What’s to be done about the militarization of cyberspace? More cooperation with each other!

Anastasiya Kazakova, CEO Office Projects Coordinator

If we read all about the current trends in cyberspace, cybercrime and cyber-regulation – in particular those mentioned recently by AV-Comparatives – it soon becomes clear that cyberspace is becoming ever more militarized. For the world on the whole this is not good news at all. But can anything be done about it? Actually yes…

The issue

In the context of greater awareness of IT technologies and both their societal and political impact, plus more and more complex cyberattacks on critical infrastructure, on the other side – nation states are doing all they can to control cyberspace to protect themselves. In practice this means more regulations concerning the internet and cybersecurity. Though many of these regulations are the result of a good will, such regulations divide the internet/cyberspace (very decentralized before) into separate sections with their own legislation and requirements – much like a patchwork. We, at Kaspersky, call this the ‘balkanization’ or fragmentation of cyberspace.

Once legal separation lines are drawn, nation states/blocs officially view cyberspace as one more field for military operations as they do in the air, on land and at sea. Not surprisingly, in order to have effective cyber-defense capabilities, states/blocs (e.g., France, the EU), increase their budgets and staff, give their security agencies more power (e.g., as Australia intends to do), outline priorities for national security such as cyber-warfare, intelligence-gathering and special forces (e.g., the UK), or announce huge investment in developing cyberdefense capabilities (as Germany did).

There seems no doubt such measures highlight the increasing concerns among states and their attempts to get prepared for possible cyberwarfare operations. Is cyberspace becoming another domain for military conflict? Alas, yes. If states continue to develop unilateral, non-synchronized measures for internet/cyberspace regulation and cyberdefense, societies may face disastrous implications, as many information-and-communications-technology (ICT) capabilities have not been fully explored yet – be they positive capabilities or negative ones (AI as an example).

What to do?

It may seem such a simple, common-sense thing to do, but the core solution for maintaining peace and order is for parties to engage in dialogue. Indeed, to prevent conflict and wars, we need to have continual, open dialogue. Of course, not all dialogue brings positive outcomes; however, just the mere act of engaging in dialogue and there being a willingness to talk is half of the problem solved.

This truth is old as time itself. However, one thing has significantly changed the current world – national states are no longer sole decision-makers. And we don’t live in a Westphalian world system any more, either.

You may argue that back in 1970s the first neoliberal theorists (Joseph S. Nye, Jr. and Robert O. Keohane in their article ‘Transnational Relations and World Politics: An Introduction’) were saying the same thing. But was that true in the 1990s or just ten years ago? I doubt it. Why then is today radically different from yesterday? Because in cyberspace, in addition to nation states, non-state actors (IT companies and hacker groups) have become key decision-makers too, and they may have even larger capacities and resources.

Thus, to achieve the main goal – maintaining peace and order in cyberspace – nation states cannot cope without the support of certain non-state actors, meaning IT companies. And on this level too it is dialogue, again, that is crucial in maintaining mutual prosperity.

What if states don’t cooperate?

The art of cooperative dialogue isn’t easy; it requires both time and effort. If key decision makers in cyberspace don’t succeed in agreeing with each other and accepting common rules for cyberwarfare and conflict resolution in cyberspace, we’ll continue facing such challenges as the following:

• A lack of well-established incident responses to cyberattacks due to the unknown/unpredictable origin of most attacks;
• The risk of collateral damage in both cyberattacks and counter-cyber-operations (civilians and companies suffer);
• A further rise in misinformation and targeted fake news and manipulation of public opinion;
• Further attempts of national governments to protect themselves and their critical infrastructure which, in the context of global mistrust, would lead to greater fragmentation/balkanization of cyberspace (overlapping national data protection laws, network information security laws);
• Challenges to the fundamental right to privacy, which is being questioned of late, as well as to the ability to use encryption as a cybersecurity tool.

Luckily, many IT companies have already raised these issues and proposed solutions. Microsoft has been pushing its idea of a Digital Geneva Convention. Siemens, together with other vendors, has launched its Charter of Trust to build consensus for cybersecurity.

We at Kaspersky warmly welcome such initiatives and are moving forward with our own Global Transparency Initiative: our plans to open our first Transparency Center, to relocate data processing and data storage in Zurich, and to initiate greater cooperation with independent third parties to verify that Kaspersky products are safe and to be trusted globally.

Industry is ready to cooperate. Are nation states too? We hope so.