New research | Core concerns: The need for a governance framework to protect global Internet infrastructure
18 Jan 2024

New research | Core concerns: The need for a governance framework to protect global Internet infrastructure

Research

Article by Dennis Broeders and Arun Sukumar in Policy & Internet, on how norms and international law are still ill-equipped to regulate damaging cyber operations, given unsettled questions regarding the sovereignty of states over global Internet infrastructure, and the precise scope of their existing international obligations towards its protection.

Read the article here in Policy & Internet.

Abstract

The war in Ukraine has underscored the risks and threats to global Internet infrastructure from geopolitically motivated cyber operations. The Domain Name System and core protocols responsible for the routing, forwarding, and security of Internet traffic have been exploited by actors in Russia and Ukraine for denial-of-service attacks, surveillance, and censorship. Additionally, states have tried to compel organisations that maintain and govern such infrastructure to cut Russia off from the Internet. These cyber operations and sanctions targeting the ‘public core of the internet’ have serious transboundary effects, and threaten the stability and functionality of the Internet. Most such attacks appear, at the time of writing, to have been buffeted by the internet's resilience, but there is equally the risk that the Ukraine war becomes a permissive, norm-constitutive moment for similar operations in the future targeting its core physical, institutional and logical infrastructure. The technical community, a growing number of states and other stakeholders have been arguing for the protection of the ‘public core’ of the internet for nearly a decade, anchoring the concept in policy, multistakeholder and diplomatic fora and documents. This paper, while noting that states increasingly acknowledge the need to protect the public core of the internet, argues that norms and international law are still ill-equipped to regulate damaging cyber operations, given unsettled questions regarding the sovereignty of states over global Internet infrastructure, and the precise scope of their existing international obligations towards its protection.

News

Archive