| May 2022 onwards | Past Year | Past 30 Days | |
|---|---|---|---|
| Abstract Views | 6384 | 6092 | 321 |
| Full Text Views | 42 | 22 | 1 |
| PDF Downloads | 50 | 24 | 2 |
| EPUB Downloads | 0 | 0 | 0 |
Be careful what you wish for: why more fragmentation might hurt global cybersecurity
Search for other papers by Mischa Hansel in
Current site
Google Scholar
Search for other papers by Jantje Silomon in
Current site
Google Scholar
Search for other papers by Emilia Neuber in
Current site
Google Scholar
Governmental representatives often cite security concerns as a reason when justifying policies that contribute to internet fragmentation. Restrictions, such as on the use of foreign soft- and hardware or data localisation requirements, are meant to lessen cybersecurity risks, including disruptive cyberattacks or state-led surveillance campaigns. Intuitively, it seems self-explanatory that these measures translate into cybersecurity gains – the more control a government has over a system, the more secure it should be. Although critics strongly dispute such measures by making an economic case, they hardly ever question the assumption made regarding cybersecurity benefits.
Our article challenges this view, taking public goods theory as our analytical point of departure to criticise notions of ‘weaponized interdependence’. Furthermore, we challenge the idea of secure national controls, which are key building blocks within justifications of governmental fragmentation policies at the application layer. More specifically, we argue that such justifications ignore negative impacts on the availability of key public goods in global cybersecurity, as well as other externalities. For example, while technological decoupling may well lead to less vulnerability to cyberattacks, it may also eliminate important incentives for self-restraint on the part of attackers due to potential blowback effects. It is with a view to such unintended consequences that we call for a more thorough assessment of the security risks and benefits within public policy debates on digital trade restrictions and data localisation.
-
Ablon, L., Libicki, M.C. and Golay, A.A. (2014) Markets for cybercrime tools and stolen data: hackers’ bazaar. Rand Corporation, https://apps.dtic.mil/sti/pdfs/ADA603661.pdf.
-
Acton, J. (2017) Cyber weapons and precision-guided munitions, in G. Perkovich and A. Levite (eds) Understanding Cyber Conflict: Fourteen Analogies, Washington, DC: Georgetown University Press, pp 45–60.
-
Allen, G.C. (2022) Choking off China’s access to the future of AI, Center for Strategic and International Studies, https://csis-website-prod.s3.amazonaws.com/s3fs-public/publication/221011_Allen_China_AccesstoAI.pdf.
-
Alper, A., Shepardson, D. and Pamuk, H. (2020) U.S. blacklists dozens of Chinese firms including SMIC, DJI, Reuters, https://www.reuters.com/article/us-usa-china-sanctions-idUSKBN28S0HL.
-
Bateman, J. (2022a) U.S.-China technological ‘decoupling’: a strategy and policy framework, Carnegie Endowment for International Peace, https://carnegieendowment.org/files/Bateman_US-China_Decoupling_final.pdf.
-
Bateman, J. (2022b) The fevered anti-china attitude in washington is going to backfire, Politico, https://www.politico.com/news/magazine/2022/12/15/china-tech-decoupling-sanctions-00071723.
-
Bauer, M. (2023) Building resilience? The cybersecurity, economic & trade impacts of cloud immunity requirements, ECIPE policy brief, https://ecipe.org/wp-content/uploads/2023/02/ECI_23_PolicyBrief_01-2023_LY07.pdf.
-
Bauer, J.M. and van Eeten, M.J.G. (2009) Stakeholder incentives, externalities, and policy options, Telecommunication Policy, 33(10–11): 706–19. doi: 10.1016/j.telpol.2009.09.001
-
Brehmer, H.J. (2018) Data localization: the unintended consequences of privacy litigation, American University Law Review, 67(3): 6.
-
Broeders, D., Cristiano, F. and Kaminska, M. (2023) In search of digital sovereignty and strategic autonomy: normative power Europe to the test of its geopolitical ambitions, Journal of Common Market Studies. doi: 10.1111/jcms.13462
-
Burnap, P. and Rana, O. (n.d.) Detecting the DNA of cyberattacks, https://www.cardiff.ac.uk/research/impact-and-innovation/research-impact/detecting-the-dna-of-cyberattacks.
-
Burman, A. and Sharma, U. (2021) How would data localisation benefit India?, Carnegie endowment India, https://carnegieendowment.org/files/202104-Burman_Sharma_DataLocalization_final.pdf.
-
Centre for Information Policy Leadership (2023) The ‘real life harms’ of data localization policies, https://www.informationpolicycentre.com/uploads/5/7/1/0/57104281/cipl-tls_discussion_paper_paper_i_-_the_real_life_harms_of_data_localization_policies.pdf.
-
Chander, A. and Le, U. (2015) Data nationalism, Emory Law Journal, 64(3): 679–739, https://ssrn.com/abstract=2577947.
-
Chimits, F., Ghiretti, F. and Stec, G. (2023) EU: De-risking as the new mantra for defining relations to China, in ETNC Report 2023, From a China strategy to no strategy at all – Exploring the diversity of European approaches, https://merics.org/sites/default/files/2023-08/ETNC_Report_2023_final.pdf.
-
Chirgwin, R. (2014) USA opposes ‘Schengen cloud’ Eurocentric routing plan, The Register, https://www.theregister.com/Print/2014/04/07/keeping_data_away_from_the_us_not_on_ustr/.
-
Christakis, T. (2020) ‘European Digital Sovereignty’: Successfully Navigating Between the ‘Brussels Effect’ and Europe’s Quest for Strategic Autonomy, Grenoble: University Grenoble-Alpes, https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3748098.
-
Claburn, T. (2022) Russia bans foreign software purchases for critical infrastructure, The Register, https://www.theregister.com/2022/04/01/russia_bans_foreign_software/.
-
Cong, W. (2022) The spatial expansion of China’s digital sovereignty: extraterritoriality and geopolitics, https://ssrn.com/abstract=4019797. or doi: 10.2139/ssrn.4019797
-
Drake, W.J., Cerf, V.G. and Kleinwächter, W. (2016) Internet Fragmentation: An Overview, Future of the Internet Initiative White Paper, World Economic Forum, http://www3.weforum.org/docs/WEF_FII_Internet_Fragmentation_An_Overview_2016.pdf.
-
Espinoza, J. (2023) EU considers mandatory ban on using Huawei to build 5G, Financial Times, https://www.ft.com/content/a6900b0f-08d5-433d-bfb0-f57b6041e381.
-
European Commission (2023) European Chips Act, https://commission.europa.eu/strategy-and-policy/priorities-2019-2024/europe-fit-digital-age/european-chips-act_en.
-
European Parliament (2022) ‘Splinternets’: addressing the renewed debate on internet fragmentation, https://www.europarl.europa.eu/RegData/etudes/STUD/2022/729530/EPRS_STU(2022)729530_EN.pdf.
-
Farrell, H. and Newman, A.L. (2019) Weaponized interdependence: how global economic networks shape state coercion, International Security, 44(1): 42–79. doi: 10.1162/isec_a_00351
-
Federal Foreign Office (2022) The federal government’s new digital strategy, https://www.auswaertiges-amt.de/en/aussenpolitik/digital-strategy/2551972.
-
Fleming, J. (2022) RUSI Annual Security Lecture 2022, https://www.gchq.gov.uk/speech/rusi-asl.
-
Gartzke, E. (2007) The capitalist peace, American Journal of Political Science, 51(1): 166–91. doi: 10.1111/j.1540-5907.2007.00244.x
-
Hill, J. (2014) The growth of data localisation post-Snowden: analysis and recommendations for U.S. policymakers and business leaders. doi: 10.2139/ssrn.2430275
-
Hill, M. (2022) Germany’s BSI warns against Kaspersky AV over spying concerns, CSO Online, https://www.csoonline.com/article/3653593/germanys-bsi-warns-against-kaspersky-av-over-spying-concerns.html.
-
Hoffmann, S., Lazanski, D. and Taylor, E. (2020) Standardising the splinternet: how China’s technical standards could fragment the internet, Journal of Cyberpolicy, 5(2): 239–64. doi: 10.1080/23738871.2020.1805482
-
Hughes, C. (2010) Google and the great firewall, Survival, 52(2): 19–26. doi: 10.1080/00396331003764538
-
Internet Society (2020) Internet way of networking use case: data localization, https://www.internetsociety.org/resources/doc/2020/internet-impact-assessment-toolkit/use-case-data-localization/.
-
ISC2 Cybersecurity Workforce Study (2023) How the economy, skills gap and artificial intelligence are challenging the global cybersecurity workforce, https://media.isc2.org/-/media/Project/ISC2/Main/Media/documents/research/ISC2_Cybersecurity_Workforce_Study_2023.pdf.
-
Kabelka, L. (2022) Sovereignty requirements remain in cloud certification scheme despite backlash, https://www.euractiv.com/section/cybersecurity/news/sovereignty-requirements-remain-in-cloud-certification-scheme-despite-backlash/.
-
Kaminska, M. (2021) Restraint under conditions of uncertainty: why the United States tolerates cyberattacks, Journal of Cybersecurity, 7(1). doi: 10.1093/cybsec/tyab008
-
Kianpour, M., Kowalski, S.J. and Øverby, H. (2022) Advancing the concept of cybersecurity as a public good, Simulation Modelling Practice and Theory, 116(1): 1–16. doi: 10.1016/j.simpat.2022.102493
-
Kohler, K. (2022) One, two, or two hundred internets? The politics of future internet architectures, Center for Security Studies, https://css.ethz.ch/content/dam/ethz/special-interest/gess/cis/center-for-securities-studies/pdfs/Cyber-Reports-2022-08-One-Two-or-Two-Hundred-Internets.pdf.
-
Komaitis, K. (2023) Europe is trading security for digital sovereignty, https://cyberscoop.com/europe-cybersecurity-digital-sovereignty/.
-
Krugman, P., Obstfeld, M. and Melitz, M. (2018) International Economics: Theory and Policy, Global edn, Harlow, United Kingdom: Pearson Education, Limited.
-
Lemley, M.A. (2021) The splinternet, Duke Law Journal, 70(6): 1397–427.
-
Libicki, M.C. (2009) Cyberdeterrence and Cyberwar, Santa Monica, CA, RAND, 32.
-
Lieber, K. (2014) The offense-defense balance and cyber warfare, in E. Goldman and J. Arquila (eds) Cyber Analogies, https://core.ac.uk/download/pdf/36732393.pdf#page=109, pp. 96–107.
-
Lieber, K. (2014) The offense-defense balance and cyber warfare, Cyber Analogies, 96–107, https://core.ac.uk/download/pdf/36732393.pdf#page=109.
-
Matheu, S.N., Hernández-Ramos, J.L. and Skarmeta, A. (2019) Toward a cybersecurity certification framework for the internet of things, https://ieeexplore.ieee.org/document/8713275.
-
McCabe, D. and Satariano, A. (2022) The era of borderless data is ending, The New York Times, https://www.nytimes.com/2022/05/23/technology/data-privacy-laws.html.
-
Merrill, N. and Komaitis, K. (2020) The Consequences of Fragmenting, Less Global Internet, Washington, DC: Brookings Institute, https://www.brookings.edu/techstream/the-consequences-of-a-fragmenting-less-global-internet/.
-
Mishra, N. (2019) Privacy, cybersecurity, and GATS article XIV: a new frontier for trade and internet regulation?, World Trade Review, 19(3): 341–64. doi: 10.1017/s1474745619000120
-
Moerel, L. and Timmers, P. (2021) Reflections on digital sovereignty, EU cyber direct, https://eucd.s3.eu-central-1.amazonaws.com/eucd/assets/khGGovSY/rif_timmersmoerel-final-for-publication.pdf.
-
Morozov, E. (2011) The Net Delusion: The Dark Side of Internet Freedom, Philadelphia: Perseus Book Group.
-
Moss, S. (2022) Ukraine: Russian military’s own encrypted phones impacted after destroying 3G/4G towers, allowing comms to be intercepted, Data Center Dynamics, https://www.datacenterdynamics.com/en/news/ukraine-russian-militarys-own-encrypted-phones-impacted-after-destroying-3g4g-towers-allowing-comms-to-be-intercepted/.
-
Mueller, M. (2017) Will the Internet Fragment? Sovereignty, Globalization and Cyberspace, Cambridge: Polity.
-
Mulligan, D.K. and Schneider, F.B. (2011) Doctrine for cybersecurity, Daedalus, 140(4): 70–92. doi: 10.1162/daed_a_00116
-
Nakashima, E. and Timberg, C. (2017) NSA officials worried about the day its potent hacking tool would get loose. Then it did, The Washington Post, https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html.
-
Paul, K. (2022) ‘Catastrophic’ cyberwar between Ukraine and Russia hasn’t happened (yet), experts say, The Guardian, https://www.theguardian.com/technology/2022/mar/09/catastrophic-cyber-war-ukraine-russia-hasnt-happened-yet-experts-say.
-
Pohle, J. and Thiel, T. (2021) Digital sovereignty, in B. Herlo, D. Irrgang and A. Unteidig, (eds) Practicing Sovereignty: Digital Involvement in Times of Crises, Bielefeld: transcript Verlag, pp 47–67.
-
Politico (2022) ‘Not the time to go poking around’: how former U.S. hackers view dealing with Russia, https://www.politico.com/news/2022/03/12/cyber-russia-hacking-security-00016598.
-
Rosenzweig, P. (2018) Congressional testimony on choosing the right cybersecurity standards, https://www.rstreet.org/commentary/congressional-testimony-paul-rosenzweig-on-choosing-the-right-cybersecurity-standards/.
-
Salamatian, L., Douzet, F., Salamatian, K. and Limonier, K. (2021) The geopolitics behind the routes data travel: a case study of Iran, Journal of Cybersecurity, 7(1). doi: 10.1093/cybsec/tyab018
-
Saltzman, I. (2013) Cyber posturing and the offense-defense balance, Contemporary Security Policy, 34(1): 40–63. doi: 10.1080/13523260.2013.771031
-
Samuelson, P.A. (1954) The pure theory of public expenditures, Review of Economics and Statistics, 36(4): 387–9. doi: 10.2307/1925895
-
Sauer, F. and Schörnig, N. (2012) Killer drones. The ‘silver bullet’ of democratic warfare?, Security Dialogue, 43(4): 363–80. doi: 10.1177/0967010612450207
-
Scott, S., Brackett, S.A., Gambrill, Y., Nettles, E. and Herr, T. (2022) Dragon tails: preserving international cybersecurity research, Atlantic Council, https://www.atlanticcouncil.org/in-depth-research-reports/report/preserving-international-cybersecurity-research/.
-
Selby, J. (2017) Data localization laws: trade barriers or legitimate responses to cybersecurity risks, or both?, International Journal of Law and Information Technology, 25(3): 213–32. doi: 10.1093/ijlit/eax010
-
Sheppard, L.R., Yayboke, E. and Ramos, C.G. (2021) Real national security concerns over data localization, CSIS Briefs July 2021, https://www.jstor.org/stable/pdf/resrep33765.pdf.
-
Silomon, J., Hansel, N. and Schwarz, F. (2022) Bug Bounties: Between New Regulations and Geopolitical Dynamics, Proceedings of the 17th International Conference on Cyber Warfare and Security, Reading: Academic Conferences International Limited, 298–305, https://papers.academic-conferences.org/index.php/iccws/article/view/21/39.
-
Singer, P. (2015) Stuxnet and its hidden lessons on the ethics of cyberweapons, Cas Western Reserve Journal of International Law, 47(1), https://scholarlycommons.law.case.edu/cgi/viewcontent.cgi?referer=&article=1009&context=jil.
-
Slayton, R. (2016) What is the cyber offense-defense balance?, International Security, 41(3): 72–109. doi: 10.1162/ISEC_a_00267
-
Smeets, M. (2022) A US history of not conducting cyberattacks, Bulletin of the Atomic Scientists, 78(4): 208–13. doi: 10.1080/00963402.2022.2087380
-
Swire, P. and Kennedy-Mayo, D. (2021) The effects of data localisation on cybersecurity, unpublished draft paper, CLPSC 2021.
-
Taddeo, M. (2019) Is cybersecurity a public good?, Minds & Machines, 29: 349–54. doi: 10.1007/s11023-019-09507-5
-
Toulas, B. (2023) Russia bans foreign messaging apps in government organizations, https://www.bleepingcomputer.com/news/security/russia-bans-foreign-messaging-apps-in-government-organizations/.
-
Valeriano, B. (2019) The myth of the cyber offense: the case for restraint, https://www.cato.org/publications/policy-analysis/myth-cyber-offense-case-restraint.
-
Vijayan, J. (2017) White House releases new charter for using, disclosing security vulnerabilities, DarkReading, https://www.darkreading.com/cyberattacks-data-breaches/white-house-releases-new-charter-for-using-disclosing-security-vulnerabilities.
-
Weber, S. (2017) Coercion in cybersecurity: what public health models reveal, Journal of Cybersecurity, 3(3): 173–83. doi: 10.1093/cybsec/tyx005
-
White, R. (2022) How the cloud saved Ukraine’s data from Russian attacks, C4ISRNET, https://www.c4isrnet.com/2022/06/22/how-the-cloud-saved-ukraines-data-from-russian-attacks/.
-
Wu, E. (2021) Sovereignty and data localization, The Cyber Project, Cambridge, MA: Belfer Center for Science and International Affairs, Harvard Kennedy School, https://www.belfercenter.org/publication/sovereigntyand-data-localization.
-
Yang, W. (2021) US-China sanctions create parallel tech universes, Deutsche Welle, https://p.dw.com/p/3yQX0.
-
Youngs, R. (2021) The EU’s strategic autonomy trap, Carnegie Endowment, https://carnegieeurope.eu/2021/03/08/eu-s-strategic-autonomy-trap-pub-83955.
Search for other papers by Mischa Hansel in
Current site
Google Scholar
Search for other papers by Jantje Silomon in
Current site
Google Scholar
Search for other papers by Emilia Neuber in
Current site
Google Scholar
| May 2022 onwards | Past Year | Past 30 Days | |
|---|---|---|---|
| Abstract Views | 6384 | 6092 | 321 |
| Full Text Views | 42 | 22 | 1 |
| PDF Downloads | 50 | 24 | 2 |
Institutional librarians can find more information about free trials here
We are a leading social science publisher
committed to making a difference.
Bristol University Press and
Policy Press
bristoluniversitypress.co.uk