The United States plans to take control over the planet's cyberspace.
Author: Talib Aliyev, analyst, especially for Sangar
By concentrating on conflicts and problems of the real world, the struggle taking place in the virtual space escapes the attention of the general public.
It's no secret that information networks have become the same place of confrontation as the real battlefield: cyber-attacks on government authorities, theft of personal data, spam, website hacking, spyware, etc. have become yet another threat to our time.
Cybersecurity issues have become even more pressing since the outbreak of the conflict in Ukraine. According to Kaspersky Lab, in 2022 the number of attacks against Russia increased by 60–70% compared to 2021. The main reason was the emergence of an army of politically motivated hackers who do not have special technical skills but are eager to cause any possible damage to organizations.
Therefore, protection against threats from cyberspace becomes a very important issue for each state, and control over the national information space is equated with issues of maintaining one’s own sovereignty and independence.
The problem of international cooperation in repelling cyber-attacks is being raised today at the international level.
Understanding the full potential of control over global cyberspace, the United States is promoting its concept of international cooperation in the field of information security.
This concept is based on the creation in countries of computer teams to respond to emergencies and computer incidents, which would be formed on the basis of the US-controlled IT associations CERT and FIRST.
The principle of operation of these groups is simple: in the event of a computer attack on the information resources of any state, authorized bodies can contact the national CERT of another state with a request to stop this attack, which originates from its national information space.
But CERT is a trademark owned by the American Carnegie Mellon University. And without the permission of this University, it is impossible to create a cybersecurity group on the territory within this network. Thus, without the blessing of the United States, no global interaction will be organized in the event of an information attack on any state.
It is noteworthy that Carnegie Mellon University is known for its close ties with the US National Security Agency, the US Department of Defense Research and Development Agency, and the United States Department of Homeland Security.
There is another option. An analogue of CERT, the European CSIRT network, which was also created not by national authorized institutions, but by universities and large IT companies. The CSIRT launched an international forum for incident response and security teams, FIRST.
Cyber incident response teams from various countries in this forum included: US Air Force, US Department of Defense, US Defense Research Agency, UK and German Government Agencies. But Russia was recently excluded from FIRST.
The United States is offering a similar architecture for international cyber security to the world. The extent to which states will be able to maintain their digital and information sovereignty within its framework and whether they are ready to entrust their cybersecurity to US private IT companies and military and paramilitary structures remains in question.
The other side of the issue may be political. Modernity shows how quickly one state can turn from a friend of the United States into its enemy. And then what should this country do when its entire information data system is under American control?
But it is also impossible to exist without an international cybersecurity system. Is there an alternative?
Another option for possible international cooperation in eliminating cyber threats was proposed by Russia. At the Russian initiative, the UN Open-Ended Working Group (OEWG) on security of and in the use of information and communication technologies (ICT), was created within the UN. Today, this platform is the only negotiating mechanism on international information security recognized by the UN.
As part of this initiative, the Russian side proposes the creation of national contact points under the auspices of each state and their inclusion in the general register.
The principle of operation of these contact points is similar to the CERT principle, but interaction will be carried out not by US-accredited information security groups, but by national authorized bodies controlled by each state - contact points. Moreover, all cooperation will be carried out under the auspices of the UN.
In addition, as part of the interaction of contact points, the causes of computer incidents will be clarified, computer attacks will be studied, their sources will be identified, and conflicts will be prevented in the information space.
In essence, each country maintains so-called information sovereignty, develops a structure for ensuring information and cyber security under state control, and also organizes a structure for international cooperation to counter information and cyberattacks.