Since the birth of the World Wide Web in 1989, despite the fact that the key function of the Internet is to communicate, share and distribute information without borders, countries have varied in their understanding and policies on how the Internet should work in their jurisdiction; some have codified laws bolstering Internet sovereignty or built firewalls to control online information flows. At the 25th anniversary of the Internet in 2014, the Pew Research Center invited over 1400 technology industry leaders and academics to reflect on the impact of the Internet over the next ten years. The top Internet threat these experts named was that nation-states could increasingly block, filter, segment and Balkanize the Internet for geopolitical, economic, social and security reasons.
In 2020, six years after that Pew report, amidst a global pandemic, growing populist partisanship in many countries, and heightened geopolitical tensions between the world’s largest economies, the splintering of Internet communities seems even more imminent than before, as governments seek to limit the sometimes harmful power of social media speech and Internet companies' encroachments on personal privacy. Is the global trend towards segmentation and Balkanization of the Internet forthcoming? What are its implications for business operations globally in terms of cost, planning, continuity, and liabilities ? How will cyber threats evolve as businesses adjust their operations to adapt to a more-segmented Internet? This talk will address these issues by identifying and characterizing the evidence of the segmentation and Balkanization of the Internet and by providing broad cyber threat and risk profiles for each region and practical mitigation measures to improve business resilience.
[CB20] It is a World Wide Web, but All Politics is Local: Planning to Survive a Balkanizing Internet by Mei Nelson
1. Accenture Cyber Threat
Intelligence
It is a World Wide Web, but All Politics
is Local: Planning to Survive a
Balkanizing Internet
Mei Nelson
October 29, 2020
3. The Internet
A Free and Borderless Space?
Or a Space Divided by Geopolitical Decisions?
4. Cyber-balkanization (1997)
Splinternet (2001)
Internet Balkanization
Internet Sovereignty
Digital Colonialism
Slowbalization
Many Names of Internet
Balkanization
"Electronic Communities: Global Village or Cyberbalkans?”
Alstyne & Brynjolfsson; March 1997
5. Risks of an Open Internet
Digital nationalism Threats to privacy and
data security
Threats to intellectual
property
Vulnerability to
attacks
A Balkanizing Internet
Driving factors
6. Political factors
Non-intervention
Internet governance rights
Nationalism
Politically motivated filtering
Economic factors
Technological
development
Data = Oil
Commercial
interests
Social factors
Religion
Cultural acceptance
Security factors
Edward Snowden case
State surveillance
A Balkanizing
Internet
Driving factors
7. China
Cybersecurity
Law
June
2017
Japan Act on the
Protection of
Personal
Information (APPI)
May 2018
June
2018
May
2019
Aug
2020
May
2021
General Data
Protection
Regulation (EU
GDPR)
The California
Consumer Privacy
Act of 2018 (CCPA)
The Russian
Internet
Sovereignty Law
China Global Data
Security Initiative
Brazil Lei Geral de
Proteçāo de Dados
Pessoais (LGPD)
May
2017
Trends of Segmentation and Internet
Balkanization
Regulations and Legislation
8. Trends of Segmentation and Internet
Balkanization
Action taken – Internet cutoff
Democratic
Republic
of Congo
Bangladesh
Papua New
Guinea
Belarus
Egypt
India Indonesia
Iran
Iraq
Sudan
Myanmar
Zimbabwe
9. Trends of Segmentation and Internet
Balkanization
Action taken
Online content
filtration
US sanctions India App bans
11. Implications (I)
What does a Balkanizing Internet
mean for businesses?
Business operation costs likely go up
Costs of compliance
in each business
operation region
Costs of data localization
Costs to address the
technical requirements
for each environment
Costs of building
segregated network
infrastructure
Costs of keeping seamless
online connectivity, particularly
for businesses operating
globally
Costs of integrating data
across regions and countries
12. Implications (II)
What does a Balkanizing Internet
mean for businesses?
Weaponization of Supply Chains
Hard technologies
Digital platforms
Data
13. Implications (III)
What does a Balkanizing Internet
mean for businesses?
Fragmentation
of Markets
Market Access
Restrictions
17. Source: iDefense Intelgraph Rsearch
Segmentation and Internet Balkanization
Scenarios
Russian Internet Sovereignty Law
18. Source: iDefense Intelgraph Research
Russian Internet Sovereignty Law
Segmentation and Internet Balkanization
Scenarios
What an attack on
DNS would look like
19. Segmentation and Internet Balkanization
Scenarios
A DNS alternative
could likely do
A potential backup
to conduct an
offensive attack?
Increasing possibility
of large-scale
cyberattack?
Increasing difficulty
of tracing
disinformation
spreaders?
Russian Internet Sovereignty Law
21. Architect for a Balkanizing Internet
Action Reasoning
Regionally Isolate Active Directory Implementations Cross-Border Authentications Could Be Challenged by Policies/Laws
Heavily Segment Enterprise Networks Force Ingress and Egress Inspection at Virtual Borders
Multiple Software Defined Network
Control Planes
Shared Resources Invite Manipulation. Segment networks at Layer 2 and
Layer 3
Regional Data Governance Strategies Data Should Only Reside in Where Necessary. Utilize API integrations
across borders.
Closely map intellectual property rights Understand where your company’s most valuable IP is located. Limit its
ability to migrate to less stabile regions
Make long term investment decisions in
more stabile regions.
Intellectual property should be integrated and grown in cloud fabrics with
most political stability.
Create In-Region Disaster Recovery Plans
and Infrastructures
Cross-Border Disaster Recovery Can Result in Fragment
Aggregate security data at the local and
global levels
Companies should assess risk at both the regional and global level to best
inform investment decisions
21
22. Maintaining Awareness to Survive a
Balkanizing Internet
Policy Initiatives
Any local policy, national,
and multilateral
initiatives relevant to
business operations?
Cybersecurity
Campaigns
Any regional
cybersecurity campaigns
may affect your current
security structure?
Cyberthreat alerts
Any cyberthreat
activities targeting your
industry or operating
region(s)?
23. Taking Proactive Measures to
a Balkanizing Internet
23
Conducting tabletop
exercises
Establishing a robust
geopolitical threat
intelligence program
Identify indicators of
balkanization
Participating industry
policy formulation
process