Trends to Watch 2019: Cyber Policy in the Global Arena

The global cybersecurity debate will be more fractious in 2019, following significant controversies in both the United Nations (UN) and International Telecommunication Union (ITU) on cyber policy. Infringements of norms by major players could reduce others states’ willingness to abide by them and, as the primary operator of the global Internet infrastructure, businesses will continue to be caught in the crossfire.

cyber

The global cybersecurity debate will be more fractious in 2019, following significant controversies in both the United Nations (UN) and International Telecommunication Union (ITU) on cyber policy. Infringements of norms by major players could reduce others states’ willingness to abide by them and, as the primary operator of the global Internet infrastructure, businesses will continue to be caught in the crossfire.

In 2019, policy solutions will be harder to achieve, and the risks of cyber conflict will increase until states find an incentive to cooperate. While there won’t be a cybersecurity angle at the major ITU conference this year (the World Radio Conference concerns itself primarily with spectrum usage issues), the debate will proliferate into new venues, including a likely renewal of the Global Conference on Cyber Space (GCCS). While the 2017 GCCS, in India, was focused primarily on that government’s priorities, the 2019 host (TBD) has a chance to harness and reinvigorate the international policy dialogue.

For example, the Asia-Pacific region ,which is rapidly improving its national cyber policies and capacities, could serve as a global example — both good and bad.  For example, Viet Nam’s recently-enacted cybersecurity law criminalises public criticism of the government, mandates data localization, and grants authorities access to private data without a warrant. Conversely, Singapore’s recent creation of a regulatory framework to protect essential services and to invest in skills and defence training demonstrates an understanding that cybersecurity requires a sustainable ecosystem focused on both immediate and long-term actions.

In 2019, we will likely see a proliferation of cybersecurity laws like these in Asia, particularly Indonesia, and will need to monitor how they balance freedom with security. Leaders like Australia, Singapore, and Japan are already providing invaluable assistance to less-developed countries in the region. With a growing commitment to mutual defence, adoption of cyber norms, and regional-level capacity building, the Asia-Pacific region is responding to the significant geopolitical risks facing it.

We will also see a proliferation of threats— ranging from denial-of-service and ransomware to data theft — and their preparators, whether criminals, hacktivists or nation states. Cyber action will continue to be a low-intensity, low-risk operational methodology for nation states: Chinese theft of sensitive data from the Office of Personnel Management in the US resulted in the loss of security clearance information, personal details and fingerprints of millions of people. It will also continue to be used as a precursor to kinetic attacks, as we have seen with the Russian government-affiliated attacks on Ukrainian government and military targets.

As we saw with the leak of Shadow Brokers materiel, which was repurposed for use by criminals and the North Korean government, the continued proliferation of cyber weapons by nation-state actors will continue to aid less sophisticated actors in acquiring advanced tools, with corresponding effects on other targets. Last year alone, Facebook announced that hackers accessed the accounts of up to 50 million users, and the Under Armour data breach affected an estimated 150 million users.

As cyberattacks continue to grow in scale and scope, governments will face increasing pressure to protect their own infrastructure and establish a framework for industry. As such, we should expect the continued proliferation of norms in 2019. Late last year, the UN General Assembly established a short-term UN Group of Governmental Experts (UNGGE) and an Open-Ended Working Group (OEWG) to study the normative behaviour of states in cyber conflict and to discuss cybersecurity in the international arena. The working group will aim to build consensus for norms that will guide the establishment of legal concepts within cyberspace. In addition, the UN Global Commission for Stability in Cyberspace will continue to build on its proposed norms, offering a more multistakeholder perspective on how normative behaviours can be created and enforced.

The outcome of these groups, though, will depend on the commitment by individual states to follow the international principles and overcome policy challenges, such as:

  • Selecting which norms they want to promote and adopt at the national level, which will impact the way that states deal with private infrastructure in their cyber operations.
  • Ensuring appropriate protection of civilian critical infrastructure between military and intelligence resources while coordinating with industry.
  • Foster public trust within laws and regulation without creating secondary effects such as weakened encryption of content censorship.

Related Articles

The need for more accurate geographical coordinates for earth stations in SpaceCap

The need for more accurate geographical coordinates for earth stations in SpaceCap

The International Telecommunication Union (ITU) Radiocommunication Sector (ITU-R)  plays an important role in the global management of the radio-frequency spectrum...

3 Oct 2024 Opinion
Access Alert: A new era of global governance – the Pact for the Future

Access Alert: A new era of global governance – the Pact for the Future

On 22 September, the United Nations adopted the Pact for the Future at the Summit of the Future in New...

24 Sep 2024 Opinion
The future of trust: Why AI governance and regulation are crucial in the age of deepfakes

The future of trust: Why AI governance and regulation are crucial in the age of deepfakes

In 2024, a milestone in AI development was reached with Elon Musk’s Grok platform, which enables the production of photorealistic...

23 Sep 2024 Opinion
Access Alert: Mexico presses ahead with dissolution of telecoms regulator

Access Alert: Mexico presses ahead with dissolution of telecoms regulator

Mexico is pushing forward with a constitutional reform package that proposes the extinction of IFT and Cofece, the autonomous bodies...

16 Sep 2024 Opinion