A blog on why norms matter online

Tuesday, August 7, 2012

For national cyber security strategies, a whole-of-nation approach works best

A new dawn for cyber security policies?
(c) Kettemann 2012

As written previously, I'll showcast some of the innovative research contained in the freshly published 2012 edition of Human Security Perspectives. Today, let's look at the role of states in developing cyber security.
In Internet Governance, and in online human rights protection, states continue to matter. And matter greatly. But it wasn't until the 1990s that states (and international organizations) decided to become involved in the regulation of the Internet. In 1996, as a reaction to this trend, John Perry Barlow published his Declaration of the Independence of Cyberspace and called upon the “Governments of the Industrial World, you weary giants of flesh and steel[,]” to leave cyberspace “alone”. “You are not welcome among us”, he wrote, “[y]ou have no sovereignty where we gather”.

As I argue in my doctoral thesis (which I am preparing for printing these days) this was empirically untrue already in 1996, it is even more so today. States can exercise sovereignty over situations emerging in cyberspace and have consistently done so, albeit with varying degrees of situational and technological awareness, legal sense and political sensibility.

Rather than implementing adhoc national Internet policies, states should follow a comprehensive, human rights-based approach. How such an approach may look with regard to cyber security has been exemplified in the Human Security Perspectives by Gerhard Jandl of the Austrian Ministry of Foreign and International Affairs in his contribution on the Challenges of Cyber Security from a Government’s Perspective.
Looking at the recently published draft Austrian National Security Strategy and its implications for cyber security, he highlights that states should become active in regulating aspects of the Internet:
  • "When IT technology is used for criminal purposes [...]
  • When the Internet is used for the radicalization of people  [...]
  • When IT technology is used for so-called cyber attacks,that is for attacks on the very existence and fundamental safety of our countries, economies and societies"
Especially in the third case, "the state must see to it that its crucial networks are safe and resilient and must constantly update the relevant protection measures."

Jandl correctly summarizes that
"It is obvious that no single ministry or even single government agency can fulfill these tasks alone. A “whole-of-government” approach or, indeed, a “whole-of-nation” approach involving also private stakeholders is required. Furthermore, no single country can successfully act just by itself. International cooperation becomes more and more pivotal, including with relevant international organizations that play an ever increasing role."
He concludes by giving an overview of the interlinkages between Austrian and international regulatory initiatives regarding the Internet. For a neutral country, such as Austria, cooperation with NATO on cyber security matters is an interesting case. He underlines that Austria has been the first country to start cocoperating with NATO under the aegis of NATO’s newly established Emerging Security Challenges Division in late 2011.

In times of emerging challenges of international security, hearing what governments have to say very important. At the same time, heavy-handedness in regulation needs to be effectively countered. To avoid regulatory overreach, a multistakeholder-based discussion process geared towards elaborating - together with all stakeholders within a state, and with the necessary input from without - a national cyber security strategy seems like a very good idea. 

These strategies, as Jandl writes, have to be drafted using a whole-of-nation approach. 

Governments matter. But the Internet is too important to be left in their hands alone.

No comments:

Post a Comment