1. Comment
December 1, 2021

Splinternet: Walled gardens on the path to global cybersecurity

By GlobalData Thematic Research

On 19 November, China held a conference celebrating its control over online content via a ‘splinternet’. This event acted as a reminder of the increasing extent to which the internet is being segregated into tightly controlled realms. This splinternet is one of the main barriers to developing mutually beneficial state-based cyber relations.

There have been previous efforts to create cyber trust between states, but these policy talks have always broken down. Unless countries are willing to give up some control over online content, cyber relations will become increasingly unstable.

China’s control over online content and data

A government-sponsored ‘China Cyberspace Civilization’ conference was held in Beijing on November 19, 2021. The event acted as both celebration and showcase of the state’s control over all forms of online content. It also highlighted the fact that China is increasingly passing laws to control what companies can do with user data. The most recent laws are the Data Security Law (DSL) and the Personal Information Protection Law (PIPL). With these laws, China is ensuring that data remain in China and that it cannot be sent overseas.

From a corporate perspective, China’s compliance rules have forced companies to either adapt or cease operations in China altogether. For example, Microsoft shut down its local version of LinkedIn in October 2021 and Yahoo ceased all operations in China at the beginning of November. From a state perspective, China’s tight control over online content creates greater distrust, even from its allies.

Negative effects of the splinternet

Critical infrastructure—including civil and economic—increasingly relies on the internet. Cybersecurity technology is advancing rapidly, and systems are becoming more globally connected. With this comes the possibility that cyberattacks will expand beyond their intended geographic scope and do more damage than expected. As more countries segregate their versions of the internet, effective global cooperation in the face of a cyberattack becomes more difficult. Since the rules of cyber warfare are ambiguous, what begins as a low-intensity exchange may quickly intensify into a major showdown unless countries can effectively cooperate. As such, the splinternet can unnecessarily aggravate geopolitical relations.

There have been previous efforts based on conventional security practices to increase cyberspace transparency, develop confidence-building measures, and manage crises.

However, these efforts have failed. The US and Russia did establish a joint cybersecurity task force and produce a tentative agreement on confidence-building measures, but these were discarded when Russia granted whistleblower Edward Snowden political asylum in 2013. China and the US also set up a cybersecurity working group in 2013 and sought to put in place confidence-building measures. But the endeavour was suspended indefinitely when the US indicted five Chinese military officers for engaging in cyber espionage.

Some possible steps

To prevent escalation, norms need to be established around which objects and organizations should be off limits for cyber operations. Putting in protective measures for energy, transportation, and finance could be useful and achievable first steps. An example to look towards is the 2018 Joint Statement Strengthening International Oversight Cooperation, a collaboration between the intelligence oversight committees of Belgium, Denmark, the Netherlands, Norway, and Switzerland.

Propagating norms of engagement and freely exchanging more information would certainly help. Ultimately, ensuring the internet is a utility that is beneficial for all countries should be the end goal. Giving up some control over content will be a step towards stabilizing cyberspace and increasing cooperation.