Internet should be prepared for 'militarisation': UK ministry report

A recently published report on potential scenarios of cyber-conflict, The Global Cyber-Game, says it is inevitable that the internet will be "militarised" -- used to serve the needs of military conflict between nations -- and that ICT will increasingly be both an important means and a target of such conflict.

Published as the result of a lengthy study by the UK's Defence Academy -- the educational and academic liaison unit of the Ministry of Defence -- the report calls for the internet to be significantly "hardened" from a security perspective, in order to avoid adverse effects for all its users.

There is also a strong warning to governments that in their eagerness to use information technology as a weapon of war against other nations, they should avoid creating malware that will "proliferate" and cause wider harm.

Rising alarm

Transparency is a likely part of any scenario of digitally mediated conflict or competition, the academy says. During the current period of "rising alarm" over possible cyber-warfare, "information transparency is likely to be a persistent reality," it says. "All strategy and policy should be made as if it will become public."

The report attempts to systematise interactions between nations, and between other actors such as hackers (in both the neutral and pejorative sense), organised crime and civil society.

The template for this is what the academy calls the "Cyber Gameboard" -- a 3 x 3 matrix of squares. One dimension is information-related, considering hardware infrastructure (connection) software (computation) and the knowledge it produces and influences in the human mind (cognition).

On the other dimension the three divisions represent modes of interaction -- conflict, cooption and cooperation. Cooperation has been the staple of the internet as it has grown, but there is an increasing atmosphere of cooption -- "the ability to draw customers into dependence on successful information platforms. This puts a few very large information companies such as Microsoft, Apple, Google, IBM, Cisco, Juniper, Huawei, etc. in very powerful positions."

On the basis of this board, the report attempts to model such incidents as the presumed US-Israeli Stuxnet attack on Iranian nuclear centrifuges and China's exercise of its "cyberpower" -- including the suspicions surrounding Huawei's connections with the Chinese government and intelligence agencies. It admits, however, that information on such incidents is far from complete and unambiguous.

"Balkanised"

There is a growing risk that the internet will be "Balkanised" -- divided into national islands operating according to government dictates, the report says.

This will be done in the name of national security and the protection of sovereignty, but risks imperilling the further progress of the major benefit that the internet has brought -- that expert knowledge from any part of the world can be readily acquired and a variety of opinions deriving from different philosophical and political bases brought to bear on a question.

Better decisions

One of the primary impacts of the internet is a global increase in the quality of decision-making because of the ease with which experts on any topic can be located and consulted. This applies equally to academic collaborations, business decisions, policy deliberations, and personal life. Though hard to quantify precisely, "the long- term impact of generally better decision-making at every level due to the ability to source expertise from anywhere in the world on an as-needed basic cannot be overstated," the academy says.

Increasing traffic

Internet traffic growth is accelerating exponentially, and according to Cisco was up 42 percent in 2011. Cisco estimates that internet traffic could grow from its 2011 level of about 300 exabytes a year to about 1300 exabytes (million terabytes) a year by 2016.

"Unfortunately the internet was not designed with the expectation of current or expected traffic levels, or security threats, and has a number of known, and no doubt unknown, vulnerabilities that make it potentially liable to sustained catastrophic outage."

The report in its entirety (110 pages plus 10 pages of bibliography and references) can be read at www.da.mod.uk/publications/.../20130508-Cyber_report_final_U.pdf