Governing Cyberspace during a Crisis in Trust

00:04

There’s a paradox in cyber security.

00:06

On the one hand we’re trying to drive wealth creation

00:09

and economic opportunity and prosperity,

00:12

on the other hand what we’re doing is building economic vulnerability

00:15

into our model because we’re connecting everything that we can

00:18

to the internet.

00:19

The difficulty when it comes to making cyber security policy

00:22

is that when we think about our governance structure,

00:25

we usually do it in one of three ways.

00:27

We look at economics on the one hand,

00:29

we look at national security on the other hand

00:31

and we look at international stability as a third and final pillar.

00:36

The problem with that, of course,

00:37

is now cyber security runs between all three of those pillars.

00:40

So when I think about the rules that govern cyberspace,

00:42

one of the starting points is actually the United Nations Charter.

00:45

And that governs the use of force

00:47

— or the threat of the use of force —

00:48

between states.

00:49

The problem, of course, is that the UN Charter was drafted in the 1940s.

00:53

and we’re sitting here today in 2019

00:56

dealing with transformative technology.

00:58

So when you think about the way

00:59

that states are operating in cyberspace

01:01

the problem is they’re operating in this hybrid zone

01:04

where it’s certainly aggressive, it’s certainly adversarial

01:07

but it doesn’t necessarily meet the traditional thresholds

01:10

that we see in modern international law

01:14

as it relates to the conduct between states.

01:16

So what we’re seeing is states being able to use that grey area

01:20

to effectively undertake aggressive cyber action

01:23

and cyber security knowing that the current governance structure

01:26

is a little bit inadequate and antiquated.

01:28

The fact that the global rules are still in their infancy

01:31

has led to a waning of trust in two important respects:

01:34

one at the individual level and the second at the state level.

01:37

So with respect to individuals,

01:39

it’s hard not to see individuals changing the way

01:42

that they’re interacting with technology because

01:44

you can’t pick up a newspaper without

01:46

there being a story about the greatest exploit that just happened.

01:48

Think of Facebook, think of Cambridge Analytica.

01:51

So we’re starting to see an erosion of trust at the individual level,

01:54

which is deeply problematic.

01:56

But even more so

01:57

we’re seeing an erosion of trust at the state level.

01:59

We’re looking at foreign adversaries meddling in elections,

02:01

we’re looking at people stealing intellectual property,

02:03

which erodes trust in the system,

02:05

and that is the most dangerous thing that we’re seeing.

02:08

CIGI wanted to convene a group of experts

02:10

to deal with this issue because of its importance

02:12

and we took a bit of a different tack

02:14

than most other think tanks.

02:14

We brought in CEOs of companies

02:17

that are actually working day to day in this space.

02:19

We brought in academics and policy makers

02:21

to convene what we’re hoping will be

02:23

an important national and international conversation

02:25

to be able to get trust in cyberspace right.