EastWest Institute
U.S. Cyber Security Coordinator Howard Schmidt, center, provides his views on the cybersecurity issue, Belo Mansion, Dallas, Texas, May 3, 2010.
Last week, I had the opportunity to attend the EastWest Institute’s Cybersecurity Summit in Dallas. Assembling several hundred industry, government and academic participants who deal with the problems of information and/or computer security issues, EastWest made an important step in moving forward a complicated dialogue that involves both policy and technology. As Google’s post-hacking incident exit from China and a variety of other episodes have shown us, information resources are clearly vulnerable. The problem we are having is what to do about the problem.
Cybersecurity is a complicated issue because some say that the sky is falling, while others argue that the problem is being managed fairly well. Among those speaking on the latter tack was President Obama’s cybersecurity adviser, Howard Schmidt, who argued of the cybersecurity issue, “We have to look at this not only from the technology perspective but also the economic perspective.” In other words, he prompted the audience to consider how we measure our return on investment in securing the information infrastructure and our data resources. This combats a short-sighted, “too much is never enough” mindset often found in the cybersecurity arena, summarized by Deputy Undersecretary of Homeland Security Phil Reitinger, who opined, “I fear that we’re going to let the urgent overtake the critical.”
Beyond the questions of how policy and technology may be melded together to combat the epidemic of cybercrime and increasing levels of digital corporate espionage were some tough questions on the future geopolitics of the Internet. This was an international summit with participants from the EU, China, Russia and nearly 40 other countries attending. Because the Internet is an international communications infrastructure, which spans geographic boundaries as nothing before it ever has, its governance is complicated. As we grow to depend more on the Internet and all other things of digital communication we label “cyber,” the stakes continue to rise. The Internet is neither a scientific curiosity as it was in the 1970s and 80s nor the limitless land of opportunity many perceived it to be in the 1990s.
What many of us in the West believe, however, is that the Internet, much like the world’s oceans, is a commons. It is a resource we invest in heavily and manage jointly. For cybersecurity policy, metaphors that speak to the policing of the seas have a great deal of utility. But if the metaphor of maritime policing fails in practice, what we may see more of is a Balkanized Internet.
We should not dismiss the comments of Liu Zhengrong, director of China’s Internet Information Service Commission at the summit, who argued that China is also experiencing its fair share of cyber insecurity. China has suffered plenty of bad press on the cyber issue, including the Google accusations in January and the findings of the University of Toronto’s Ghost Net project last year.
One item in Liu’s remarks sticks out however. On several occasions, he made reference to “our Internet.” This is a strong indicator that China does not see the Internet commons in the same way as the West. If this is indeed true — and China does not view the Internet as a joint resource — international rulemaking on Internet governance, particularly with regard to its security, will remain a difficult undertaking.
At this juncture, we do not simply need technical fixes, but rather global norms and rules to begin pushing back the tide of bad behavior on the Net. If we don’t, I fear it won’t be just the Chinese applying possessives to the Internet.
Christopher Bronk is the Baker Institute fellow in technology, society and public policy. He previously served as a career diplomat with the United States Department of State on assignments both overseas and in Washington, D.C.