Building human-centric cyberspace with GTI

Anton Shingarev, Vice-President for Public Affairs

Anastasiya Kazakova, Public Affairs Manager

Cyberspace and the physical world are becoming so interconnected that sometimes the line between them blurs – so many of our daily activities at home, work or anywhere else take place in the online world and we all take this for granted. Of course it hasn’t always been so: the ‘cyber’ prefix once referred to something fantastic and futuristic. Now, in 2020, ‘cyber’ is a commonplace, everyday reality. And that reality brings with it both opportunities and risks. We face challenges such as cyberthreats and cyber-enabled crime, privacy concerns and human rights implications, digital divides across communities, and the need for cyber-norms to guarantee stability of cyberspace.

These challenges have showed how vulnerable we are in the ‘cyber-present’. Our common prosperity and wellbeing now depend on solutions we may take to ensure that the online and offline worlds co-exist in harmony. And as we’re at the very beginning of this road, it’s important to define the values that should the pave the way and frame the global mindset for a safe and secure ‘cyber-present’ and ‘cyber-future’.

To identify those values, let’s go over the history of ‘cyber’ as a concept: what it meant before, and what it has to include now for empowering us to address new threats.

‘Cyber’ as a computer network

A long time ago cyber mostly referred to cybernetics in the 1940s studies developed by Norbert Wiener , until it appeared in science-fiction and then became widely popularized by William Gibson’s 1984 novel Neuromancer, who invented the term ‘cyberspace’ as a network of connected computers that creates a mass ‘consensual hallucination’.

Later, cyberspace as a new or parallel better world was not only an imagining of sci-fi authors and movie directors. Often using the words ‘cyberspace’ and ‘internet’ as synonyms , in the 1990s, people believed that it would transform the world to make it better. It was thought that the internet would make societies united by creating ‘a community of informed, interacting, and tolerant world citizens’¹ . It was also predicted that the internet would revolutionize² the organization of business and lead to prosperity. And it seems that people continue to believe in the power of the internet: in 1996, only 36 million people were online; today the figure is 3.5 billion – almost half the world’s population.

After some time, eventually leaving fictional cyberpunk stories, cyber came much closer to home, more ‘real’: information about us, data, money, experience, etc. – much of it moved to cyberspace, meaning cyber became a part of our everyday lives. How we perceive cyber and use it changed too: from a distant parallel world, it became something materialistic that relates to computers or computer networks, algorithms and binary codes – fun technologies that, we believed, would create a better version of us and our lifestyle.

‘Сyber’ as a tool for influence and as a weapon

However, over time the 1990s optimistic internet visionaries appeared to be far from the truth. We’ve become aware of the ‘dangers and shortcomings of a digitally connected life’ – in particular, (i) declining trust, and (ii) the increasing vulnerability of our world, which both emerge as two troubling issues that the international community needs to address. Let’s discuss both of them:

• (i) Contemporary politics shows that the internet and technology can undermine citizenship and democracy, and foster the division of people into distinct, polarized communities – for instance, a 2019 Pew Research Center study reveals that Americans are losing trust in their government and each other. At the same time, decline of trust in authority and growing polarization of communities are coupled with the polarization of states’ behavior with regard to cyberspace regulation. This, in particular, results in growing concerns over ‘balkanization’ of the internet sphere, its fragmentation, and lack of trust among nation states.
• (ii) Mistrust among nation states and militarization of cyberspace open up threats to the global community and reveal its vulnerability to them. First, both conceptually and methodologically, cyberspace is transforming into a new field for interstate military conflict – in addition to the traditional air, land and sea-based military fields. We at Kaspersky investigate and monitor more than 300 Advanced Persistent Threat (APT) operations that refer to the groups – often state sponsored or well-funded in other ways – that are responsible for launching such precision attacks. Second, practically, countries are rapidly developing cyber offense military capabilities, give their security agencies more power (e.g., as Australia has), outline priorities for national security such as cyberwarfare or intelligence-gathering (e.g., budget priorities in the 2020 U.S. NDAA), or announce additional investment in developing capabilities for cyber-operations through increasing personnel and national security budgets (e.g., France’s doctrine for offensive cyber operations or the UK’s program for enhancing ‘sovereign capabilities – offensive cyber). Third, because of the dual-use nature of internet infrastructure, it could be used as a weapon in cyber-conflicts and thus lead to spill-over of military actions into the civilian sphere with unintended damage and effects. Finally, lack of communication and dialogue among state and non-state actors increases the potential for escalation of conflicts in cyberspace. While the international community remains fragmented, cybercriminals – ranging from state-backed cyberespionage groups to common thieves – only benefit: they can target anyone, anywhere, from anywhere, to spreading fear, uncertainty and doubt throughout cyberspace.

The bottom line is that сyber has transformed from a network of servers and fun technology into a serious tool of influence and manipulation, and a potential deadly weapon in international conflicts. This shift has brought many sensitive issues, which before people didn’t even think about, to the fore: protection of personal data, privacy, location of data storage and data processing, etc. At the same time, technologies, applications, and devices are getting more complex, and users, because of privacy concerns, have started thinking about how the technologies work and whether they can be trusted. It has become clear that if we don’t understand how technology works, we cannot trust it. As a result, not only do people feel that they don’t have enough information and understanding to fix this problem, they lack full control over their devices and, more broadly, technology.

So, at the second phase of our reflections on cyber, we see that the enormous unwieldy power of technologies and what might happen in cyberspace makes everyone – from politicians to users – fear unknown consequences, fear technologies, and fear cyberspace itself.

‘Cyber’ as a human network for humans

Recognizing those fears, global leaders, politicians, tech companies and experts call for greater cooperation among various stakeholders as a way to re-build trust and keep cyberspace open, secure and stable. But still, though many people have been speaking about dialogue for several years, in practice we continue to see fears only growing – alongside increasing mistrust among different actors.

At the 2019 Internet Governance Forum (IGF) it was stated that the ‘challenge for all of us is to transform [those] abstract commitments into concrete actions […] Yet, it is the responsibility of states to create political conditions, domestically and globally, that enable private actors to do their part.’ However, private actors have begun doing their part: the Digital Geneva Convention, the Charter of Trust, and our own Global Transparency Initiative (GTI) – these are all good examples of how private companies are putting time and effort into trying to guarantee that cyberspace remains stable and secure.

With the GTI, in particular, we acknowledged the urgent necessity to undertaker a transformation from technology-centric to human-centric cybersecurity to put people – not technology – at the forefront. For this, we’re transforming the industry by promoting greater transparency and accountability to make technology and security solutions transparent and easy-to-understand for our users and partners.

In 2020, it is crucial to start building ‘cyber’ as a human network for humans – the most important asset we have. Technology itself does not have any value unless it serves for the benefit of and in the interests of people and society’s well-being. What we’ve been doing for more than 22 years proves that we’re right: not only do we need to protect people; we also need to build a safer future – the ‘cyber-future’ – where people’s safety, and inclusion of as many people as possible – regardless of gender, age, location, etc. – are guaranteed.

With cyber having started out as something computer and technology-centric, then, as one more avenue for military conflict and as a tool for influence and manipulation, now is the time for accepting and building everything with the ‘cyber’ prefix – in particular, cyberspace and cybersecurity – as human-centric by default, where trust is created and maintained through transparency of algorithms and ICT solutions, transparency of states’ intentions in cyberspace, and states’ cyber-programs and capabilities and cyber-doctrines.

We need to build a new perception of ‘cyber’ and cyberspace – not ‘a consensual hallucination experience… – but a reality, where in 2020 peace depends on our consensual efforts to keep it human and for humans.

1 Ehlers, V. (1995) ‘Beyond the Cyberhype: What the Internet Means to the Congressman of the Future’, Roll Call, 1 October
2 Gates, B. (1995) ‘To Make a Fortune on the Internet, Find a Niche and Fill it’, Seattle Post-Intelligencer, 6 December, p. B4.