The internet can be put in a stranglehold in times of conflict, and users need to be able to trust that their service is available.

Speaking on the ‘geopolitics of internet data routes’ in the opening keynote at the Black Hat Europe conference in London, Frederik Douzet, Professor of Geopolitics at the University of Paris 8, pointed at instances where sanctions have been placed on internet access in a nation, or even completely blocked.

Saying that “this is in line with the increased militarisation of cyberspace, and now the weaponisation of the internet,” Douzet said these strategies shape the form of cyberspace, and also threaten its very model of resilience.

“The internet is a very dynamic environment, and it changes all the time - that is one of its constant features,” she said. “Like most networks, it initially went through phases of decentralisation and then recentralisation, but what we're observing now is two different trends that are happening at the same time.”

She said these trends are: fragmentation along national borders for strategic and sovereign control over data routes, or the weaponisation of routing for geopolitical control; and concentration around a few routing operators and private platforms guided by performance and market forces.

On the first trend, Douzet said a number of states try to restore control at their borders to “receive their own share of cyberspace,” and this involves the ability to selectively block traffic, to spy on it and undermine the free flow of data and the resilience of the internet.

The second trend is related to the concentration of data traffic around a few major operators in data routing, and could also raise issues of free flow of information. 

“These issues are very important because they also raise governance issues,” she said, saying such centralisation tends to create points of vulnerability.

European Implications

Moving on to implications for the European Union, Douzet said there is a clear concentration of traffic “in the power of a handful of private companies that are mostly US-based,” and the impact on digital sovereignty and the control of data flow is very important.

Saying that “these companies are subject to the Cloud Act and the Patriot Act,” Douzet said it may become difficult to enforce EU regulation on these platforms.

She also said there is a “possibility to weaponise these dependencies in times of conflict,” which means that major routing operators in the context of the conflict may take a decision themselves, or under pressure of a government, that may hinder data flow. “Therefore it makes us vulnerable to geopolitical tensions, sanctions and restrictions that might be decided elsewhere.”

However she said that it is more likely that operators will discriminate content and prioritise traffic and routes that serve their economy interest over public interest.

Economic Power

On the concentration of economic power, she said that will make it very difficult for European actors to emerge, because the cost of entry is too high and its hyperscalers have the ability to cut costs in many different ways. 

“Therefore it is likely in the coming years to reinforce their dominant position of major platforms and content delivery network, who capture most of the value created by content and distribution, and the data associated to it,” she said.

Unanswered Questions

Concluding by asking what this means for the future of the internet, and the security and reliability of the internet, she asked if we are losing “the original model of resilience on the internet” and should we consider we decentralising cyberspace.

She also asked if innovative technologies can help provide a multiplicity of data, routes, storage and access to increase resilience, security, and stability of cyberspace. “I do have all the questions, I unfortunately don't have all the answers but I think these are largely policy questions that deserve both attention and research.”

Dan Raywood Senior Editor SC Media UK

Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.

Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.