By Claire Yorke

Who is to keep cyberspace safe? Should governments bear the burden and what can society do to protect against virtual threats?

People around the globe have benefited in some way from the expansion of cyberspace and the opportunities it has provided. Whether through popular social networking sites like Facebook, the increase in online commerce - apparently accounting for over eight percent of retail sales in Britain alone - or the advent of online banking, the internet is now a fundamental part of everyday life in large parts of the world.

The applications of cyberspace are extensive. Information and communication technologies help run our transport systems, energy and resource supplies, and industrial operating systems. Yet with growing dependency comes greater vulnerability and risk from insidious individuals who wish to cause harm, or seek financial or personal gain, through their actions.

Although awareness of these threats is increasing, much of the current debate is concentrated at the policy or military level. How then can society as a whole be informed and prepared to meet this threat and how can it be encouraged to be part of a comprehensive solution?

Threat To All

The variety and nature of threats from cyberspace, and their potential harm, has captured the attention of policy-makers, politicians and the media. In cyberspace people can act with relative impunity, under the shield of anonymity. Threats can come equally from states, extremist or terror groups, individual hackers, or organised criminals - among others - who can wield power disproportionate to the effort or resources required in the physical world.

The British National Security Strategy (NSS) and the Strategic Defence and Security Review (SDSR) published in October recognise this and have made it a government priority to tackle the issue.

The National Security Strategy states that 'Government, the private sector and citizens are under sustained cyber attack today, from both hostile states and criminals.' It listed such attacks as a top priority 'Tier One' threat to national security and earmarked just over $1 billion (£650 million) to counter it; over $240million (£150 million) more than previously anticipated. Over the coming months these funds will be allocated to government departments.

However, while work is underway in Whitehall and the private sector to counter the threat and devise policy responses, it is interesting to note that the recent reviews make little more than passing reference to the threats to citizens and wider society, choosing instead to concentrate on organisational, structural and strategic priorities. Yet it would be misguided to see cyber security as the sole preserve of policy-makers, technologists and the military.

Cyber security is a universal threat, where no one is exempt. It is equally capable of undermining states and disrupting industry as it is targeting, exploiting or threatening individuals and their well-being. The challenge is to incorporate ordinary people and civil society into broader policy and communicate the right information, at the right moment, to the wider population.

All Too Real

One obstacle to this is how cyberspace is seen. Too much coverage of cyber attacks is anecdotal and portrays cyberspace as a unique and foreign environment: a law unto itself. For the most part, this is not the case.

In a speech at Chatham House on November 9 the Minister of State for Armed Forces Nick Harvey said that: 'Wherever he expands his dominance, whether it be on land, sea or air, or whether it be in cyberspace, mankind carries his essential nature with him.' This rings true: far from being an entirely separate and distinct environment, although a virtual one, cyberspace is intertwined with reality and human nature.

Actions in the physical world can - and do - translate into the complex environment of cyberspace; as demonstated by cyber crime, cyber espionage and cyber theft. And actions within and via the virtual domain can equally produce tangible and very real consequences: malicious spyware can be used to steal personal data for identity theft; computer viruses can disable or corrupt critical national infrastructure, such as power supplies and transport networks; and individual hackers can hit personal bank accounts for financial gain.

Most recently, the highly sophisticated and complex Stuxnet worm, which was believed to have targeted nuclear facilites in Iran, was a prominent example of the potential of cyber attack. And the global figure of one trillion dollars lost annually to cyber crime ismore than enough to make banks and governments take note of the severity of the threat.

Balance Of Blame

Closing this gap between security in the physical and virtual worlds is important not only to find the right responses but also to encourage a culture in which cyberspace is not viewed as abstract or remote.Most people would not leave home with the door unlocked or hand out personal information freely to a stranger, so why should the virtual world be any different?

The tendency to forget or relax real world caution in virtual interactions has to be tackled. This would become increasingly important if the balance of blame were to be shifted for those who have been targeted.

For example, though institutions and industry currently shoulder the financial costs of cyber crime, there may come a point at which responsibility for personal data and its misuse moves from organisations and institutions to the public. After all, it is they who knowingly put large amounts of their personal information online in spite of the risks, effectively leaving 'open doors' for criminals to gain entry.

This poses interesting questions: if money is stolen from an online account where there has been little protection on a personal computer, to what extent is the bank or the individual liable? If a computer is unwittingly used by infected software for broader criminal ends, can its owner be held responsible? And, is it the responsibility of the host site or of the individual concerned, if information posted on social networking sites enables someone to steal an identity? These issues will begin to emerge with greater frequency and should be debated.

Imposing Order

Reliance on cyberspace is only likely to increase while the capacity of governments and industry to tolerate and shoulder the risk diminishes. Promoting greater awareness and individual responsibility is important not just for its own sake but as part of dealing with a much broader threat.

If certain vulnerabilities can be handled by ordinary people, through better protected computers, anti-virus software, and a more cautious approach to providing personal data, it should mean thatmore resources and scarce funds can be directed at the higher andmore serious end of the threat: warlike actions in cyberspace and high-level cyber crime.

Cyberspace is often compared to the Wild West, yet the Wild West was eventually tamed. Could the same be said for cyberspace? There is no doubt it poses new and interesting challenges and it will take time to understand these nuances and develop the right responses.

With the new security and defence reviews, the government has begun to improve and implement national approaches to cyber security. In so doing, it should not only deal with political and legal regulation but also a debate social norms and values to see whether real world methods of oversight and control can be applied to cyberspace. The aim would be to make it less chaotic and therefore more manageable, producing a more proportionate assessment of the threat.

If ordinary people can be included in the cyber security effort, the task may prove easier and free scarce government resources. Indeed, such a step would fit neatly into the coalition government's big idea, creating a virtual bigsociety.com.

 

Claire Yorke, Programme Manager, International Security, Chatham House

 

Available at Amazon.com:

Enemies of Intelligence

The End of History and the Last Man

The Clash of Civilizations and the Remaking of World Order

The Tragedy of Great Power Politics

The End of the Free Market: Who Wins the War Between States and Corporations?

Running Out of Water: The Looming Crisis and Solutions to Conserve Our Most Precious Resource

Bottled and Sold: The Story Behind Our Obsession with Bottled Water

Water: The Epic Struggle for Wealth, Power, and Civilization

The Great Gamble

At War with the Weather: Managing Large-Scale Risks in a New Era of Catastrophes

Friendly Fire: Losing Friends and Making Enemies in the Anti-American Century

Dining With al-Qaeda: Three Decades Exploring the Many Worlds of the Middle East

Uprising: Will Emerging Markets Shape or Shake the World Economy

 

© The World Today

World - Cybersecurity and Society: bigsociety.com | Global Viewpoint