The internet under attack

5 min read Original article ↗

Summary

  • Many aspects of modern conflict are defined by the internet and digital technologies. The concept of resilience is essential to understanding the complex web of incentives, interests and dependencies that determine how the internet and these technologies work – and, often, do not work – in conflict and crisis situations.
  • This research paper distinguishes between two types of resilience – technical and sociopolitical. Technical resilience focuses primarily on technological systems constituting the internet, while sociopolitical resilience refers to the human networks and groups that both maintain those technological systems and ensure they are available to use. Considering how these two types of resilience interact helps develop a deeper understanding of how different actors use the internet and digital technologies in complex scenarios, from invasions to military takeovers. The value of distinguishing between types of resilience applies especially when assessing the roles of the private sector; these roles are rewritten, enabled and constrained by a range of incentives and pressures unique to commercially driven actors.
  • The paper is built on two case studies, with almost opposing characteristics in key areas such as internet infrastructure, conflict dynamics and policy priorities. The first discusses events before, during and after the Western coalition’s withdrawal from Afghanistan in August 2021. The second examines internet resilience before and during Russia’s full-scale invasion of Ukraine in February 2022. Each is a powerful demonstration of how internet resilience is crafted, contested and reconstituted in unstable situations, and of the interplay between global and local internet resilience – where decisions adopted by actors operating at the local level have global implications, and vice versa. Both case studies highlight the varied roles the private sector plays when it withdraws from and steps into these settings.
  • These case studies make clear that technical and sociopolitical resilience are inextricably linked, particularly when it comes to the reaction of people and organizations to disruption. The distinction between resilience types raises questions such as: how agile are the responses of various individuals and their communities to recovering data and replacing lost connections? What are the processes and mechanisms in place for doing so, and how effective are they? As the case studies demonstrate, interdependence between the technical and sociopolitical is amplified in conflict and crisis settings.
  • The resilience of the internet is fundamentally implicated with that of individuals, organizations and even countries. Adversaries incorporate resilience thinking into their offensive tactics as much as defenders incorporate it into theirs. The most visible manifestation of this idea is the rise in cyberattacks to accompany – and, in some cases, exacerbate – conventional military attacks on critical infrastructure. But threats to, and drivers of, internet resilience extend far beyond cyber defence to involve everything from the people, processes and measures involved in the technical repair of damaged cables to the measures adopted by civil society groups to weather or circumvent internet shutdowns.
  • Afghanistan and Ukraine also show that the private sector plays crucial and rapidly evolving roles in maintaining internet resilience in conflict and crisis. These roles are also highly dependent on context. The private sector is not a monolith; even a single entity can often occupy multiple, sometimes even contradictory, roles. To better delineate, untangle and identify those roles, this research paper concludes by proposing a typology of four main role categories:
    • Providers that supply and maintain parts of internet infrastructure at distinct or multiple layers of the stack (e.g. a telecommunications company supplying hardware such as cables or providing satellite internet services);
    • Shapers that seek to impact policies, strategies and processes concerning internet resilience on the national or international levels (e.g. a major technology company active in the multi-stakeholder community, sharing input in UN-level meetings on cyber governance);
    • Entrepreneurs that innovate technologies at distinct or multiple levels of the stack, with direct bearing on resilience (e.g. a hardware- or software-focused quantum computing and communications company); and
    • Challengers that provide enabling technology, resources or personnel to challenge internet resilience (e.g. a commercial hacking company contracted by an intelligence or military agency to mount cyberattacks targeting internet infrastructure).
  • This paper seeks to challenge existing approaches to resilience and apply a new approach to its case studies, merging the technical and sociopolitical dimensions of resilience and considering the interplay between them. For private sector stakeholders (for example, those involved in the provision of connectivity), the paper seeks to present novel characterizations of their own complex roles in resilience, thereby encouraging more comprehensive mapping of their web of interests and incentives in providing, maintaining or even damaging both types of internet resilience. For public sector and policymaking stakeholders (for example, those involved in developing and shaping a strategic approach to engagement in international conflicts), the paper carries lessons, best practices and, in some cases, cautionary tales for providing resilience and for their engagement with private sector stakeholders – whether through procurement of services, information-sharing or in consultation.