The UK in a Changing Europe’s Academic in the Spotlight series has been created to highlight the important work being done by social scientists and why more people should be aware of it.
Our fifth Academic in the Spotlight is Dr Tim Stevens, senior lecturer in Global Security at King’s College London.
The Covid-19 pandemic highlights many aspects of society and the economy that have hitherto largely escaped public scrutiny. One is the importance of broadband for enabling remote working, entertainment and communication with friends, family and service-providers.
While many of us have been frustrated by poor broadband speeds – or no broadband at all – the UK overall has maintained generally stable access to the internet to sustain our livelihoods and well-being.
It remains under-appreciated how this digital infrastructure is secured against accidental failure and the deliberate meddling of hostile actors.
This is the realm of cybersecurity, defined by the UK government as the protection from unauthorised access, harm or misuse of internet-connected systems, the data they carry and the services they enable.
This is partly the responsibility of technical experts: the programmers, engineers and administrators that keep these networks running every day. It is also, however, much more than that.
When I became interested in cybersecurity in the late 2000s, I was struck by its rapid emergence as a field of public policy. Seemingly overnight, cybersecurity was elevated from an obscure technical concern to a high-level governmental issue.
Moreover, because the internet does not map conventionally to national borders, nor do efforts to secure it. Its concerns and effects extend from the individual user (you and me) to the chamber of the UN Security Council.
We are all ensnared in a matrix of diverse actors – firms, civil society, militaries, intelligence agencies, hackers, criminals – with their own ambitions and motivations, sometimes complementary but often conflicting.
Even ten years ago, people discussed the internet as a place apart – the cyberspace of The Matrix, perhaps. Given our contemporary digital entanglements, this vision is no longer sustainable: it is an integral part of both the mundane and the extraordinary, of the low and high politics of global life.
In short, the warp and weft of cybersecurity writ large is the stuff of politics national and international. This is what makes it so fascinating.
I am particularly interested in how states and other powerful entities interact in this environment: what they want, and how they go about getting it. Influential actors jostle in global information infrastructures for power, profit and prestige, much as they have always done in other contexts.
This is the bread and butter of International Relations scholars like me. What often surprises people, including other academics, is that what they perceive as technical computer security has a political dimension at all, let alone one that spans continents and divides nations.
Some examples from my own work help make this point explicit.
My research is often set against the background of shifting international order, of which Brexit is one example. One recent project explored the impact of Brexit on UK cybersecurity.
We reasoned in an article last summer that Brexit would degrade the UK’s ability to share intelligence on cyber threats and to police cybercrime effectively. Absent a deal to the contrary, Brexit will seriously impact upon existing transnational arrangements, such as with Europol, that allow EU-UK cooperation on these critical issues. Subsequent discussions in London and Brussels have shown our concerns to be well-founded.
In another ongoing research area, the UK has been dragged into an argument between the US and China over Huawei. Whilst some of the discussion has been about the technical cybersecurity of Huawei telecoms products, the real disagreement is about which country should shape 21st-century global order.
The UK would rather not choose between the US and China because, after Brexit, it needs all the friends it can get. Each of the superpowers offers support and investment options it can no longer get from the European Union.
Ultimately, though, it will choose the US. How it then negotiates its future relationship with an annoyed China is an open question. This signals again that cybersecurity is frequently a diplomatic issue.
The UK, through the Foreign, Commonwealth and Development Office, is an important voice in global discussions about how states should behave in ‘cyberspace’. However, this quest for ‘cyber norms’ is long and tortuous. It is also unresolved, not least in respect of differing visions of what the internet is for and who should govern it.
One related global policy issue is how and whether so-called ‘cyberweapons’ should be used in inter-state conflicts. My research suggests that ‘offensive cyber capabilities’, as they are better framed, are hard to regulate but we should try anyway.
Through an Economic and Social Research Council grant, the KCL Cyber Security Research Group is researching how these capabilities fit within UK military doctrine and strategy and might serve the UK’s national interests.
There is a lot more to say about cybersecurity and its role in national and international politics. My research draws attention to these dynamics and, by directly engaging with stakeholders, hopes to shape cybersecurity policy and practice at home and abroad.