Today, the cyber economy is the economy… Corrupt those networks and you disrupt this nation.
– Condoleeza Rice
Security is as old a concern as humans themselves but nothing has transformed it like the information age which was ushered by the rapid propagation of the internet, modern communications, ever-improving computing devices, and the sheer amount of information all these systems generate to run the modern world. The profusion of information and the explosion of information technology is the driver, reshaping all aspects of social, political, cultural, and economic life.
The quotes cited above summarize the national security dilemma which the U.S. (and developed world) in particular and the rest were faced with in general. Issues like radiofrequency weapons, bioterrorism, information warfare, espionage, technology transfers, transnational crime, and weapons proliferation were all well known to the U.S. intelligence community and government and yet, 9/11 happened. That was some 19 years ago. Fast forward to 2020, the situation has become more complex as information technology has penetrated into the cognitive domain as well after becoming an integral part of governance, decision-making, analysis, and carrying out threat perception. Today billions of people interact with each other over the internet and too many conversations are held while maintaining complete anonymity.
It was only at the beginning of this decade that political leaders and analysts began to come to terms with this transformative technology. Until then, the issue of cybersecurity had largely been the domain of computer experts and specialists and in many parts of the world, it remains the same but with the rapid evolution of new technology, new avenues of communication, the exponential increase in the rate of information generation and the growing sophistication of cyber attackers has ushered a whole new approach of cybersecurity which by now is a compulsory component of national security in any modern nation-state.
Developed countries have begun to accept cyberspace as a fifth operational domain after land, sea, air, and space through the situation in the developing and developed world remains the same. The penetration of IT services is not harmonious across the world. The more developed a nation, the more integrated it is via information technology and hence remains a bigger and more attractive target for hostile entities. This characteristic of IT presents the first challenge.
The emergence of cybersecurity as an integral part of national security outpaced every other traditional concern or dimension of national security due to unprecedented development in computational capacity (which is still doubling every 18 months). This rapid pace in the development and integration of technologies at national and individual levels didn’t allow security managers to appreciate the threats associated with these technologies. This is the second most pressing issue for national security experts and policymakers.
There were few select individuals using the internet when it was first created some 40 years ago. In this small virtual village where everyone knew each other security was the least of their concerns and the focus was on making the communication fast and reliable. Global internet underwent a rapid expansion with the invention of the commercial web which is only 2 to 2.5 decades old but has grown at an exponential rate. In the early 1990s, there were only a few hundred thousand users and now in 2020, more than 3.5 billion people are connected with the World Wide Web globally.
General Michael Hayden, former director of the CIA said, “Rarely has something been so important and so talked about with less clarity and less apparent understanding [than cyber security]. I have sat in very small group meetings in Washington; unable (along with my colleagues) to decide on a course of action because we lacked a clear picture of the long-term legal and policy implications of any decision we might make.” This statement of former CIA head clearly describes the inherent dilemma of formulating a national cyber defense policy and strategy tightly knitted in overall national security strategy.
The U.S. is not the only nation faced with such a dilemma, the phenomenon is universal across the globe. More cyberinfrastructure to protect national critical data and communication means a bigger target footprint for the cyber terrorists and hostile cyber troopers to take aim at. This is where cybersecurity diverges from the traditional philosophy of national security based on the idea of securing physical borders. Cyberspace is a global domain of human interaction with distinct features.
- Created by the interconnections of billions of computers by a global network, today the internet, and all of its derivatives;
- Built as a layered construct where physical elements enable a logical framework of interconnection;
- Permits the processing, manipulation exploitation, augmentation of information, and the interaction of people and information;
- Enabled by institutional intermediation and organization; and
- Characterized by decentralization and interplay among actors, constituencies, and interests.
Historically, cyberspace technologies were developed away from the political domain. This is why until recently cyberspace was considered largely a matter of low politics the term used to denote background conditions and routine decisions and processes. By contrast, high politics is about national security, core institutions, and decision systems that are critical to the state, its interests, and its underlying values. Nationalism, political participation, political contentions, conflict, violence, and war are among the most often cited aspects of high politics. But low politics does not always remain as such. If the cumulative effects of normal activities shift the established dynamics of interaction, then the seemingly routine activities become increasingly politicized. Cyberspace is now a matter of high politics.
International Relations
How impactful are cyberspace and all the related technologies in global affairs? There is consensus that cyberspace has emerged as a major and powerful disconnect between 20th-century international relations and the realities of the 21st century. It goes without saying that all of this forces us to reassess the conventional perspectives on security, as threats to cybersecurity become more and more salient. But this is only one side of the proverbial coin when seen from an international perspective. The other side of the proverbial coin is about cooperation and the challenges associated with international governance, especially governance of cyberspace; something every nation-state wants to control.
A way forward can be charted out by adopting new avenues of analysis of different aspects of cyberspace in the context of national security and international order. For example, the ubiquity of cyberspace calls for a meta-analysis, an overarching investigation of contours and interconnections of cyberspace and international relations (and international cyber relations) in order to identify the linkages between the international system (and international relations) on the one hand, and technological change (and cyberspace), on the other in analytical, empirical and observable terms. Each of these two domains the cyber and the international are defined by the core principles and characterized by specific features of structure and process; these enable and are enabled by a wide range of actors and activities.
The increasing interconnections between the cyber and the “real” domains are shown by the development of practices surrounding e-governance, for example, as is evident from state expansion in the cyber arena. Examples such as these create notable challenges for empirical analysis that take center stage in a more recent analysis in quantitative international relations.
Cyber Challenges to the State
There is no doubt that the emergence of cyberspace has only made our world more complex. This complexity is defined by the new venues for expression and its freedom with complete anonymity. If we take into account the salience of cyberspace especially the dramatic expansion of cyber access in all parts of the world then we can appreciate the fundamental departure from traditions in international structures and processes, and that the world is now much more complex.
International Law & International Relation
A central feature of international relations, jurisdiction in international relations is tied to location-centric rules that depend on the nature of the actors and the issues, and the willingness of sovereign states to accommodate differences in the internal laws for managing the private sector while conforming with the practice that external activities are governed by the rules of jurisdiction in public international law. And this explains a big difference which calls for a fresh and broader context of cybersecurity because unlike international relations, cyber international relations are not restricted by location-based rules.
Cyberspace is contiguous at least for now. More and more nation-states are trying to create their own data repositories within their physical precincts but no country has achieved that 100% and neither is it going to happen in the foreseeable future. It is time to summarize all the different aspects of cyberspace which adds to the national security concerns. These aspects or features of cyberspace are making it even more challenging for legislators and leaders to draft the national cyberspace security strategy.
If there is international law for cyberspace, it is still in the making. It is not easy to make laws for something which is still emerging and evolving. Some experts have proposed a “simple choice”, that is, between “more global law and a less global internet”. Especially important here is that characteristic features of cyberspace stand in sharp contrast to our traditional conceptions of social systems, generally, and to the state system in particular.
Different aspects, as shown in the table, may offer great comfort to the end-user but for legislators, they are like challenges or levels of a game in which hackers want to win with zero-sum results. The challenge is still there and calls for rigorous efforts both locally and globally. Academia can be a good starting point to share ideas about making cyberspace more secure. Unlike traditional security, cybersecurity has a critical temporal axis along with the severity and frequency axes. Consequently, all of this becomes more and more important given that who gets what, when, and how it is influenced not only by cyber access but also by the growth and diversity of actors, each endowed with differential levels and distributions of traditional power and capability.
By definition, all entities generate demands (they seek to meet) and are endowed with capabilities (they chose to deploy). They all are able to participate in one way or another in the international forums and all seek avenues for shaping the evolving international political agenda but only states have the final vote.
Early in the 21st century, it was already apparent that the cyber domain shaped new parameters of international relations and new dimensions of international politics. Among the most salient new features is the above-noted creation of new actors some with formal identities and others without and their cyber empowerment, which is altering the traditional international decision landscape in potentially significant ways. Concurrently, we see the growing use of cyber avenues by non-state actors whose objectives are to undermine the state or to alter its foundations which is indeed very alarming!