A quest for order amid cyber insecurity

Better arrangements and intense partnerships, but with extra safeguards, are needed in a more contested domain

Updated - July 30, 2020 12:54 am IST

Published - July 30, 2020 12:02 am IST

In cyberspace, it is the best of times for some and the worst of times for others. Between them, Apple, Amazon and Microsoft have added more than a trillion dollars in market value, since the start of 2020. On the other hand, cyberattacks have grown. In one week in April 2020, reportedly, there were over 18 million daily malware and phishing emails related to COVID-19 monitored by a single email provider, in addition to more than 240 million COVID-19-related daily spam messages. Twitter hackers collected $120,000 in full public gaze, while a “ransomware” target in California quietly paid 116.4 bitcoins or $1.14 million. There is also concern about the role of states. Australia mentioned of attacks by a state actor. China has been accused of hacking health-care institutions in the United States working on novel coronavirus treatment. The United Kingdom has warned of hackers backed by the Russian state targeting pharmaceutical companies conducting COVID-19 vaccine research. The ban on specified Chinese Apps, on grounds that they are “engaged in activities prejudicial to the sovereignty and integrity of India” adds another layer of complexity to the contestation in cyberspace. Cyberinsecurity of individuals, organisations and states is expanding amidst COVID-19.

While we are embracing new ways of digital interaction and more of our critical infrastructure is going digital, the parameters of the transformation under way are not understood by most of us. Like global public health, cybersecurity is a niche area, left to experts. COVID-19 made us realise the role of the global public health infrastructure and need to abide by agreed rules. Similarly, a better understanding of the global cyberspace architecture is required.

Also read | Cyber crimes on the rise during pandemic, says U.N. disarmament chief

No global commons

Borderless cyberspace, as a part of the “global commons” does not exist. It is an illusion that connectivity across national boundaries nurtured. The Internet depends on physical infrastructure that is under national control, and hence is subject to border controls too. Each state applies its laws to national networks, consistent with its international commitments. States are responsible for cybersecurity, enforcement of laws and protection of public good. States are responsible for their actions, as well as for actions taken from within their sovereign territory. This is easier said than done. The infrastructure on which the Internet rests falls within jurisdictions of many states with differing approaches. Cyberspace has multiple stakeholders, not all of which are states. Non-state actors play key roles — some benign, some malignant. Many networks are private, with objectives differing from those of states. Finally cybertools are dual use, cheap and make attribution and verification of actions quite a task.

Nevertheless, states alone have the rights of oversight. There is no equivalent of a World Health Organization which can monitor, assess, advise and inform about fulfilment of state commitments, in however limited or unsatisfactory a manner. In short, the search for cyber “rules of the road“ is still on. We are at an incipient stage of looking for “cyber norms” that can balance the competing demands of national sovereignty and transnational connectivity.

Gaps in current processes

It was in 1998 that Russia inscribed the issue of information and communications technologies (ICTs) in international security on the UN agenda. Since then six Group of Governmental Experts (GGE) with two-year terms and limited membership have functioned — the most on any issue at the United Nations. In addition, an Open-Ended Working Group (OEWG) began last year with a broadly similar mandate, but open to all. More than 100 states evinced interest. However, it is meandering along, with a report likely next year. The discussions are narrowly focused in line with the mandate of the forum that set it up. Issues such as Internet governance, development, espionage, and digital privacy are kept out. While terrorism and crime are acknowledged as important, discussion on these has not been focused on, as ostensibly best done in other UN bodies.

Also read | Interpol warns of cyberthreats during pandemic

The net result of the UN exercise has been an acceptance that international law and the UN Charter are applicable in cyberspace; a set of voluntary norms of responsible state behaviour was agreed to in 2015. What aspects of international law and in what circumstances will be applicable remains to be addressed. UN Secretary General António Guterres’s recent report, “Roadmap for Digital Cooperation”, gently calls for action. A few confidence building measures may follow. However, short of a cataclysmic event, these processes do not hold much hope in the current geopolitical circumstances.

More engagement needed

Generally the growth of technology is way ahead of the development of associated norms and institutions. Cyberspace is experiencing this too. It provides countries such as ours some time and space to evolve our approach, in tune with the relevance of cyberspace to India’s future economic, social and political objectives. Despite the digital divide, the next billion smart phone users will include a significant number from India. As India’s cyber footprint expands, so will space for conflicts and crimes (both of a private and inter-state nature). Shared “rules of the road” become imperative. We have a very active nodal agency for cybersecurity in the Indian Computer Emergency Response Team (CERT-In), Ministry of Electronics and Information Technology. India has had representatives on five of the six GGEs. We participate actively at the OEWG. The Shanghai Cooperation Organisation, of which we are a member, voiced support for a code of conduct. India joined the Christchurch Call which brought together countries and companies in an effort to stop the use of social media for promoting terrorism and violent extremism.

Also read | 9,100 coronavirus-themed cyberattacks witnessed in India between Feb.2 and May 2: Microsoft

The next phase in an increasingly contested and fragmenting domain requires better arrangements and more intense partnerships, but with more safeguards. Domestically, we need the clarity that adoption of a data protection legislation will bring. Globally, we need to partake in shaping cybernorms. Acceding to the Budapest Convention, or Convention on Cybercrime of the Council of Europe (CETS No.185), which started as a European initiative but has attracted others, is an option that we should examine. We need to encourage our private sector to get involved more in industry-focused processes such as the Microsoft-initiated Cybersecurity Tech Accord and the Siemens-led Charter of Trust. Engagement in multi-stakeholder orientations such as the Paris Call (for trust and security in cyberspace) can help. In preparation for the larger role that cyberspace will inevitably play in Indian lives, we need a deeper public understanding of its various dimensions. Cyberspace is too important to be left only to the experts.

Syed Akbaruddin has served as India’s Permanent Representative at the United Nations

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.