PROTECTING USERS OF THE CYBER COMMONS

ABSTRACT

Center for International Strategy, Technology, and Policy The Sam Nunn School of International Affairs Georgia Institute of Technology, Atlanta, Georgia

Progress in protecting users of the cyber commons, popularly called “cyberspace,” has been slow since network services became a consumer offering in the 1990s. Protection of users from abusers and malicious actors is the result of several rate-dependent processes: technical innovation, market innovation, investments in protection services and products, imposition of government mandates, and achieving international agreements on technical standards and law enforcement cooperation. Rapid technical and market innovations have had the unfortunate result of creating vulnerabilities as they add functionality, while the investments and agreements that might deliver protection operate slowly. Vulnerabilities arise from unavoidable technical errors, from lack of knowledge or carelessness by users, by management failures to invest in protection in proportion to user needs or to operate facilities and services responsibly, as well as the development of a commercial malware industry. This paper points to top-down and bottom-up processes for protecting the commons. Those implemented to date have not worked sufficiently rapidly to prevent abuses from increasing. The paper proposes a new measure, based on the idea of social networks, to deliver protection more rapidly than those paced by the slow elements of the current protection process. It is a proposal to provide protection that is intended to “grow” using the same elements that grew the cyber commons: bottom-up user initiative within a framework of top- down decisions and mandates.