Risk Nexus Revisited: What is the Internet’s Future?

This is a critical moment for the Internet. Mass government and commercial data collection have weakened public trust. Uncertainty is rising as nations disagree over Internet governance and new technologies disrupt existing markets and mechanisms. The Internet of Things (IoT) is developing rapidly and creating new economic opportunities, but manufacturers are consistently failing to incorporate security and privacy by design, thereby exposing consumers to a host of vulnerabilities. Overall, policies and regulations have failed to keep pace with technological innovations.

These challenges and uncertainties about the Internet’s future will be resolved by the choices that governments, companies, civil society, and experts make today. Whether they are resolved positively and productively depends upon the quality of those choices. It is important at this juncture to explore the various paths forward for the Internet in order to find ways to effectively work towards the best outcomes, while actively preventing the worst.

Toward this goal, the Atlantic Council and the Global Commission on Internet Governance (as well as other organizations, including the World Economic Forum, the Pew Research Center, and the Center for Long-Term Cybersecurity at UC Berkeley) have published reports on the multiple possible futures for the Internet. The Atlantic Council’s Risk Nexus Report utilizes economic modeling to forecast four possible Internet futures, each with a different balance of costs and benefits. The Global Commission on Internet Governance (GCIG) recently published the One Internet Report, presenting three possible Internet futures as well as a broad look at the spectrum of Internet-related issues that exist today.

In the Risk Nexus and One Internet reports, the Atlantic Council and the GCIG argue that robust, multi-stakeholder action is the only way to achieve the best possible future for the Internet. It is possible to realize the goals of continued openness and improved security, trust, and inclusivity if governments, companies, civil society, technicians, and academia collaborate on solutions with the collective interest in mind. All stakeholders should view the Internet as a shared global resource that they must work deliberately to preserve. Both reports say that the lack of built-in security in the IoT and other Internet technologies means that governments and businesses must focus on resilience moving forward. In terms of cyber crime, both reports warn that offensive capabilities currently outweigh defensive capacities. The Atlantic Council’s economic modeling takes this topic a step further, illustrating that this imbalance has led to an “inversion” in developed countries, where the costs of online activities are actually becoming greater than the total economic benefits. To address the costs of doing business online, both the Atlantic Council and the GCIC recommend that companies purchase cyber insurance.

The similarities between the Atlantic Council and GCIG reports are encouraging. They show that meaningful work is being done to understand and prepare for a coherent set of possibilities for the Internet’s future. Below is a direct comparison of the two reports’ predictions.

Katherine Graphic for Cyber Blog Post

Kathryn Taylor interned at the Atlantic Council’s Brent Scowcroft Center on International Security in the Cyber Statecraft Initiative this summer, and is currently a Senior at Emory University majoring in International Studies and Computer Science.