Cyber Security

A vulnerable internet needs global standards and security

Published

on

For a loosely connected, globally distributed system with no central governing authority, the Internet is remarkably dependable. Robust enough to cope with the unexpected, it features back-up capabilities ranging from redundant network paths to virtual servers that compensate for physical hardware failures.

Having democratized access to information, the Internet now serves as the foundation of the world’s digital economy. Its functionality, and the economy it underpins, rest on five key elements: operating systems and web browsers; search engines and apps; cloud; silicon-based semiconductor chips; and network equipment.

Over the past two decades, Big Tech has established effective control over most of these five key Internet components. Should any come to be dominated by a single organization or country, the Internet’s reliability, access, confidence, and security would be jeopardized – a vulnerability exacerbated by the current global chip shortage and bans against China-based providers of network gear.

Operating systems support computers’ basic functions, while browsers provide Web access; together, these elements create the online user experience. Shaping that experience are Microsoft and Apple, which control 95% of the total global desktop operating systems market, while Google Android and Apple iOS control nearly 100% for mobile. American companies, Google, Apple, and Firefox, own more than 90% of the mobile browser market. Even in China, Google Chrome holds the top position, with the majority market share.

Those same companies also dominate the search engines and apps that shape the way we see the world. Google alone holds 90% of the global search engine market, followed by Bing and Yahoo! with less than five percent, combined. As for the global app store share, Google Play and Apple App Store account for over 90% of total global downloads.

As for semiconductor chips, of the top 10 chip-makers ranked by sales in the first quarter of 2020, only four were not American. Of those, only one was not headquartered in a U.S.-allied nation.

The final factor is the cloud, which saw a global spend increase of 33 percent as more people worked remotely during the pandemic. Of the Big Tech companies in the relatively new cloud space, AWS, Microsoft Azure and Google Cloud hold a combined share of almost 60 percent of the global market.

Network infrastructure: the last redoubt of Internet independence

Network equipment is the only area not yet dominated by Big Tech. Right now, the market for telecom equipment is distributed evenly and equitably across Asia, Europe, and the rest of the world. Asian companies, representing a region with 60% of the world’s population, had about 40% of the worldwide market share for network gear in 2020, according to Dell’Oro Group. Slightly less than one-third of the world market share is European, divided between Ericsson and Nokia. The remaining one-third is split across a large vendor pool, with several American companies, most notably Cisco, possessing a significant share. 

Only in the network layer – the plumbing that moves bits and bytes from the smartphone in your hand to the application in the cloud data center – are there processes specifically designed to limit monopoly control of vital communication systems by any single entity. However, international conflicts have resulted in U.S. bans on Chinese equipment, which are now spreading across Europe as countries develop their 5G networks. 

The security implications of a single authority

In our digital world, consumers are being increasingly tied to their mobile devices and accessing the Internet from several end points, creating additional business opportunities for the companies that dominate the five critical elements of the Internet. For example, operating systems and web browsers can create customized user experiences by tracking and capturing our data, including location and digital footprints. Search engines retrieve information for us and shape how we perceive the world, especially as we rarely scroll to even the second or third page of search results. Similarly, with the apps available on the app stores, companies must be approved by their host stores for users to access their applications.

These are just a few ways that each sector influences our lives. If a small group of companies dominates the Internet, they can potentially pose a security risk to users by doing one or more of the following:

  • Leveraging market dominance to gain unauthorized access to users’ private data
  • Violating user privacy without accountability nor a major risk of user conversions from service
  • A heightened incentive for threat actors to attack big companies with the largest user bases
  • More impactful, global shortages and outages from a limited and undistributed group of providers

We must be work to build an Internet that supports all users and protects the elements of the Internet that face critical issues. The first step is to develop global standards for the security of network equipment. Currently, operators and vendors lack clear, consistent guidance about what equipment and technologies they can deploy in various countries around the world.

With standards agreed to, we must then set up mechanisms to verify and test key components of network technology. Verification ensures that every vendor’s technology conforms to strict, well-defined requirements. Testing goes one step further, adjusting security criteria based on the importance of particular technologies so there can be confidence that networks and systems will stay remain secure, even under hostile conditions.

This approach is far superior to one that categorically bans network equipment based on country of origin. Such bans erode or eliminate competition, putting at risk a system of communication that spans every corner of the globe – and, ironically, threatening the strategic posture of the very country that has lobbied for the most aggressively.  

Let us hope will adopt a standards-based approach for assurance and transparency while working collaboratively with other governments and private organizations to promote the safer, more transparent cyberspace the world so urgently needs.

Source: https://www.securitymagazine.com/articles/94950-a-vulnerable-internet-needs-global-standards-and-security

Click to comment
Exit mobile version