Conference PaperPDF Available

Net Neutrality in the Context of Cyber Warfare

Authors:
  • Conflict Studies Research Centre
  • Conflict Studies Research Centre

Abstract

Real or potential connections between infrastructure of different security levels, from relatively unprotected individual users up to interfaces with critical national infrastructure, have made cyberspace a highly contested and congested domain. But operating conditions within this domain strongly favour malicious actors over legitimate operators seeking to provide security and protect systems and information. Technical capabilities to establish dominance and cause damage in this domain are widely distributed, but legal and ethical constraints prevent legitimate actors from using them to their full potential. Within this context, net neutrality presents a limiting factor on the capability of legitimate actors to respond to harmful activity in cyberspace whose common aim is to install and uphold a technical imbalance. Under the principle of net neutrality, each data packet must be transmitted with equal priority, irrespective of its source, destination, content or purpose. This is disadvantageous to cyber defence. Comparisons to jungle or arctic warfare, where operating conditions are neutral and degrade the performance of each combatant side equally, are invalid, as malicious operators are capable of technically manipulating data traffic to their favour. While both malicious and legitimate actors may have comparable capabilities, legitimate actors are bound to legal and political restrictions, making them immobile in several cyber warfare scenarios. Transferring the principles of net neutrality to real life scenarios corresponds to depriving military, police and emergency operators from any privilege that allows them to respond to an incident – in effect, depriving them of their blue lights and emergency powers even in severe incidents targeting critical infrastructure that may threaten civilian lives. This paper investigates the potential opportunities and challenges of an adjustment to the principle of net neutrality to facilitate defensive action by legitimate actors; how this adjustment could contribute to regaining control in congested cyber domains in the case of national or international cyber incidents; and the risks associated. The different ways of dealing with net neutrality in cyber defence situations in the EU, UK and Russia are compared. Particular focus is put on the organisations and capabilities needed to establish technical sovereignty in multi-domain networks, including consideration of the acceptability of outsourcing the task of upholding cyber sovereignty to external institutions.
A preview of the PDF is not available
... In literature we find both papers that are in favour of NN, e.g. [7] and offer criticism [8,9,10]. Schulzrinne [8] reasonably argues that NN is not about packet treatment but about money. ...
... The paper [9] argues that it is time to extend the NN discussion to cover the whole Internet value chain including such new elements as Content Distribution Networks or search engines. Discussing cyber security, a paper [10] demonstrates that "Net neutrality protects both ordinary users and actors with hostile intent". Discussing regulation, V. Cerf ends his paper [11] with "Social and legal norms may be the means by which we achieve collaborative intervention against harmful behaviors on the Internet. ...
Conference Paper
Full-text available
EU has adopted a law on Net Neutrality (NN) ruling that Internet access providers should treat all traffic equally irrespective of sender, receiver, content, service, application or device in use. The 5G community is developing a network that can be tailored to a use case, meaning that it intends to treat traffic differently for each use case. Tailoring can be at least in terms of traffic management, allocated types and amount of resources, redundancy, particular forms of security etc. Moreover, 5G network uses network function virtualization, i.e. cloud technology is applied to run the network itself while the law on NN does not mention the concept of the cloud. The interpretation is that if a cloud platform is owned by the Internet access provider, the cloud is just a part of the network and under the NN regulation. At the same time if a cloud-based computer is owned by a cloud or content provider, it is a terminal and thus not regulated. 5G introduces the idea of edge computing (EC) that can use virtualization and allows special treatment for some applications or services. So, in addition to just transmitting packets, 5G can process them in the "compute" elements. This paper explores how significant is this controversy between the new concepts of networking in 5G and the EU regulation and what is its possible impact on the network providers. The paper studies to what extent and how the 5G ideas can be applied under the EU law and whether something should be done about the law and in particular the Guidelines that have been published by the Body of European Regulators for Electronic Communications (BEREC) to clarify the implementation of the law. Finally, we discuss the possible impact of the law on industry structure.
... A sua condição de neutralidade não se encontra pacificada, como também não está a questão da neutralidade das partes, os Estados de origem e destino, os proprietários e, eventualmente, os atores envolvidos na cadeia (pipeline), a partir desse mesmo tipo de infraestrutura. Parte da literatura, quando voltada para a guerra cibernética, aponta os riscos de que as estruturas de defesa dos Estados possam se mobilizar em benefício da preparação para ações de mitigação e de defesa cibernética(Hartmann & Giles, 2018). Contudo, diferentemente do século XIX, os volumes de dados privados ultrapassam sobremaneira os dados estatais trocados, inclusive quando comparados aos satélites, facto que cria condições particulares e desafiadoras para a gestão do sistema internacional. ...
Article
Full-text available
Introdução Os cabos submarinos de comunicação podem ser considerados das interfaces mais estáveis entre continentes nos dois últimos séculos, uma vez que constituem um nódulo físico de ligação entre dois pontos distanciados pelo mar. No entanto, estes cabos têm sido também objeto de disputa velada e ostensiva entre nações em potencial conflito ou como instrumentos de guerra. Ainda que não exista uma abordagem dominante sobre as condições do direito internacional para o seu enquadramento, aparecendo de forma lateral na literatura de Relações Internacionais, o tema atravessa domínios como o direito na guerra, a segurança marítima e a cibersegurança de modo tão abrangente quanto único. O mapeamento destas questões no eixo do oceano Atlântico permite observar, além das vulnerabilidades à segurança, os ativos presentes que comportam um sistema confiável de relações transatlânticas. Este policy brief aborda o tema dos cabos submarinos e as suas repercussões para o Atlântico, relacionando a natureza desse tipo de ligação entre Estados com os riscos para a segurança cibernética e internacional.
... Different sources (e.g. [79,80]) mention that the Russian government has tight control over the Internet, monitoring traffic and blocking websites and services. A 2017 article [81] mentions that close to 1,200 websites had been blocked since 2014. ...
Article
Full-text available
The principle of Network Neutrality (NN) has been debated around the world for nearly two decades. NN states that all traffic in the Internet must be treated equally, regardless of content, origin and/or destination. The main motivation for this principle is to protect fair competition, innovation, and ensure freedom of choice for consumers. The global debate revolves around whether NN should be enforced through regulations or not, as well as the potential impact of such regulations – or lack thereof – on the telecommunications market. In this context, multiple governments worldwide have already implemented NN regulations. In this work, we give an overview of NN regulations in 50 countries across five continents. We first give a brief introduction to the NN global debate. Then, we describe some of the main aspects related to the regulatory process of each country/region. Finally, we compare the different regulations according to common and divergent features identified.
... In academic research, risk is discussed as threats and controls. Qualitative methods are used to present scenarios (or stories) to describe how a myriad of technologies could lead to risks, such as self-driving cars (Johnsen et al. 2017), artificial intelligence (Meek et al. 2016), decision support systems (Altman, Wood and Vayena 2018), net neutrality (Hartmann and Giles 2018), and privacy (Ahmad et al. 2016). Often they identify means or approaches to controls. ...
Conference Paper
Organizations are responsible for implementing due care, or controls for risk, by calculating the likelihood multiplied by the impact for high-risk threats. Organizations cover their own risk expenditures and they do this independently. However, this may be myopic. We investigate a societal perspective by calculating risk via three models: an individual, organizational and societal view of security at a high level for two issues: ransomware and mobile privacy. For these two issues, we consider fault, responsibility, interdependency and ethics. By considering a more societal and interdependent solution, new or better solutions arise.
Article
Full-text available
Over the last decades cybersecurity has become a cornerstone of European digital development. Alongside with the diffusion of information and communication technologies and the deepening (as well as widening) of the European Union, the initial narrow and sectoral data security policies have expanded into a comprehensive cybersecurity framework addressing issues from resilient infrastructure and technological sovereignty, through tackling cybercrime, to cyber defence capabilities and responsible state behaviour in cyberspace. In this complex web of interrelated policies a relative newcomer at the European Union (EU) level is cyber diplomacy. Sometimes also called public diplomacy 2.0, it factors into the cross-border connectivity of cyberspace and reflects a shift in international relations where the lines between external and internal policies, military and civilian domains are blurred. However, the term cyber diplomacy is fluid and it is not well understood which topics should be under its “umbrella”, in particular in relation to cybersecurity, where it seems to be linked the most. This article aims to map existing and proposed instruments that make up the EU’s arsenal in this broad context to answer the following questions: what is cyber diplomacy and how is it related to the EU cybersecurity? Is cyber diplomacy in the EU becoming something in its own right as a distinct set of tools to secure the EU policy objectives?
Article
The term Internet Neutrality was coined at the beginning of this century [1]–[3]. It means that all Internet traffic be treated equally without differentiation and regardless of its origin, destination, and content. Regulating the Internet to mandate neutrality became the subject of a global debate. This debate is focused on traffic differentiation practices. It involves users' access rights, the rights of Internet Service Providers (ISPs) to have network management policies, and other issues.
Threats to virtual environments
  • Candid Wueest
Candid Wueest, 'Threats to virtual environments', Symantec Security Response, August 12, 2014;