Creating a wall of trust around cyber risk
Alejandro Fernández-Cernuda Díaz of the Global Cyber Alliance outlines how the very notion that the internet was built upon is at the heart of its future security...
Trust has been a central component of the internet since its inception. Trust guided its architecture and design as a network of networks. It guided its transformation from a restricted government infrastructure to becoming the engine for the world’s digital revolution in just a few decades. Even the development of its unique multi-stakeholder governance model was based on trust. However, that trust, together with some commercial haste, also made it possible for some serious flaws in its underlying structure to go overlooked.
Internet of flaws
There are multiple inherent imperfections in the internet’s current structure. These include legal and contractual ambiguities which hamper prosecution and international coordination. There are also educational deficiencies and misconceptions making social engineering the number-one attack vector. Furthermore, there are a whole range of technical issues that are about to multiply when developments like 5G, ultra-connectivity or IoT make data immediately available everywhere.
Naturally enough, the cyber crime industry also feeds on these flaws. From swarms of botnets working semi-autonomously to criminal groups performing ever more complex attacks and fearsome state-sponsored cyber units with enormous capacities to disrupt our connected everyday lives.
A trustworthy internet?
However, in recent months several initiatives supported by the Global Cyber Alliance have shown that the trust within the multi-stakeholder model can also be assertive and operational, calling for coordinated action to face the ever-growing insecurity of the cyber ecosystem.
This was the case of the reinvigoration given by France to the all-encompassing “Paris Call for Trust and Security in Cyberspace” on the occasion of its first anniversary, last November. More specific projects such as the Cyber Tech Accord and the CyberPeace Institute, which started in 2019, also call for action focusing on technical coordination and on the defence of civilians acts of cyber war, respectively.
This notion of trust – and the capacities behind the organisations championing these initiatives – adds a special value to security concepts like DMARC, DNSSEC, CIS Controls, secure-by-design IoT, MANRS, or even cyber hygiene. It turns them from solutions to specific problems into actual indicators of trustworthiness – possible prerequisites of belonging to a select group of “good” players. Probably this is why the EU now mentions “trust” – and not “security”– as one of the pillars of the so-called “next generation internet”. Maybe we will never fix the system, but creating a wall of trust around it might be simpler than we think.
*the opinions expressed within the article are the individuals, and should not be taken as representative of the GCA.