A preview of the PDF is not available
Net Neutrality in the Context of Cyber Warfare
Real or potential connections between infrastructure of different security levels, from relatively unprotected individual users up to interfaces with critical national infrastructure, have made cyberspace a highly contested and congested domain. But operating conditions within this domain strongly favour malicious actors over legitimate operators seeking to provide security and protect systems and information. Technical capabilities to establish dominance and cause damage in this domain are widely distributed, but legal and ethical constraints prevent legitimate actors from using them to their full potential. Within this context, net neutrality presents a limiting factor on the capability of legitimate actors to respond to harmful activity in cyberspace whose common aim is to install and uphold a technical imbalance. Under the principle of net neutrality, each data packet must be transmitted with equal priority, irrespective of its source, destination, content or purpose. This is disadvantageous to cyber defence. Comparisons to jungle or arctic warfare, where operating conditions are neutral and degrade the performance of each combatant side equally, are invalid, as malicious operators are capable of technically manipulating data traffic to their favour. While both malicious and legitimate actors may have comparable capabilities, legitimate actors are bound to legal and political restrictions, making them immobile in several cyber warfare scenarios. Transferring the principles of net neutrality to real life scenarios corresponds to depriving military, police and emergency operators from any privilege that allows them to respond to an incident – in effect, depriving them of their blue lights and emergency powers even in severe incidents targeting critical infrastructure that may threaten civilian lives. This paper investigates the potential opportunities and challenges of an adjustment to the principle of net neutrality to facilitate defensive action by legitimate actors; how this adjustment could contribute to regaining control in congested cyber domains in the case of national or international cyber incidents; and the risks associated. The different ways of dealing with net neutrality in cyber defence situations in the EU, UK and Russia are compared. Particular focus is put on the organisations and capabilities needed to establish technical sovereignty in multi-domain networks, including consideration of the acceptability of outsourcing the task of upholding cyber sovereignty to external institutions.