The Internet has broken down national barriers and created a global economy with anyone, from almost any country, free to surf, shop, or engage in any other online activity on any site, anywhere in the world.
In parallel, the Internet has given hackers the ability to build or join worldwide criminal operations, swooping in on victims regardless of location, nationality, or any other formerly limiting factor.
If bad actors get together in an international online coalition to create cyber-havoc, then authorities responsible for ensuring cyber-safety and preventing cybercrime should be taking countermeasures. Unfortunately, they are not – and the way things are going, it may be quite a while before we see a truly coordinated international approach to fighting hackers, as countries, agencies, jurisdictions, and organizations jockey to defend and protect their own interests, even as hackers further their worldwide cooperation and expand the scope and aim of their attacks.
The sad truth is that there is currently no solid international cooperation or coordination between governments on tracking down and stopping hackers. There are, of course, many international hacker groups – the best known one is the amorphous entity that calls itself Anonymous – but over the years, we’ve seen that building an international coalition to battle such groups has been notoriously difficult. Instead of focusing on preventing attacks by going after hacker groups – something that would be far easier with international cooperation – countries remain stuck on the model of defending themselves, spending ever-larger sums of money to fend off the latest threat, even as hackers develop new tactics to break those defenses.
That’s not to say we’re not trying. The latest idea for international cyber-cooperation comes in the form of the Global Commission on the Stability of Cyberspace (GCSC), a public-private partnership between governments and some of the world’s top tech firms (including Microsoft) to develop “norms” — rules that all governments and international agencies can agree on to prevent cybercrime. One norm, for example, resolves that all states respect the core of the Internet (the DNS system, international undersea cables, etc.), while another calls on governments to respect the process of online elections and to do everything they can to ensure they are executed without interference.
If that sounds a bit mild in the wake of what is going on out there, I can tell you that it’s been a lot more successful than the previous attempt to unite the world’s good guys in the fight against cyber-threats. The UN’s Group of Governmental Experts (UN GGE) tried mightily to convince governments that cooperation was the key to successful cyber-defense. However, that effort was rejected by the EU Foreign Affairs Council, which took issue with how national sovereignty applies in cyberspace, how aggressive a country can be in its cyber-defense strategy, and whether or not international humanitarian law applies to cyber-operations. Had the UN GGE been successful, it would have provided the legal basis for international organizations like Interpol to more aggressively pursue cyber-criminals. But with the rules still up for debate, international law enforcement groups find they are stymied by the policies implemented by national governments that often obstruct investigations.
And yet there is hope; governments are slowly beginning to realize that with cyber-threat increasing, their institutions, citizens, banks, infrastructure, or other critical deployments could be next. Sooner or later, countries will come together to protect their common interests, at least against the lawless cyber-gangs that roam the internet, picking off banks and databases anywhere and everywhere – even in countries that themselves have been accused of sponsoring bank hacks.
Outlining the rules is going to be complicated; as the UN GGE showed us, nobody wants to give up anything, at least unless they get as much, or more, back. But the GCSC’s development of international norms is a good first step – and in fact, it has historical precedence. Much of the history of the 20th century is a history of nations with different interests coming together for a common goal — to eliminate disease, to encourage international trade, to prevent nuclear war erupting between the superpowers. It’s not a perfect system, but it shows how problems can be solved when the determination to do so is there. Will we see that process repeat itself in cybersecurity? Let’s hope so.
Major Gen. (Ret.) Prof. Isaac Ben-Israel is Director of the Blavatnik Interdisciplinary Cyber Research Center at Tel Aviv University and Chairman of Cyber Week.