4 minute read
CYBER SOVEREIGNTY – ANARCHICAL DREAM MEETS WESTPHALIAN NECESSITIES
Text: Juha Kukkola, Doctor of Military Sciences, National Defence University
By 2020 the libertarian or even anarchical dreams for cyberspace have been replaced with fear, honour, and interest – what Thucydides called the prime motives of state behaviour.
Advertisement
National borders, laws, and the state’s monopoly on violence will shape future legitimate use of cyberspace – even though private actors will largely own it.
The idea of cyber sovereignty has Russian and Chinese roots. It is based on a fear that the United States controls the Internet and can use this control to its advantage in the eternal competition among great powers. In context of this competition, sovereignty is a recipe for resistance and can possibly be used as an advantage. This novel type of sovereignty includes control of national information space and technological self-sufficiency. From Russian and Chinese perspectives, it makes sense to divide cyberspace into state-controlled segments. These segments help in controlling populations and protect ruling regimes from external and internal threats. Technological independence provides power through innovativeness and competitiveness of the national ICT-sector.
Cyber sovereignty is more complex for less powerful states. For starters, they have limited resources to develop technological independence. Moreover, the idea of cyber sovereignty creates challenges for states who consider their core values to be democracy, market economy, the rule of law, and respect for human rights. These challenges are not unsurmountable but must be thought through and openly discussed. Implementing haphazard national policies in a semi-transparent way can undermine the legitimacy of these chosen policies.
Definitions are important. It is vital to separate information environment from cyberspace. The latter is part of the former. Cyber sovereignty is about technology whereas information sovereignty would include the information content and even the minds and thoughts of people. Cyberspace can be further divided into physical, logical, and cyber-persona layers. If the third layer is included into sovereignty, our Internet accounts etc. should be connected to physical individuals or legal entities. Internet anonymity would become a myth. Conversely, if cyber sovereignty contains everything on the logical layer, then data moving through networks should have ‘nationality’. This would require a total reconfiguration of the Internet.
If cyber sovereignty applies only to the physical layer or systems and networks inside state borders, defining sovereignty becomes easier. However, it is unclear how a state can claim sovereignty over what is mostly privately owned ICT equipment and, in the extreme, their production and supply-chains. The concept of critical information infrastructure seems to offer a way out of this dilemma. Public and private actors can catalogue their systems based on the importance of these systems to the nation’s critical services and infrastructure (e.g. electricity, transportation, and healthcare). This catalogue could form the basis of state and private rights and responsibilities concerning critical information infrastructure. The problem here is threefold; what is ‘critical,’ who gets to decide this, and what does responsibility for something ‘critical’ mean?
Currently, the discussion about critical information infrastructure revolves around threats. International debate is concentrated on answering what is an armed attack in cyberspace and how states can respond to these attacks. Domestic debates focus on hybrid threats, that is, how critical infrastructure should be made resilient against the peacetime interference by hostile states. These debates threaten to militarize the issue of cyber sovereignty. Cyber borders and territory are associated with defence, which seems to suggest that the military should defend critical information infrastructure. This would require the presence of cyber forces in private and civilian networks even during peacetime. To legitimize such a mission would require an open public debate, incentivising the private sector to accept state interference, drafting new laws, and increasing the resources of defence forces.
The non-great power states cannot and should not shape their national cyberspace into technologically self-sufficient and sovereign segments like, for example, Russia is trying to do. There are several arguments against this. First, these states would not be able to create truly alternative cyber ecosystems. Small states do not have the resources to create competitive full-spectrum national ICT-industries and service platforms. Second, these states would lose the benefits from international cooperation and markets. As their critical information infrastructure might be owned by foreign companies and located outside their nation’s borders, ‘nationalizing’ this infrastructure could be quite difficult to achieve. Third, these states would convert national cyber security into cyber defence executed by the military in peacetime. This would ultimately hinder innovation and investment. Moreover, international cyber security cooperation would become difficult for non-allied states. Finally, these states would adopt an authoritarian way of managing cyberspace with high state intervention in markets. Consequently, the non-great power states would not be any more secure on their small ‘cyber islands’ than they are today.
State security has become inescapably intertwined with cyberspace. However, before we try to solve the challenges that this state of affairs presents, we should take a hard look at what cyber sovereignty entails. Small states and regional powers represent the majority of the world’s nations. How they define cyber sovereignty will determine how cyberspace will look like in the 2048, that is, on the 400th anniversary of the Peace of Westphalian.
JUHA KUKKOLA, Doctor of Military Sciences, National Defence University
