The technologies and standards that underpin communication around the world are, for the most part, global and interoperable. From the microprocessor architectures that power everything we do, to the standards set by bodies such as the Internet Engineering Task Force, which oversees the way the internet works, and 3GPP, which has a similar role for mobile communications, we have developed an inexorable tendency to commonality.
We all use Intel- and ARM-designed microprocessors in the devices we own. Our mobile phones can work pretty much anywhere on the planet. Transport Layer Security protects our online lives whatever browser we use and whatever service we are using – something that has been critical during the Covid-19 pandemic.
Common standards mean that designs can be checked once by all interested parties and having many different, interoperable implementations means that errors and vulnerabilities are likely to be caught early. From a cybersecurity point of view, this is good, as it has enabled us to secure systems at a scale that was previously impossible. No system is ever perfect, but making security open and a commodity is our best bet.
In 2021, we risk losing this advantage as we see the beginning of the balkanisation of technology and standards.
States compete and – as we now know – are increasingly weaponising information to gain advantage, breaking into other countries’ networks to steal data, seed misinformation or disrupt infrastructure. But now we are seeing states use the development of and access to technology as tools of statecraft.
States don’t like strategic dependence and so, in 2021, they will develop standards and technology that diverge from global commons, and which embody their values and which they control. This will be more than the different “flavours” of the internet we are already seeing emerge. It will be a fundamental shift in how technology is developed, owned, accessed and leveraged by nation states and companies.
In 2021, new alliances will form around the creation of indigenous and sovereign versions of the technology we use to communicate and manage modern life. We will see standards bodies fragment and supply chains and infrastructure redesigned to align with these new realities.
States will start to take more drastic action to ensure that their supply chains are protected, and that their sovereign “silicon-to-service” technology stacks are insulated from the actions of others and enforce their national values.
The global debate around 5G security has led to a position where we will likely see two independent camps moving forward, ostensibly led by the US and China. They are likely to develop the standard in slightly different ways, driven by national requirements and values. China will accelerate its “Made in China 2025” strategy to ensure it owns and builds critical technologies. As a result, other nations will have to decide which camp better serves their national interest, since the only companies that produce this technology are bound to those countries. This will establish a pattern which will be repeated across other critical technologies.
The multi-stakeholder approach to standards that ensures no one party has too much power will be more critical than ever to ensure that we can continue to do cybersecurity at scale. But just as important is ensuring that there is a diverse set of companies that can provide these technologies, and that we continue to have interoperability. The UK’s diversification strategy for telecoms is an example of the sort of intervention that will be needed. If we fail, the world will become less connected, less resilient and less secure.
Ian Levy is technical director of the UK’s National Cyber Security Centre
This article was originally published by WIRED UK
