Applying “Human Security” To Cyber Security

In 2011, cyber warfare (together with nuclear proliferation and terrorism) had entered top 3 security issues discussed by Global Economic Symposium panelists at “Identifying and Preventing Future Security Threats” panel.

Why cyber security matters?

Electron is the ultimate precision weapon – properly controlled and directed it destroys the proper function of civil and military entities imposing tremendous economic and security cost without directly harming innocent bystanders,

John C. Deutch, former CIA director, who was at the panel together with other high-ranking policy makers, had repeated and developed his famous quote.

Choosing a proper approach towards cyber security, however, isn’t such an easy and poetic task. The main reasons of its complexity are the following:

1. De-centralized nature of cyber attacks. They are hard to trace and attribute. The same weapon could be used against multiple targets. The attack can be triggered by a single person. Not only state actors can trigger attacks but also non-state actors. Even if we consider electrons (or rather a data packet) to be precision weapons, it can belong to virtually everyone.

2. Understanding of the cyberspace. Some very bizarre quotes by policy makers make believe that the cyber security is not just an issue of cyber attacks that threaten the security. As I wrote earlier today, all cyber-issues need a much better popularization and broader understanding.

3. Freedom of Speech issues. Recently proposed ‘cyber security code of conduct’ was proposed by the authoritarian governments with no or little press freedom. The vague definitions of the document not only promote the fragmentation of the cyberspace but also potentially help the authoritarian governments spread their attempts to curb free online speech abroad. Cyber crimes are very often misused for imposing stricter regulations, however, what the regulation actually does is reducing the liberties of regular users without affecting cyber criminals. Plus, let’s not forget the truism “One man’s riot is another man’s revolution” that proved to be so true during the Arab Spring.

Recognition of these issues should build a comprehensive framework of decision-making in the policy field. One of the proposed solutions was to use a UN-based code of conduct for dealing with cyber security. This doesn’t seem to me as a good idea.

Human security concept applied to the cyber space

Much better idea, to my mind, is the application of the “Human security” approach, expressed by Sean Cleary, Chairman of Strategic Concepts and a renowned South African diplomat.

The concept of ‘human security’ as opposed to ‘national security’ understands security in much broader terms:

Recognition of the dependence on the human species, and, more acutely, of communities within it, on the workings of the planetary (and cosmic) ecosystem in which we are embedded is essential for security.

This approach would be extremely helpful in combatting Denial-of-Service attacks (attacks caused by networks of infected computers). DDOS attacks affect everyone – national governments in times of international conflicts, business companies, election sites during election campaigns (a case for democratic countries, by the way), civil society organizations, etc. It is a common, distributed, global threat for all the stakeholders.

Therefore a global response is needed to investigate, dissolve botnets (networks of infected computers), and finally prosecute their creators.