The global cyber security environment is confronted with a variety of problems, such as network information inundation, information pollution, information infringement, information monopoly and the cybersecurity crisis.
Cyber security is a complex issue straddling many arenas. It is not just a technology problem that can be solved; it is a risk to be managed by a combination of defensive technology, astute analysis of information warfare and traditional diplomacy. International cooperation is indispensable to securing cyberspace.
The issue of cybersecurity came to the fore after the sensational revelations of Edward Snowden in 2013, which made clear that the US government and some of its allies were trying to control the internet and its ecosystem. It was revealed that they were systematically spying on the entire world, and that this surveillance was carried out by prominent intelligence agencies such as the American National Security Agency (NSA) and the British Government Communications Headquarters (GCHQ). The modes of surveillance were broad, with the ‘monitoring of voice calls, emails, secure networks and servers‘ in almost all countries, even including the close allies of the USA, such as France, Mexico, and Germany.
Most importantly, it was discovered that since 2006, the USA had begun its ‘cyber-offensive’ operations against the computer systems of the Iranian government. The most alarming cyberattack was the deployment of the Stuxnet virus on the Iranian Natanz Nuclear Facility in 2010. The virus was purportedly devised by the USA and Israel to damage the Natanz uranium enrichment facility, and has impaired thousands of centrifuges and infected around thirty thousand computers. As a result, Iran was forced to take tens of thousands of computers offline.
Furthermore, in 2012, the USA and Israel jointly developed an advanced computer virus called Flame, which mainly ‘collected intelligence in preparation for cyber-sabotage aimed at slowing Iran’s ability to develop a nuclear weapon‘.
Recently, it was brought to the public’s attention that Iranian hackers targeted US citizens in the period leading up to the 2020 US presidential elections. In October 2019, Microsoft warned that a hacker group led by the Iranian government tried to breach email accounts linked with journalists, US government officials, and the US presidential campaign. In June 2020, Google reported that Iran attempted but failed to breach email accounts linked with the re-election campaign of President Trump.
These anomalous patterns of surveillance and grave risks stemming from the cyber domain could be traced back to the idea of the ‘panoptic prison’, propounded by the English social theorist Jeremy Bentham in the late 18th century. He conceptualised the panoptic prison as an institutional shell in which one guard would be able to monitor all the prisoners, but the prisoners themselves would not be able to see either the guard or each other. The structure of such a prison was portrayed as ‘a circular atrium with cells along the perimeter facing inwards and with a single watch tower in the middle where the watchman would be able to observe without being observed’. Bentham envisioned that, although the prisoners would never be able to know whether they were actually being watched or not, they would know the possibility existed due to some partitions and twisting passages in the watchtower.
It is notable that even long before the discovery of the internet, Bentham anticipated a physical structure called the ‘panopticon’, deliberately designed to encroach upon the privacy of individuals therein. In light of a broader application of the Benthamite delineation, one could remark that the process of ubiquitous surveillances and unforeseen perils being witnessed today as a result of the unprecedented diffusion of modern communications technologies, may appropriately be characterised as ‘cyber-panopticism’.
In this regard, the crucial, yet alarming, consideration is that, although standardised regulatory provisions have been devised and enforced in the technological domain, there are no such obligatory institutional norms in effect to adequately regulate global cyberspace, and there may be a few reasons for the ineffectiveness or absence of institutional norms in global cyberspace.
One reason could be the chaotic nature of cyberspace, where everyone is claiming to be in the driving seat because there is no supranational authority in existence that possesses the power to effectively manage the affairs of global cyberspace. Another could be that different actors have different proposals regarding institutional norms, which often leads to difficulties in the construction of an effective institutional framework for regulating global cyberspace. For instance, while the USA tends to delineate the global cybersecurity environment through the prism of ‘threats’, China defines it through the viewpoint of ‘development’ and ‘socio-political stability’.
While analysing this contrasting reality of today’s interconnected world, David Rothkopf phrased the term ‘network paradox’, which means ‘a phenomenon by which joining a network can both strengthen and create new vulnerabilities for those on the network‘. Most importantly, what has become more challenging in the realm of internet governance is the ability to create an adequate balance between global openness and security. Thus, it has become necessary to work towards a broader and pragmatic idea of the security paradigm of internet governance, where deliberate practices should increasingly be directed towards safeguarding the internet as a global asset, rather than simply preventing its anticipated strengths and weaknesses. Finally, it is imperative that diplomatic engagements and political decisions are incorporated, with the aim of yielding strong international commitments and collaborations.