.
- On these lines, a set of voluntary norms of responsible state behaviour was agreed to in 2015.
- However, the aspects are circumstances in which the international law will be applicable have still not been addressed and various reports on the matter call for action including the recent report by UN Secretary General AntónioGuterres’s entitled “Roadmap for Digital Cooperation”.
- However, given the present geopolitical circumstances there is very little hope of such processes being undertaken.
5. MORE ENGAGEMENT NEEDED
5.1 Expanding cyberspace in India
- Generally speaking, technologies move faster and are ahead of the development of associated norms and institutions, similar is the case with cyberspace.
- This provides India the opportunity with the time and space to develop our approach in tune with relevance of cyberspace to India's future economic, social and political objectives.
- Despite the digital divide, India’s cyber footprint is expanding at an accelerated rate and therefore the rate of conflicts and crimes will increase too.
- Under these circumstances, the Shared “rules of the road” become imperative.
5.2 India and Cybersecurity
- The Indian Computer Emergency Response Team (CERT-In) under the Ministry of Electronics and Information Technology is a very active nodal agency for cybersecurity.
- Five of the six GGEs formed had representatives from India.
- India is also an active participant at the OEWG.
- India is also a member of the Shanghai Cooperation Organisation, which has also shown support for a code of conduct.
- India also joined the Christchurch Call, which brought countries and corporations together on order for an increased effort in stopping the use of social media for promoting terrorism and violent extremism.
5.3 Need of active engagements
- The cyberspace is becoming an increasingly contested and fragmented domain.
- Going forward, the issue of cybersecurity will require better arrangements and more intense partnerships with additional safeguards.
5.4 India and Global Efforts
- India needs to turn attention immediately on the issue of cybersecurity.
- India needs to take both domestic and global efforts in this regard.
- India should be an active participant in shaping and defining cyber norms.
- India can also consider acceding to the Convention on Cybercrime of the Council of Europe (Budapest Convention).
- There should be increasing participation and engagement in multi-stakeholder orientations as the Paris Call for trust and security in cyberspace.
5.5 India and domestic Efforts
- There should be more clarity on legislation on data protection.
- The private sector in India should be encouraged to participate increasingly in industry-focused processes such as the Microsoft-initiated Cybersecurity Tech Accord and the Siemens-led Charter of Trust.
Present there is a huge digital divide in India. However, the coming future is going to bridge this gap and India is expected to have a major portion of the next billion smartphones.
Therefore, it is imperative that cybersecurity is going to play a large role in the lives of Indians.
To prepare for the larger role of cyberspace in India, we need to work on a deeper public understanding of cyberspace, cybersecurity and its various dimensions.
Given the size and scope of cyberspace in India, it is too important to be left only to the experts.
Indian Computer Emergency Response Team (CERT-In)