Dr. Valery V. Yashchenko,
Institute of Information Security Issues,
Lomonosov Moscow State University
Internationalization of the Internet governance could be based on the principles outlined in the final documents of the World Summit on the Information Society (2003, 2005). These principles are as follows:
• Internet governance should seek to support stability and security of the Internet as a global tool and ensure legitimate management of its use through participation of all parties concerned;
• Internet governance should be diversified, transparent and democratic, with participation of governments, the private sector, civil society and international organizations; it should guarantee fair distribution of resources, facilitate access for all, ensure stable and secure operation of the Internet, and rely, among other things, on the Geneva principles. All governments should have identical tasks and obligations in the field of international Internet governance and enforcement of stability, security and continuity of service of the Internet;
• Internet governance process should be open and resilient and foster the development of positive environment for innovations, competition and investment, enhance confidence and security of using ICTs through consolidation of trust.
Implementation of decisions concerning the internationalization of Internet governance must imply the following arrangements:
• Secure, enduring and stable operation of the Internet, protection of the Internet and other ICT networks from potential adverse effects or exposure to additional risks, which requires a common interpretation of the matters of Internet security and further cooperation to facilitate broader awareness, collection and distribution of information on security matters, exchange of best practices among all parties concerned in respect of steps to combat security threats on the national and international levels;
• Fostering, development and introduction, in cooperation with all the parties concerned, of global cybersecurity culture, as stipulated by the UN GA Resolution 57/239 and other appropriate regional framework documents; intensification of international cooperation and national efforts seeking to enhance security of personal information, privacy interest and private data, as well as critical information infrastructure facilities.
The procedure of Internet governance internationalization should be based on the following fundamental provisions. Internet governance implies development and employment by the states, business entities and organizations of the civil society (performing their corresponding role) of common principles, norms, rules and procedures of arriving at decisions and implementing programs governing the evolution and use of the Internet.
Apparently, not all the functions of Internet governance are equally important for stable operation of global information infrastructure. If we proceed from the fact that basic functions of online management of the network are delivered by Internet service providers, we could start discussing the following matters as part of the confidence-building measures employment:
• Development of international regulatory management of relations in the field of Internet services;
• Setting quality standards for such services;
• Internationalization of the approval and implementation of decisions concerning the control of network stability in emergency situations caused by political or drivers or terrorism.
An important issue in this regard is to coordinate activities of non-governmental organizations entrusted with complex and high-technology functions of network management, as well as emerging international organizations whose authorities are limited, for example, to examining only the issues of maintaining stable operation of the Internet in crisis situations.
The key factors threatening the stable operation and secure use of the Internet are as follows:
• Elimination (blocking, corruption, etc.) by the Internet operators (Internet service providers) of domain name tables (DNS) that belong ot a corresponding segment of the Internet;
• Incapacitation of software (deployment of malicious codes, corruption of standard communication equipment management software, etc.) of root servers, as well as software of other servers used to provide communication services, data storage services and content-based processing of data (so-called “cloud computing”) as requested by clients of a corresponding segment of the Internet;
• Interception, elimination or modification of the content of all or some messages sent by clients of a corresponding segment of the Internet transmitted through the communication equipment located on the territory of other countries;
• Inclusion of special “vulnerabilities” in the Internet communication equipment interface protocols enabling controlled impairment of stable operation and secure use of critical information infrastructure facilities;
• Interception of data messages sent via the Internet by individuals and businesses. Apparently, internationalization of the Internet governance must be aimed at reducing the risk of threats to stable operation and secure use of the Internet. Such threats exist due to the historical uncontrolled influence of certain countries on the adoption and implementation of decisions concerning the Internet governance that are critical to the national security of the Russian Federation and many other countries, as well as due to the non-transparency of procedures employed in the adoption and implementation of such decisions.
The states could implement their functions related to the Internet governance relying on consensus decisions made by specialized international agencies and international organizations duly authorized by an applicable international agreement (universal convention), whereby such agencies and organizations would be equally represented by all the countries concerned. The capacities of the international agencies and organizations within the scope of their assigned Internet governance functions are also stipulated by the international agreement.
Bearing in mind the importance of preventing threats to international information security, the capacities of international agencies and organizations established by the concerned countries should include:
• Determination of legal status of Internet operators (Internet service providers) and the international legal responsibility of countries for securing the legal status of such operators;
• Regulation of Internet operators’ (Internet service providers’) activities involving operation of Internet root servers and other communication equipment that has an impact on the stable operation and secure use of the Internet;
• Expert audits of security of the interface protocols used by the Internet communication equipment;
• Discussion of conflicts in the area of secure operation and use of the Internet.
To discuss the matters of Internet governance that are within the scope of responsibility of business entities and to prepare proposals for the authorized agencies and organizations concerning how to address such matters, the stakeholders could use the Internet Governance Forum instituted at the World Summit on the Information Society (2003, 2005).
This article is based on a presentation delivered at the 7th Scientific conference of the International Research Consortium on Information Security, as part of the International Forum on «Partnership of state authorities, civil society and business community in ensuring international information security», held on 22-25 April 2013 in Garmisch-Partenkirchen, Germany. It is published on Digital.Report with an explicit permission from the conference organizers.