Abstract
Networked governance is the default modus operandi in Internet governance. Even the provisioning of Internet security heavily relies on non-hierarchical, networked forms of organisation. Responses to large-scale botnets show the prevalence of networked governance and provide insight into its strengths and limitations. Networked governance can be defined as a semi-permanent, voluntary negotiation system that allows interdependent actors to opt for collaboration or unilateral action in the absence of an overarching authority. This chapter analyses the ability of traditional powerful actors such as state authorities and large enterprises to provide Internet security and exert power in the cyber-domain. The chapter outlines potential anchor points for traditional powerful actors to introduce more elements of hierarchy and control into Internet security provisioning networks. Empirically, the chapter describes emerging hybrids of networks and hierarchies in Internet security provisioning.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
International security is here used in its narrow sense as the absence of violent conflict in contrast to e.g. the broader Galtungian notion of international peace as the absence of structural violence.
- 2.
An example for networked organisation in the domain of Internet security is the anti-Spam London Action Plan. (Tabatabaie et al. 2012).
- 3.
This article was written in late 2012, early 2013. An analysis after the PRISM revelations might come to different conclusions
- 4.
Compare Ronfeldts blog entries on Michel Bouwens’ concept of the Partner State (http://twotheories.blogspot.com/2011/07/bauwens-partner-state-part-1-of-2-vis.html, http://twotheories.blogspot.com/2011/10/bauwens-partner-state-part-3-of-3-vis.html), and his TIMN framework and emerging hybrid organisational forms (http://twotheories.blogspot.com/2009/06/timn-and-emergence-of-collaborative.html, http://twotheories.blogspot.com/2009/05/organizational-forms-compared-my.html, http://twotheories.blogspot.com/2009/04/uick-comments-one-on-sta-other-on-timn.html).
- 5.
According Joseph Nye, influence is usually used synonymic to power (Nye 2011b, p. 11).
- 6.
The content of the table is partly based on (Eilstrup-Sangiovanni 2007, pp. 5–6).
- 7.
The NSA reportedly has, however, installed traffic analysis systems at major US Internet exchange points. (American Civil Liberties Union 2006).
- 8.
Michel van Eeten, a researcher with a long list of publications on quantitative dimensions of malware, estimated some 3 M infected machines. He assumes that the Dutch police did not take into account that temporary assignment of DNS number gives any infected machine several IP addresses over time and that therefore the number of unique IP addresses is not equal to the number of actually infected machines (van Eeten 2010).
- 9.
“Politie overtrad wet bij oprollen botnet”, NU.NL, Oct 28, 2010, http://www.nu.nl/Internet/2366129/politie-overtrad-wet-bij-oprollen-botnet.html.
- 10.
- 11.
Estonian Minister of Defense, Jaak Aaviksso, cited in (Landler and Markoff 2007).
- 12.
Cp. the discussion on state responsibilities for non-state cyberattacks in (Healey 2012).
- 13.
The Markle Foundation Task Force has been a broad and visible example (Markle Foundation-Task Force on National Security in the Information Age 2002).
- 14.
Keith Alexander used the term of “bad packets” that need to be detected on the Internet by ISPs. Cheryl Pellerin, “Cybersecurity Involves Federal, Industry Partners, Allies”, defense.gov, November 8, 2012, http://www.defense.gov/news/newsarticle.aspx?id=118479.
- 15.
CSFI, “About CSFI”, http://www.csfi.us/?page=about (Retrieved June 1, 2011).
- 16.
(CSFI, ibd.).
- 17.
CCDCOE, “Recruiting Cyber Power Workshop”, 2011, http://www.ccdcoe.org/ICCC/CSFI_CCDCOE_Workshop.pdf.
- 18.
DARPA, Research Announcement, Cyber Fast Track (CFT), DARPA-RA-11-52 August 3, 2011, https://www.fbo.gov/utils/view?id=48b671dacf69d07facc107e40840878d (Retrieved Jun 25, 2012).
- 19.
The role of mentalities—not so much for the effects of governmental programs as they did not play a role here—is illustrated in the case of Wikileaks and Adrian Lamo. Lamo passed logs of private chats, which he had with Bradley Manning and in which the latter revealed self-compromising information, to U.S. authorities and the Wired magazine (Calabresi 2010). In January 2013, Lamo rationalized his actions, calling it “needful” and claims that it was “his duty” to “interdict the freedom of the man in the IM window.” His handing over of Manning to public authorities happened “in deference to the hubris of believing that the masses only await our touch in order to to be enlightened” (Lamo 2013).
- 20.
Russia Today, “Wired’s Most Dangerous: Russia’s cyber-security mogul behind Flame virus downfall hits top 15”, December 22, 2012, http://rt.com/news/kaspersky-most-dangerous-people-606/.
References
American Civil Liberties Union. (2004, August). The surveillance-industrial complex: How the American government is conscripting businesses and individuals in the construction of a surveillance society. New York. Retrieved November 8, 2008, from http://www.aclu.org/FilesPDFs/surveillance_report.pdf.
American Civil Liberties Union. (2006, January 31). Eavesdropping 2010: What can the NSA do? [Web page] Retrieved January 2, 2013, from http://www.aclu.org/files/pdfs/eavesdropping101.pdf.
Bardin, J. (2012, August 16). Giving aid and comfort. Infosec island [Web page]. Retrieved from http://www.infosecisland.com/blogview/22211-Giving-Aid-and-Comfort-to-the-Enemy.html.
Benitez, J. (2012, April 11). Pentagon expanding international partnership to address ‘global cyber arms race. ACUS website. Retrieved from http://www.acus.org/natosource/pentagon-expanding-international-partnerships-address-global-cyber-arms-race.
Bijl, J. (2012, April 12). Critical analysis of Microsoft operation B71. Fox IT blog [Web page]. Retrieved from http://blog.fox-it.com/2012/04/12/critical-analysis-of-microsoft-operation-b71/.
Boscovich, R. D. (2012, March 25). Microsoft and financial services industry leaders target cybercriminal operations from Zeus botnets. The official Microsoft blog [Web page]. Retrieved from http://blogs.technet.com/b/microsoft_blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.asp.
Brito, J., & Watkins, T. (2011, April). Loving the cyber bomb? The dangers of threat inflation in cybersecurity policy. Retrieved November 2, 2012, from http://mercatus.org/publication/loving-cyber-bomb-dangers-threat-inflation-cybersecurity-policy.
Bryden, A., & Caparini, M. (2006). Private actors and security governance. Münster: Lit Verlag.
Calabresi, M. (2010, December 2). WikiLeaks’ war on secrecy: Truth’s consequences. Time magazine [Web page]. Retrieved December 3, 2011, from http://www.time.com/time/magazine/article/0,9171,2034488,00.html.
CeBIT 2012: Eugene Kaspersky Calls for International Cyber-security Organisation. (2012, March 9). Bizcomm, Retrieved March 15, 2012, from http://www.bizcommunity.com/Article/82/391/72039.html.
Clark, G., & Sohn, L. B. (1958). World peace through world law. Cambridge: Harvard University Press.
Czosseck, C., Ottis, R., & Talihärm, A. (2011). Estonia after the 2007 cyber attacks: Legal, strategic and organisational changes in cyber security. In Proceedings of the 10th European conference on information warfare and security at the Tallinn University of Technology Tallinn, Estonia 7–8 july 2011 (pp. 57–64). Retrieved September 4, 2012, from http://www.ccdcoe.org/articles/2011/Czosseck_Ottis_Taliharm_Estonia_After_the_2007_Cyber_Attacks.PDF.
Dafermos, G. (2012). Authority in peer production: The emergence of governance in the freebsd project. Journal of Peer Production, (1). Retrieved January 1, 2012, from http://peerproduction.net/issues/issue-1/peer-reviewed-papers/.
Davis, J. (2007). Hackers take down the most wired country in Europe. Wired Magazine, 15, 9.
Deibert, R. (2010). Militarizing cyberspace-to preserve the open internet we must stop the cyber arms race. Technology Review. Retrieved January 10, 2012, from http://www.technologyreview.in/web/25901.
de Natris, W. (2012, May 22). Public private cooperaration: The Zeus take down example. Personal blog [Web page]. Retrieved January 10, 2013, from http://woutdenatris.wordpress.com/2012/05/22/public-private-cooperaration-the-zeus-take-down-example.
Eilstrup-Sangiovanni, M. (2007, October). Varieties of cooperation: Government networks in international security. Florence: European University Institute, Robert Schuman Centre for Advanced Studies. EUI Working Papers RSCAS 2007/24. Retrieved April 20, 2009, from http://cadmus.iue.it/dspace/handle/1814/7503.
Estonian Defence League. (2010, December 20). Estonian defence league. Retrieved December 21, 2010, from http://en.wikipedia.org/wiki/Estonian_Defense_League.
Estonian Ministry of Defence (2011, January 20). Government formed cyber defence unit of the defence league. Website of ministry of defence [Web page]. Retrieved January 25, 2011, from http://www.mod.gov.ee/en/government-formed-cyber-defence-unit-of-the-defence-league.
FBI New York Field Office (2011, November 9). Manhattan U.S. Attorney charges seven individuals for engineering sophisticated Internet fraud scheme that infected millions of computers worldwide and manipulated Internet advertising business. Retrieved May 13, 2012, from http://www.fbi.gov/newyork/press-releases/2011/manhattan-u.s.-attorney-charges-seven-individuals-for-engineering-sophisticated-internet-fraud-scheme-that-infected-millions-of-computers-worldwide-and-manipulated-internet-advertising-business.
Ferguson, R. (2012, March 27). Don’t be dumb, keep schtumm!. CounterMeasures-trend micro blog [Web page]. Retrieved January 10, 2013, from http://countermeasures.trendmicro.eu/dont-be-dumb-keep-schtumm/.
Forward-Looking Threat Research Team (2012). Operation Ghost Click-the Rove Digital takedown (Trend Micro Incorporated Research Paper). Retrieved September 19, 2012, from http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp_the_rove_digital_takedown.pdf.
Friedman, T. (1998). Techno-Nothings. New York Times, p. 13. Retrieved October 7, 2003, from http://www.gsu.edu/~poljsd/3400/3400readings/techno-nothings.html.
Gomez, W. (Transcript author). (2012). Building a secure cyber future: Attacks on Estonia, five years on. (Transcript of the ACUS workshop on May 23, 20012, Washington D.C). The Atlantic Council of the United States. Retrieved August 24, 2012, from http://www.acus.org/print/70435.
Gorman, S., & Barnes, J. E. (2011, May 31). Cyber combat can count as act of war. Wallstreet Journal, Retrieved from http://professional.wsj.com/article/SB10001424052702304563104576355623135782718.html.
Gruszczak, A. (2008). Networked security governance: Reflections on the EU’s counterterrorism approach. Journal of Global Change and Governance, 1(3), 1–23.
Healey, J. (2012, January). Beyond attribution: Seeking national responsibility for cyber attacks. Atlantic council issue brief. Retrieved April 3, 2012, from http://www.acus.org/publication/beyond-attribution-seeking-national-responsibility-cyberspace.
Jackson Higgins, K. (2012a, July 26). Apple makes black hat debut. Dark reading [Web page]. Retrieved July 30, 2012, from http://www.darkreading.com/mobile-security/167901113/security/vulnerabilities/240004456/apple-makes-black-hat-debut.html.
Jackson Higgins, K. (2012b, June 6). Siemens enhances security in post-stuxnet SCADA world. Dark reading [Web page]. Retrieved June 20, 2012, from http://www.darkreading.com/advanced-threats/167901091/security/vulnerabilities/240001644/siemens-enhances-security-in-post-stuxnet-scada-world.html.
Jung (2009). The “networked security” concept–stocktaking and perspectives. European Security and Defence, (1), 7–12. Retrieved June 28, 2009, from http://www.europeansecurityanddefence.info/Ausgaben/2009/01_2009/01_Jung/ESD_0109_Jung.pdf.
Kahler, M. (2009). Networked politics: Agency, power, and governance. In M. Kahler (Ed.), Networked politics: Agency, power, and governance (pp. 1–21) [Web]. Cornell: Cornell University Press.
Kempa, M., Carrier, R., Wood, J., & Shearing, C. (1999). Reflections of the evolving concept of ‘private policing’. European Journal on Criminal Policy and Research, 7(2), 197–223. doi:10.1023/A:1008705411061.
Klimburg, A. (2011). Mobilising cyber power. Survival, 53(1), 41–60. doi:10.1080/00396338.2011.555595.
Kolakowski, N. (2010, March 3). Spain, IT security companies sting Mariposa botnet. eWeek. Retrieved August 2, 2012, from http://www.eweek.com/c/a/Security/Spain-IT-Security-Companies-Sting-Mariposa-Botnet-390027.
Korps Landelijke Politiediensten (2011, February 16). Evaluatie tolling-lnnovatieve hoogtepunten en processuele lessen. Retrieved October 7, 2012, from https://rejo.zenger.nl/files/0000034/20110216-evaluatie-tolling.pdf.
Krahmann, E. (2005). Security governance and networks: New theoretical perspectives in transatlantic security. Cambridge Review of International Affairs, 18(1), 15–30. doi:10.1080/09557570500059514.
Krahmann, E. (2010). States, citizens and the privatization of security. Cambridge: Cambridge University Press.
Krebs, B. (2012, April 16). Microsoft responds to critics over botnet bruhaha. KrebsOnSecurity [Web page]. Retrieved January 10, 2013, from http://krebsonsecurity.com/2012/04/microsoft-responds-to-critics-over-botnet-bruhaha/.
Kuerbis, B. (2011). Securing Critical Internet Resources: Influencing Internet Governance through Social Networks and Delegation (Doctoral Thesis). Syracuse University, iSchool-Information Science and Technology.
Kuerbis, B., & Mueller, M. (2011). Negotiating a new governance hierarchy: An analysis of the conflicting incentives to secure Internet routing. Communications and Strategies, 81, 125–142.
Lake, D. A. (2009). Hobbesian hierarchy: The political economy of political organization. Annual Review of Political Science, 12, 263–283. doi:10.1146/annurev.polisci.12.041707.193640.
Lamo, A. (2013, January 3). Bradley Manning and me: Why I cannot regret turning in the WikiLeaks suspect. The guardian [Web page]. Retrieved January 11, 2013, from http://www.guardian.co.uk/commentisfree/2013/jan/03/bradley-manning-wikileaks-suspect-adrian-lamo.
Landler, M., & Markoff, J. (2007). In Estonia, what may be the first war in cyberspace. International Herald Tribune. Retrieved November 4, 2010, from http://www.iht.com/articles/2007/05/28/business/cyberwar.php.
Larraz, T. (2010, March 3). Spanish “botnet” potent enough to attack country: Police. Reuters. Retrieved January 16, 2013, from http://www.reuters.com/article/2010/03/03/us-crime-hackers-idUSTRE6214ST20100303.
Lawson, S., & Gehl, R. W. (2011, May). Convergence security: Cyber-Surveillance and the biopolitical production of security. Paper prepared for Workshop on Cyber-Surveillance in Everyday Life: An International Workshop, May 12–15, 2011, University of Toronto.
Lennon, M. (2012, March 26). Microsoft leads sting operation to disrupt Zeus botnets. SecurityWeek. Retrieved May 13, 2012, from http://www.securityweek.com/microsoft-and-partners-disrupt-zeus-botnets-sting-operation.
Leyden, J. (2010, March 3). How FBI, police busted massive botnet. The register. Retrieved January 10, 2013, from http://www.theregister.co.uk/2010/03/03/mariposa_botnet_bust_analysis/.
Macdonald, D., & Manky, D. (2010, February). Zeus: God of DIY botnets. Fortiguard blog [Web page]. Retrieved January 10, 2013, from http://www.fortiguard.com/analysis/zeusanalysis.html.
Mandelbaum, M. (2006). The case for Goliath: How America acts as the world’s government in the twenty-first century. New York: PublicAffairs.
Markle Foundation-Task Force on National Security in the Information Age (2002, October). Protecting America’s freedom in the information age. A report of the markle foundation task force.
McConnell, M. (2010, February 28). Mike McConnell on how to win the cyber-war we’re losing. Washington Post, Retrieved November 4, 2012, from http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR2010022502493.html.
Minkwitz, O., & Schöfbänker, G. (2000). Information warfare: Die Rüstungskontrolle steht vor neuen Herausforderungen. Für eine Informationskriegsordnung: Frühzeitige Rüstungskontrolle statt Rüstungswettlauf. Berlin: Forschungsgruppe Informationsgesellschaft und Sicherheitspolitik. FoG:IS Arbeitspapier 2.
Mueller, M., Schmidt, A., & Kuerbis, B. (2013). Internet security and networked governance in international relations. International Studies Review, 15(1), 86–104.
Nye, J. S. (1990). Bound to lead: The changing nature of American power. New York: Basic Books.
Nye, J. S. (2011a). Nuclear lessons for cyber security? Strategic Studies Quarterly, 5(4), 18–38.
Nye, J. S. (2011b). Power and foreign policy. Journal of Political Power, 4(1), 9–24. doi:10.1080/2158379X.2011.555960.
Openbaar Ministerie (2010, October 25). Nationale recherche haalt berucht botnet neer. Retrieved January 10, 2013, from http://www.om.nl/actueel/nieuws-_en/@154337/nationale_recherche_0.
Ottis, R. (2010, November 19). Cyber security conference in Georgia. Personal blog-conflicts in cyberspace [Web page]. Retrieved January 11, 2013, from http://conflictsincyberspace.blogspot.com/2010/11/cyber-security-conference-in-georgia.html.
Pear, R. (2012, April 26). House votes to approve disputed hacking bill. New York Times, Retrieved January 11, 2013, from http://www.nytimes.com/2012/04/27/us/politics/house-defies-veto-threat-on-hacking-bill.html.
Porter, M. A., Onnela, J. P., & Mucha, P. J. (2009). Communities in networks. Notices of the AMS, 56(9), 1082–1097.
Poulsen, K. (2007, August 22). ‘Cyberwar’ and Estonia’s panic attack. Wired, threat level. Retrieved November 10, 2010, from http://www.wired.com/threatlevel/2007/08/cyber-war-and-e/.
Raustiala, K. (2002). The architecture of international cooperation: Transgovernmental networks and the future of international law. Virginia Journal of International Law, 43. Retrieved July 4, 2012, from http://ssrn.com/abstract_id=333381.
Schmidt, A. (2012). At the boundaries of peer production: The organization of Internet security production in the cases of Estonia 2007 and Conficker. Telecommunications Policy, 36(6), 451–461. doi:10.1016/j.telpol.2012.02.001.
Schmidt, A. (2013). The Estonian cyberattacks. In J. Healey (Ed.), The fierce domain–conflicts in cyberspace 1986–2012 (pp. 1986–2012). Washington, D.C.: Atlantic Council.
Schwartz, M. J. (2010, October 27). Bredolab botnet busted. InformationWeek. Retrieved May 13, 2012, from http://www.informationweek.com/story/showArticle.jhtml?articleID=228000096.
Shachtman, N. (2011, June). Pirates of the ISPs: Tactics for turning online crooks into international pariahs. Washington, D.C.: Brookings. Retrieved March 10, 2012, from http://www.brookings.edu/papers/2011/0725_cybersecurity_shachtman.aspx.
Shachtman, N. (2012, July). Russia’s top cyber sleuth foils US spies, helps Kremlin pals. Wired. Retrieved January 11, 2013, from http://www.wired.com/dangerroom/2012/07/ff_kaspersky/all/.
Sinha, P., Boukhtouta, A., Belarde, V. H., & Debbabi, M. (2010). Insights from the analysis of the Mariposa botnet. In CRiSIS 2010, fifth international conference on risks and security of Internet and systems, Montreal, Canada, October 10–13, 2010 (pp. 1–9). doi:10.1109/CRISIS.2010.5764915.
Slaughter, A. M. (1997). The real new world order. Foreign Affairs, 76(5), 183–197.
Slaughter, A. M. (2004). A new world order. Princeton: Princeton University Press.
Slaughter, A. M. (2009). America’s edge-power in the networked century. Foreign Affairs, 88(1), 94–113.
Sully, M., & Thompson, M. (2010, February). The deconstruction of the Mariposa botnet. Defence Intelligence. Retrieved September 16, 2012, from http://defintel.com/docs/Mariposa_White_Paper.pdf.
Tabatabaie, S., van Eeten, M., & Asghari, H. (2012). Transgovernmental networks in cybersecurity: A quantitative analysis of the London Action Plan against spam. Paper presented at the 2012 Annual Convention of the International Studies Association.
van Eeten, M. (2010, November 1). Dutch police inflates Bredolab botnet success by factor of ten, and then some. Internet governance project. Retrieved November 2, 2010, from http://www.internetgovernance.org/2010/11/01/dutch-police-inflates-bredolab-botnet-success-by-factor-of-ten-and-then-some.
von Eitzen, C. (2011, November 10). Operation Ghost Click: FBI busts DNSChanger botnet. The H Security. Retrieved May 13, 2012, from http://www.h-online.com/security/news/item/Operation-Ghost-Click-FBI-busts-DNSChanger-botnet-1376746.html.
Weber, S. (2004). The success of open source. Cambridge: Harvard University Press.
Wong, W., & Lake, D. (2009). The politics of networks: Interests, power, and human rights norms. In Networked politics: Agency, power, and governance. Ithaca: Cornell University Press.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Schmidt, A. (2014). Hierarchies in Networks: Emerging Hybrids of Networks and Hierarchies for Producing Internet Security. In: Kremer, JF., Müller, B. (eds) Cyberspace and International Relations. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-37481-4_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-37481-4_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-37480-7
Online ISBN: 978-3-642-37481-4
eBook Packages: Humanities, Social Sciences and LawPolitical Science and International Studies (R0)