While Covid remains the most visible threat looming over the Biden Presidency, a less visible but similarly porous (and somewhat related) threat stems from cyberspace. Recent incidents such as the far-reaching SolarWinds breach and the attempted hacking of a water treatment facility near Tampa Bay Florida underscore the instability of cyberspace.
Accordingly, President Biden’s May 2021 Executive Order is blunt. ‘The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors.’
In Canada, the Communications Security Establishment reports that the federal government is the recipient of more than 1.5 Billion cyber-threats daily (most of which are harmless, though all it takes is one amorphous event). The 2018 creation of the Canadian Centre for Cyber-Security marks a notable step forward in terms of federal government readiness as well as fostering outreach with the private sector.
Provinces and municipalities are hardly immune of course. BC’s Whistler and St. John New Brunswick have both faced costly cyber-attacks in recent months, as just two examples, while reports grow of hospitals in Canada and elsewhere quietly paying ransom to hackers in order to restore critical information systems. As with most all aspects of digital governance in Canada, aside from an informal Council of public sector CIO’’s, a holistic architecture for inter-jurisdictional collaboration remains elusive.
Despite evolving actions from many quarters, the Internet is designed to be mainly open and interoperable across political borders and commercial structures. For different reasons, governments and companies may try to control small segments of Internet activity (such as India’s censoring of social media platforms or Apple’s app store regulations), but the underlying architecture remains a patchwork of interconnected servers and software systems (and pretty much an ongoing nightmare for CIO’s everywhere).
Daniel Bell, a reputable Harvard Sociologist, wrote in 1987: ‘The national state has become too small for the big problems of life, and too big for the small problems.’ To say the least, cyberspace amplifies the importance of this prescient quote, giving rise to widening digital vulnerabilities. In response to Covid, the rapid societal acceleration of societal digitization and the emergence of the hybrid workplace only layers additional risks as more of our professional and personal activity shifts online.
As the world splinters into a digital cold war between China and the west, and as new technologies such as blockchain further decentralize actions and authority, a certain degree of humility is called for with respect to the actions of any one country or company. Nevertheless, there are three facets of strengthening the governance of cyberspace that must be pursued simultaneously.
First, there is now an overarching acceptance of the need for multilateral dialogue and coordinated response. Encouragingly, the UN General Assembly adopted arguably its first-ever meaningful report on cyber-security just this year, prepared by the Open-ended working group on developments in the field of information and telecommunications in the context of international security. The report concludes that ‘there are potentially devastating security, economic, social and humanitarian consequences of malicious ICT activities on critical infrastructure (CI) and critical information infrastructure (CII) supporting essential services to the public.’ The next step is to create a formalized program of action enjoining willing member states, to begin in 2022.
Secondly, governments must prioritize open-source architectures and open standards across public and private infrastructure, shifting away from an excessive reliance on proprietary solutions that heighten dependency on secretive outsourcing. Ironically, as with the Android mobile operating system or Estonia’s releasing of source code for e-voting, the highest degree of privacy and data protection is derived through systemic transparency and collective adaptation rather than insularity.
Finally, governments must prioritize digital literacy at home, shifting beyond the rhetorical promises of digital rights and cultivating a culture of personal responsibility in the realm of cyberspace. Basic safeguards such as identity authentication and better education and tools for personal threat assessments – as well as sharing potential threats once spotted, can all make a difference. As digitization deepens, individual actions and incentives will shape the resilience of cyberspace – and our collective future.
