Bringing Clarity to Cybersecurity

This post originally appeared on the Freedom Online Coalition website.

It seems a day does not go by without a new story about cyberspace security: the data of fortune 500 companies breached; cyber espionage campaigns uncovered; shadowy hacker groups breaking into websites and posting extremist propaganda. And, since June 2013, a series of riveting disclosures from former NSA contractor Edward Snowden, which have captured the world’s attention and put a spotlight on the most powerful signals intelligence (SIGINT) agencies.

Cybersecurity is important to all of us because our lives are now enmeshed with digital information and communication technologies.  Our kids, our work, our livelihood — everything we do — now depends on instantaneous access to communications and information networks.

While everyone can readily agree that cybersecurity is critical, how to secure cyberspace, to what end, and for whom are all questions around which there is widespread controversy and disagreement.  For some, cybersecurity means securing the global communications infrastructure regardless of territorial boundaries, from the code to the satellites and everything inbetween.  For others, cybersecurity is about securing one government’s critical infrastructure first and foremost, with some even developing offensive weapons to exploit vulnerabilities in other government’s networks.  For yet others, the security of cyberspace is a function of an overarching concern with the security of human rights.

Moving from the “what” to the “how” of cybersecurity brings yet more confusion: In what forums are the most important decisions around cybersecurity taken? Who is permitted to participate in those forums?  As cyberspace deepens and expands, these issues are becoming more complex. Staying on top of and engaging all of these different forums is a growing challenge for all stakeholders.

In attempt to bring clarity to these issues, the Freedom Online Coalition (FOC) has created a working group on “Internet Free and Secure” in the lead-up to the next meeting of the FOC in Mongolia in May 2015.  I am pleased to co chair that working group with Simone Halink from the Dutch Foreign Ministry.  A description of the working group can be found here.

As part of our working group’s outputs, we are producing a blog series (of which this post is the first).  Subsequent posts will be written by other working group members (or guest authors), and will cover a range of topics related to cybersecurity including discussions taking place at the ITU, the UN, the London Cyber Process, NATO, OSCE, WSIS, the IGF, and other regional forums.  Our aim (as we outlined it in our first working group meeting) is to create a blog series “that would serve as a platform to explore in depth the existence, relevance, and status of various spaces where cybersecurity issues are being discussed” and provide “a way to share this information with the broader community and highlight potential avenues for greater civil society engagement.” In an effort to add value to the ongoing work on cybersecurity done elsewhere, other activities undertaken by the working group include refining the definition of cybersecurity, developing a visual overview of relevant global spaces where cybersecurity debates are taking place, and advancing the normative debate on cybersecurity.

The working group represents a diverse group of stakeholders, including representatives from civil society and government.  No doubt, with such a diverse group we are going to have some views that overlap, but also some disagreement. (I recently outlined my own views on what I think are the most important concerns around cybersecurity today, which can be found here).   While we may not agree entirely on all of the outstanding questions around cybersecurity, we hope to generate through this series of blog posts some interesting insights.