Real Rules for Virtual Space

By TANG LAN

Real Rules for Virtual Space

By TANG LAN

The international community struggles to find common ground on cyber security

M ore than 700 representatives from 60 countries recently attended the London Conference on Cyberspace, hosted by the British Foreign and Commonwealth Office. The conference, held November 1-2, was aimed at helping devise international rules for the Internet. How to regulate activities in cyberspace and deal with various cyber threats has become a major world security focus. But it is diffcult for countries to discard suspicions and establish mutual trust on cyber security.

Challenges

In recent years, nations around the world have become increasingly concerned about security in cyberspace. Cyber security currently faces challenges in fve areas: technological advances, the wide application of information technology, cybercrimes, the growing infuence of non-state actors in cyberspace and so-called “cyber warfare.”

The more complicated cyber technologies and systems are, the bigger their potential bugs will be. New services, applications and technologies like social networking, mobile Internet and cloud computing pose huge challenges.

In the Information Age, fnancial services, energy, telecommunications and transportation facilities are closely linked. This has become a weak point of safety, as large-scale cyber attacks targeting these systems are on the rise. In 2011, hackers attacked fnancial institutions like the New York Stock Exchange, South Korea’s National Agricultural Cooperative Federation, Citibank, the IMF, and the Stock Exchange of Hong Kong as well as defense technology companies such as U.S.-based Lockheed Martin and Japan’s Mitsubishi Heavy Industries and IHI Corp.

Cyber criminals have built a giant network and developed an “underground economy.” Cyber security provider Symantec Corp. has estimated the cost of cybercrimes worldwide at $114 billion annually, exceeding the combined global black market in marijuana, cocaine and heroin.

The development of social networking gives everybody a chance to become a media center. Social networking is now an important platform for organizing protests. For instance, the “Occupy Together” movement originated from the Internet. Hacker organizations like Anonymous and LulzSec constantly challenge the authority of governments. They have not only attacked websites of big companies like Sony, but also hacked into the websites of U.S. Senate, the Central Intelligence Agency, Britain’s Serious Organized Crime Agency and the Malaysian Government. Most countries are not yet fully prepared to manage these risks.

A number of countries, including the United States, France, Britain, South Korea and Japan, have established cyber commands, claiming to enhance cyber attack abilities. The United States, Australia and New Zealand recently for the frst time men-tioned cyber warfare in their national defense papers. According toThe New York Times, there was a debate in the Barack Obama administration about whether or not a cyber attack should be conducted to disturb or even destroy Muammar Gaddaf’s defense system. British Foreign Secretary William Hague said the world was in the grip of a new and fnancially crippling arms race in cyberspace, when interviewed byThe Sunnewspaper.

As British Prime Minister David Cameron pointed out during the London Conference on Cyberspace, the reason why the participants gathered to discuss cyber security is that the Internet has become as an important force for economic, social and political development, and threats from cyberspace are real and pressing. The conference focused on fve themes: economic growth and development, social benefts, safe and reliable access, international security and cybercrimes. These issues present challenges to all countries and are the key for future development.

The participants reached consensus on dealing with cyber security challenges. They agreed the world needs a safe and trusted cyberspace and what is unacceptable offine is also unacceptable online. They pointed out maintaining cyber security is the common responsibility of governments, businesses, society and individuals, and all of them should obey existing international laws and traditional codes of conduct instead of jeopardizing world peace.

Difficulties

Making rules for cyberspace inevitably concerns the basic principles and core interests of all countries. Despite growing consensus, differences and disputes remain. Hague confessed at the London conference that reaching common understanding is a huge challenge.

CFP

Countries have quite different opinions about cyberspace rules. Some insist on following current international laws and regulations, such as the UN Charter, the law of war and the EU Convention on Cybercrime. Some believe no existing rules are suitable for cyberspace, and others suggest amending current laws and regulations to ft technological and social development.

When it comes to rule-making in cyberspace, it is hard to strike a balance between development and security, between openness and supervision, and between freedom and security. Governments are obligated to supervise cyberspace while refraining from hindering technological advances and infringing upon citizen rights. “Our task today and in the future is to strike a balance,”Cameron said at the London conference.

Participants, however, disputed the role the government should play. Some expressed the view that the government should not take over overall management of cyberspace under the pretext of fighting cybercrimes or maintaining cyber security. The disputes come down to whether sovereignty in cyberspace should be recognized and if it is legal for the government to exercise jurisdiction over acts in cyberspace.

Countries care about who is the rulemaker of cyberspace. Many years ago, the UN issued several documents on protecting cyber security and combating cybercrimes. The International Telecommunication Union, a specialized agency of the UN, has also developed international platforms for cyber security, like the World Summit on the Information Society and the Global Internet Governance Forum, and issued a series of guidelines on cyber security endeavoring to extend its functions to cyberspace.

But many countries want to have a say in cyberspace rule-making. They have proposed different principles on global Internet governance, such as the International Code of Conduct for Information Security drafted by China, Russia, Tajikistan and Uzbekistan and the Convention on International Information Security put forward by Russia. India, Brazil and South Africa have suggested establishing a new international organization to supervise global cyberspace governance. It demands more diplomatic and political skills as well as uninterrupted communication among different countries to narrow these differences.

China’s responsibilities

China, the country that has the largest number of Internet users, has benefted from the development of information technology. In 2010, the trade volume of China’s electronic commerce reached 4.5 trillion yuan ($703.13 billion).

China also is a victim of cyber attacks and cybercrimes. According to statistics from the National Computer Network Emergency Response Technical Team Coordination Center of China, over 6 million host computers’ IP addresses in China were infected by malicious Trojan and Botnet programs during the first eight months this year. At least 29,000 Chinese websites were attacked by hackers, causing huge losses for Internet users as well as the fnancial services, transportation and energy sectors.

China actively participates in international cooperation and has played a responsible role on multilateral, regional and bilateral platforms. It has engaged in judicial cooperation with more than 30 other countries. For example, earlier this year, Chinese authorities and the U.S. Federal Bureau of Investigation jointly cracked down on an illegal website based on their mutual desire to curb the spread of child pornography.

Striking cybercrimes and building a safe and trusted cyberspace are in accordance with China’s national interests. The Chinese Government has amended and issued several laws and regulations in recent years on the conviction and punishment of hackers and cyber criminals. It has taken steps to crack down on cybercrimes and intellectual property right infringements. Chinese Internet service providers are also making efforts to improve cyber security.

China hopes to create a safe, reliable, just and peaceful cyberspace. It has proposed fve principles for future international cyberspace rules—cyber sovereignty, international cooperation, balance between different needs, peaceful use of the Internet and fairness. It believes a UN-led international platform should be established to jointly fnd a solution to cope with cyber security challenges. The platform should have sovereign states as main participants, involve multiple stakeholders and underline the importance of cooperation between public and private sectors.

The author is vice director of the Institute of Information and Social Development at the China Institutes of Contemporary International Relations

LIU HAIFENG