Recently, the network research and analytics company Renesys tried to assess how hard it would be to take the world offline. They assessed disconnection risk based on the number of national service providers in every country, finding that 61 countries are at severe risk for disconnection, with another 72 at significant risk. That makes 133 countries where network control is so centralized that the Internet could be turned off with not much more than a phone call.
It seems our global Internet is not so global.
But as worrying as these threats are, at least they have all been civilian, rather than military, attempts to exert control over the web. This won't be the case for long: Governments around the world are sounding alarms about the existential threat posed by cyberwar. From hostile foreign regimes to lawless nonstate actors, the threat of attacks on critical infrastructure to the theft of state secrets, the danger of economic warfare to corporate espionage, not a day goes by when cybersecurity is not in the news.
In response, governments around the world are devoting significant financial, military, and personnel resources to developing frameworks for cybersecurity and cyberconflict. Cyberspace is no longer the independent space of the cyberlibertarians; it is now a military domain. And when a freewheeling place like the Internet militarizes, the Internet's laissez-faire culture of privacy, anonymity, and free expression inevitably comes into conflict with military priorities of security and protocol.
In the United States, the Pentagon has been tasked with the development of rules of engagement for cyberconflict. Just last week on Feb. 12, President Barack Obama issued a long-awaited executive order on cybersecurity and used his State of the Union address to call for new bipartisan legislation on the issue, emphasizing the need to protect U.S. critical infrastructure. The very next day, Rep. Mike Rogers (R-Mich.) and Rep. Dutch Ruppersberger (D-Md.) reintroduced CISPA, the Cyber Intelligence Sharing and Protection Act -- a bill reviled by the privacy and civil liberties community for its lack of credible privacy protections and provisions for warrantless information-sharing.
Make no mistake, cyberhostilities are on the increase. Every day around the world, critical systems come under attack, whether from petty cybercriminals or coordinated state efforts. From Stuxnet, which set back Iran's nuclear efforts, to Shamoon, which destroyed the control systems of oil giant Saudi Aramco, to the recent compromise of the Washington Post, New York Times, Twitter, and Facebook, we're witnessing large-scale attempts to penetrate and interfere with both private and public systems.
Many cybersecurity experts, however, disagree on how to best tackle the threats at hand. Many dismiss proposals such as public-private data exchanges, arguing that such solutions erode civil liberties while failing to address critical problems. Others argue that reducing cyberconflict is best achieved through embracing the values of an open Internet: creating transparent norms, such as establishing clear red lines, common terminology, and mutual confidence-building measures. But the most influential voices remain those arguing for greater militarization: investing in the development of strategic exploits or offensive capacity that double down on the idea of the Internet as a domain subject to dominance by state actors.
Nearly 365 years ago, those hundred-plus princes and diplomats came together to end war -- and in the process, created borders. The Internet broke those borders down, advancing the cause of fundamental rights, free expression, and shared humanity in all its messy glory. Now, to stifle political dissent and in the name of defending national security, governments are putting those borders back up -- and in doing so, they're dragging the Internet into ancient history.