August 22, 2013

Wither the Waterworks?

In June and July, I posted a flurry of blog entries related to the Snowden revelations.  Common across all of those posts were my concerns about the potential Balkanization of the Internet.

Last week’s report from Reuters (and others) that China's Ministry of Public Security and a cabinet-level research center are preparing to investigate IBM Corp, Oracle Corp and EMC Corp over security issues, is one early indicator of potential fragmentation. 

And this is not (just) about politics.  Unlike the U.S. “national security” blackballing of companies like China-based Huawei - without a shred of proof of any compromise of the company, by any government - thanks to Snowden, China (and everyone else on the planet) has dead-bang proof that the U.S. Government has compromised major American-based ICT companies to facilitate its espionage activities.

Indeed, the Reuters report squarely echoed the concerns I expressed back in June and July: “Some experts have warned that Snowden's leaks could hurt the sales of U.S. technology companies in Asia and Europe, as reports of their complicity with NSA spying programs may lead foreign businesses and governments to purchase equipment and services from non-U.S. suppliers.”

The same day the Reuters report ran, August 16, Foreign Policy ran a piece titled “Can a Country Dodge the NSA by Rebuilding Its Internet?,” which offers yet further indication of the fracturing of the Internet and the globalized ICT industry that I worried about in June and July. 

The Foreign Policy article reported on announcements from the Brazilian Government that Brazil intends to “build from scratch key parts of the country's web infrastructure that the country's leaders fear have been deeply infiltrated by the NSA.”  According to the article, Brazil plans to launch a new geostationary satellite and to lay fresh underwater fiber to carry data from Brazil to Africa and Europe to ensure the “sovereignty” of its communications.

Can’t say I blame them.

But it’s an iffy proposition in terms of somehow better securing networks and data.

And motives get muddy when money’s involved – building out alternative networks means big business for someone and if there is a corollary sentiment to build and buy local, then initiatives launched for national security reasons, however legitimate, might morph into trade distorting or protectionist activities, in no-one’s long term interest.

Look, to some extent, Snowden has done us all a favor.

Up until a couple of months ago, the global cyber security conversation had been dominated by U.S. Government fear-mongering at home and haranguing abroad.  Now we know why.  Now we also know that everything in every communications network is vulnerable to compromise.  Now we can have a rational conversation.

Now is not the time to hunker down within our respective borders and regions and mount inefficient industrial policies that will undermine the very benefits of globalization that have spurred the information and information technology revolutions over the last two decades.

No, now is the time for a real dialogue and real – non-political - solutions.

As significant as are the challenges we all face globally in terms of network security and data integrity, there are analogies and models related to past network and security-oriented challenges that can both inform and calm the process towards finding solutions. 

Think about it: Throughout history, civilization has experienced the development of common utility-oriented infrastructures which better the lives of mankind, just as the Internet has done.

A fitting example might be the evolution from the ancient aqueducts of Rome to today’s modern water management and distribution systems.

A modern community water supply network typically includes elements ranging from water collection points to water purification and storage facilities to pumping stations and a pipe network for distribution of water to consumers.

Such systems ensure the efficient access to and distribution of water, as regulated by industry and government to ensure quality and quality of service.

There are companies that build the pipes and related infrastructure to support such networks, others that manage the purification, storage and delivery and provisioning of water-related services.  Governments, in collaboration with industry, and representing the interests of the general public, have set and regulate standards to ensure ubiquity, interoperability and safety of water supplies.

The advantages of scale – in terms of economies and appropriately governed quality and safety – are obvious.

The analogy to today’s Internet is clear:

There are companies that build the equipment that serve as the backbone of information sharing and storage, others that manage such equipment and provide information-related services to consumers.  Governments, in collaboration with industry, have a role in ensuring the integrity and protection of data.

Yes, as we are all aware, the Snowden revelations have introduced a crisis of confidence in terms of the role of Governments. 

But imagine, in the context of water systems, a similar mass crisis of confidence, hysterical concern about holes drilled in community water system pipes, or tapped or contaminated reservoirs.

Imagine individuals en masse abandoning the efficiency and quality of established community water services, turning their backs on networks, drilling their own wells, risking purity, quality of service, drought, and related societal fragmentation.

Now consider again the analogy to the global Internet.

There are very real concerns emerging related to the security and integrity of information networks and the data that flows through them. Indeed, such concerns have reached a fever pitch: We hear daily of the very real tapping of the “the pipes” and the siphoning from “the reservoirs”.  And we very rightly fear the poisoning of either.

The Internet has been and maintains the promise of being a boon to mankind.

Fragmenting the Internet is in no-one’s best interest.  Drilling regional or national “wells” and relying solely on local “clouds” has the potential to undermine the very globally-distributed Internet-related benefits that we seek to protect – the free and open sharing of information and the efficiencies and economic benefits that come with worldwide and interdependent networks.

The recent revelations of government compromising of networks and data have effectively demonstrated that our global ICT systems are vulnerable and cyber concerns real.  The cards are all on the table.  

Now is the time for a public-private dialogue and concerted effort to better secure our networks and data according to common and global norms and standards and rules of behavior.  Now is the time for a rational discussion of our global and mutual concerns, and of the need for real and effective solutions to address them.