The continuing advancements of the Internet and associated technologies have brought new opportunities to governments, businesses, and private citizens. At the same time, they have also exposed them to new risks. However, Internet adoption has not been even and countries or economies have come online in different ways and at varied paces. As a result, awareness of cyber risk and approaches to managing it can differ greatly between jurisdictions. This is a particularly true when thinking about emerging economies, which have typically had a very different online journey than developed markets in Europe or United States. One way to ensure we can address this gap is through the use of confidence building measures (CBMs).
CBMs aim to instil good cybersecurity practices across the global online economy, focusing on the critical cybersecurity work that can be done in the early stages of a country’s emergence into cyberspace. Not only can CBMs help reduce vulnerability to cybercrime in general, by embedding best practices in the foundations of a country’s approach to the Internet, but they can also complement the objectives of cybersecurity norms. This is because CBMs seek to diminish the risk of a potential online inter-state escalation by enhancing transparency of government action and encouraging cooperation around areas of common interest. This, combined with their ability to act as vehicles for sharing best practices and delivering cyber-capacity building, makes CBMs worthy of more attention.
CBMs have a particular relevance for economies that have seen very recent but rapid growth of the Internet. Unlike developed economies, which saw it grow incrementally over the past twenty years, users from emerging economies have had little chance to gradually adjust their behaviors online. Typically, increased internet access and more mature technological development is correlated with improvements in cybersecurity. However, our research has suggested that some emerging countries may not be ready to secure their ICT infrastructure in a way that is commensurate with the increased use of computer systems by their citizens and businesses, as well as the government itself. The consequences of this cybersecurity gap for the countries concerned could be very serious. More than this, however, the interconnectedness of the Internet at the global level makes weaknesses in one part of it a potential threat to the rest. Since the majority of the 3+ billion people online today come from the Global South, the problems posed by such gaps represent a weakness for the globe’s overall cybersecurity and, in terms of cyber conflict risks, for its real world security too.
Governments are not oblivious to the challenges outlined above. A cursory glance at a map or a timeline of cybersecurity policies, guidelines, and regulation shows us that over sixty percent of the world is currently developing some sort of cybersecurity framework, hoping to secure their critical systems, or developing laws to help them catch cybercriminals. This is where collaboration on cybersecurity, as envisioned in CBMs, can be particularly beneficial. Moreover, the returns of CBMs are also real for the global online ecosystem itself. Despite government initiatives to limit online criminal activity in its borders, cyberspace continues to be a global endeavour. Improving not only cooperation, but the overall level and consistency of cybersecurity practices is therefore the best way of dealing with cybercriminals who show no respect for traditional borders.
There is considerable economic upside to be gained as well. The digital economy contributed $2.3 trillion to the G20’s GDP in 2010, an estimated $4 trillion in 2016, and is growing at 10% a year. For emerging markets, research suggests that the effect could be even greater. Certainly, the skills developed locally through CBMs and cybersecurity training correspond to the skills needed to enable local businesses to scale up and innovate, without having to rely on outside, more expensive talent.
For all these reasons the case for CBMs is compelling. They can equip countries to navigate the global online environment, as well as to be able to respond operationally to international requests for assistance. They also help the public and private institutions in one country join a broader community of security experts, allowing everyone to engage in a full range of protection, detection, response and recovery activities. However, bringing them into effect is not always easy. We will all need to work together, government to government and business to government – through efforts such as these and these – to create and then promote an international corpus of effective and practical CBMs in order deliver the confidence everyone needs to trust in the Internet and in the technology that is increasingly central to their lives.