I am particularly interested in how states and other powerful entities interact in this environment: what they want, and how they go about getting it. Influential actors jostle in global information infrastructures for power, profit and prestige, much as they have always done in other contexts.
This is the bread and butter of International Relations scholars like me. What often surprises people, including other academics, is that what they perceive as technical computer security has a political dimension at all, let alone one that spans continents and divides nations. Some examples from my own work help make this point explicit. My research is often set against the background of shifting international order, of which Brexit is one example. One recent project explored the impact of Brexit on UK cybersecurity.
We reasoned in an article last summer that Brexit would degrade the UK’s ability to share intelligence on cyber threats and to police cybercrime effectively. Absent a deal to the contrary, Brexit will seriously impact upon existing transnational arrangements, such as with Europol, that allow EU-UK cooperation on these critical issues. Subsequent discussions in London and Brussels have shown our concerns to be well-founded.
In another ongoing research area, the UK has been dragged into an argument between the US and China over Huawei. Whilst some of the discussion has been about the technical cybersecurity of Huawei telecoms products, the real disagreement is about which country should shape 21st-century global order. The UK would rather not choose between the US and China because, after Brexit, it needs all the friends it can get. Each of the superpowers offers support and investment options it can no longer get from the European Union.
Ultimately, though, it will choose the US. How it then negotiates its future relationship with an annoyed China is an open question. This signals again that cybersecurity is frequently a diplomatic issue. The UK, through the Foreign, Commonwealth and Development Office, is an important voice in global discussions about how states should behave in ‘cyberspace’. However, this quest for ‘cyber norms’ is long and tortuous. It is also unresolved, not least in respect of differing visions of what the internet is for and who should govern it.
One related global policy issue is how and whether so-called ‘cyberweapons’ should be used in inter-state conflicts. My research suggests that ‘offensive cyber capabilities’, as they are better framed, are hard to regulate but we should try anyway. Through an Economic and Social Research Council grant, the KCL Cyber Security Research Group is researching how these capabilities fit within UK military doctrine and strategy and might serve the UK’s national interests.
There is a lot more to say about cybersecurity and its role in national and international politics. My research draws attention to these dynamics and, by directly engaging with stakeholders, hopes to shape cybersecurity policy and practice at home and abroad.
By Dr Tim Stevens, senior lecturer in Global Security, King’s College London and head of the KCL Cyber Security Research Group.
This article was originally published in UK in a changing Europe