Trends to Watch 2019: Cyber Policy in the Global Arena

The global cybersecurity debate will be more fractious in 2019, following significant controversies in both the United Nations (UN) and International Telecommunication Union (ITU) on cyber policy. Infringements of norms by major players could reduce others states’ willingness to abide by them and, as the primary operator of the global Internet infrastructure, businesses will continue to be caught in the crossfire.

cyber

The global cybersecurity debate will be more fractious in 2019, following significant controversies in both the United Nations (UN) and International Telecommunication Union (ITU) on cyber policy. Infringements of norms by major players could reduce others states’ willingness to abide by them and, as the primary operator of the global Internet infrastructure, businesses will continue to be caught in the crossfire.

In 2019, policy solutions will be harder to achieve, and the risks of cyber conflict will increase until states find an incentive to cooperate. While there won’t be a cybersecurity angle at the major ITU conference this year (the World Radio Conference concerns itself primarily with spectrum usage issues), the debate will proliferate into new venues, including a likely renewal of the Global Conference on Cyber Space (GCCS). While the 2017 GCCS, in India, was focused primarily on that government’s priorities, the 2019 host (TBD) has a chance to harness and reinvigorate the international policy dialogue.

For example, the Asia-Pacific region ,which is rapidly improving its national cyber policies and capacities, could serve as a global example — both good and bad.  For example, Viet Nam’s recently-enacted cybersecurity law criminalises public criticism of the government, mandates data localization, and grants authorities access to private data without a warrant. Conversely, Singapore’s recent creation of a regulatory framework to protect essential services and to invest in skills and defence training demonstrates an understanding that cybersecurity requires a sustainable ecosystem focused on both immediate and long-term actions.

In 2019, we will likely see a proliferation of cybersecurity laws like these in Asia, particularly Indonesia, and will need to monitor how they balance freedom with security. Leaders like Australia, Singapore, and Japan are already providing invaluable assistance to less-developed countries in the region. With a growing commitment to mutual defence, adoption of cyber norms, and regional-level capacity building, the Asia-Pacific region is responding to the significant geopolitical risks facing it.

We will also see a proliferation of threats— ranging from denial-of-service and ransomware to data theft — and their preparators, whether criminals, hacktivists or nation states. Cyber action will continue to be a low-intensity, low-risk operational methodology for nation states: Chinese theft of sensitive data from the Office of Personnel Management in the US resulted in the loss of security clearance information, personal details and fingerprints of millions of people. It will also continue to be used as a precursor to kinetic attacks, as we have seen with the Russian government-affiliated attacks on Ukrainian government and military targets.

As we saw with the leak of Shadow Brokers materiel, which was repurposed for use by criminals and the North Korean government, the continued proliferation of cyber weapons by nation-state actors will continue to aid less sophisticated actors in acquiring advanced tools, with corresponding effects on other targets. Last year alone, Facebook announced that hackers accessed the accounts of up to 50 million users, and the Under Armour data breach affected an estimated 150 million users.

As cyberattacks continue to grow in scale and scope, governments will face increasing pressure to protect their own infrastructure and establish a framework for industry. As such, we should expect the continued proliferation of norms in 2019. Late last year, the UN General Assembly established a short-term UN Group of Governmental Experts (UNGGE) and an Open-Ended Working Group (OEWG) to study the normative behaviour of states in cyber conflict and to discuss cybersecurity in the international arena. The working group will aim to build consensus for norms that will guide the establishment of legal concepts within cyberspace. In addition, the UN Global Commission for Stability in Cyberspace will continue to build on its proposed norms, offering a more multistakeholder perspective on how normative behaviours can be created and enforced.

The outcome of these groups, though, will depend on the commitment by individual states to follow the international principles and overcome policy challenges, such as:

  • Selecting which norms they want to promote and adopt at the national level, which will impact the way that states deal with private infrastructure in their cyber operations.
  • Ensuring appropriate protection of civilian critical infrastructure between military and intelligence resources while coordinating with industry.
  • Foster public trust within laws and regulation without creating secondary effects such as weakened encryption of content censorship.

Related Articles

Brazil and the Future of Democracy in the Age of Disinformation

Brazil and the Future of Democracy in the Age of Disinformation

Fake news is far from new. That said, digital tools such as social media and online bots have changed the...

25 Jan 2023 Opinion
GDPR: Is it still fit for purpose? 

GDPR: Is it still fit for purpose? 

The EU’s landmark General Data Protection Regulation (GDPR) has fundamentally changed how personal privacy is respected and protected. However, cracks...

25 Jan 2023 Opinion
Access Alert | Environmental Footprint and Data Collection by ARCEP

Access Alert | Environmental Footprint and Data Collection by ARCEP

The impact of the deployment of electronic communications networks, mass production of terminals, operation of data centres, and ever-expanding data...

23 Jan 2023 Opinion
Access Alert | The International Telecommunication Union Focuses on Metaverse 

Access Alert | The International Telecommunication Union Focuses on Metaverse 

The International Telecommunication Union’s Standardization Sector (ITU-T) has established a new Focus Group that will take the first steps towards...

20 Jan 2023 Metaverse Policy Lab