GG2022 - Global Cyber (Security) Governance – Facing a Decisive Decade

BERLIN - We are standing at the beginning of a decade which will be decisive for the future of the Internet and of the Cyberspace as a whole. Similar to the Rio Summit in 1992, which marked the entering of environmental governance on the international scene, 2012 is seen as the starting point for global governance of cyberspace.

… well, I hope these two sentences grabbed your attention! Before you continue reading, please take a second and ask yourself whether you have the slightest idea of what “Global Governance of Cyberspace” means, or how the Internet works. If not, it might be worth quickly Googling these questions and/or to ask Wikipedia (what would we do without search engines) …

Bearing in mind the difficulty of analogies, the policy areas ‘environment’ and ‘cyber’ share some key aspects: They are both truly transnational, cross-sectoral and affect every person on earth. The main difference, however, is that global environmental governance started 20 years earlier. So what does cyber governance stand for today?

The Internet, originally a digeratis’ playfield, today has more than 2 billion users, including some “black sheep” who “pollute” the net with malicious soft- and hardware. More and more sophisticated Denial-of-Service-, Stuxnet- and Trojan-attacks have rung the alarm bells in capitals across the globe. Governing cyberspace to raise security standards has therefore become a major issue. Following the United States as a (still) leading cyber nation, many other global players have presented their strategies on cyber security governance. No matter if drafted in Beijing, Delhi, Moscow or Washington, all documents underline the necessity of multilateral action.

Additionally, growing discussions on the handling of “dual-use” cyber technology i.e. in Libya or Syria shed light on cyber infrastructure governance, thus the roles and responsibilities of private Information and Communications Technology (ICT) supplier that provide the necessary hard- and software. So far, Western technology has dominated the infrastructure of the internet.

... just a side note: did you actually know that more than 500 million Chinese use the Internet? And did you know that ICANN (the American organization administering internet domain names) approved the use of Chinese characters, likely to overtake English as the dominant language of the web? ...

Based on these developments, the Internet faces fundamental cyber governance discussions in 2012. Many voices claim, that the “World Conference on the International Telecommunications” (WCIT-12) hosted by the International Telecommunication Union (ITU) in December 2012 in Dubai will become the “Rio Summit for Cyberspace”, the start of cyberspace governance discussions to touch upon overarching internet-values such as openness, freedom, security, growth and enforcement of the rule of law. Founded in 1865, the ITU is the oldest international organization. Critics claim that ITU’s old-school, non-transparent, top-down, government-exclusive character do not fit what is needed for the 21st century.

Bertrand de la Chapelle, Program Director at the French International Diplomatic Academy, writes in a MIND publication on Internet Policy Making (September 2011) that “the Internet, being borderless, reveals the limits of the Westphalian international architecture based exclusively on nation-states. We need a paradigm-shift in policy-making, away from traditional forms of governance towards a multi-stakeholder model”.

What could be the alternative then? The ‘Internet Governance Forum’ (IGF) claims to be the post-Westphalian forum for multi-stakeholder policy dialogue on the Internet. The IGF summit 2012 in Baku bears the overarching title “Internet Governance for Sustainable Human, Economic and Social Development”. In any case, this first gathering after the “Arabellion” underlines the impact of the internet society on the governance of the online and of the real world.

Westphalian minded ITU vs. multi-stakeholder IGF ˗ two opposing governance concepts for cyberspace? Which organization, which decision-making process will take the lead in this process? How will this process get organized? What are the objectives of the stakeholders involved? How might specific online-governance spill over into the offline-domains?

… by the way, ITU und IGF are not the only multilateral environments dealing with cyberspace. You will discover further reaching cyber governance activity in many multilateral organizations: the Council of Europe, the Organization for Security and Co-operation in Europe, the Shanghai Cooperation Organization, the European Union, the Association of Southeast Asian Nations,…

It is still too early to provide an answer to the aforementioned questions. However, a few factors for future scenarios seem to be likely: The global environmental governance shows the long path ahead to reach a global consensus on how to govern cyberspace. Regional agreements on specific topics such as cyber-crime will set the next milestones rather than a comprehensive global breakthrough. Additionally, the contradiction is not as clear as “multi-stakeholder utopists vs. old-school Westphalians”. Once the IGF gains true decisive power, its decision making processes will also undergo adjustments. Additionally, ITU delegations already comprise participants from other stakeholders. Last but not least, national actors will still remain key actors in an increasingly international and interdependent world.
 

Joachim Knodt is a fellow of the GG2022 program and a desk officer with the International Cyber Policy Coordination Staff at the German Federal Foreign Office. The views expressed in this column are those of the author and do not necessarily represent the views of, and should not be attributed to, the German Federal Foreign Office.

This column is part of a series from the GG2022 fellows. For more information on GG2022 please see here.