There are two paths of thought on the issue of Internet and ICT security at the international level. The traditional Western powers in the US, European Union, and Japan speak in terms of “cybersecurity,” the protection of data, networks, and individuals as they seek to use the global commons for the pursuit of knowledge, commerce, and creative expression. In contrast, Russia, China, and some other authoritarian states talk of “information security.” The difference is important in the context of the ongoing debates on Internet governance and the role of the multi-stakeholder approach currently in place vice a greater role for the International Telecommunications Union (ITU) or some other international body.
Presently, the only internationally agreed upon treaty directly applicable to cybersecurity is the Council of European Convention on Cybercrime also known as the Budapest Convention. The treaty focused on establishing substantive law for cybercrime offenses, procedural requirements for handling of cybercrimes, and means for international cooperation; but it is limited in scope and challenged by emerging forms of cybercrime combined with new technologies. Brazil and other non-European states, including China and Russia, although eligible to join the treaty, have objected to its European origins and claimed that a United Nations-based global treaty would be better.
For Russia, China, and other non-Western nations, cybersecurity concerns arise with the speech content of cyberspace and are often referred to as information security. China and its partners in the Shanghai Cooperation Organization offered an alternative code of conduct targeting the use of the Internet for what they deem to be efforts to undermine stability and security. This effort included an attempt at the ITU’s 2012 WCIT to give greater control over the internet to the UN body. The measure failed to achieve consensus after a lobbying effort led by the US and others.
The Internet Society, Internet Engineering Task Force (IETF), ICANN, national governments, international bodies, and private sector entities continue to discuss and debate the future of the Internet and by implication, the future international aspects of cybersecurity. It promises to be an interesting journey. Definitions and language are important in international affairs. It is important to understand that not everyone looks at the problem from the same point of view.