In conflict and crisis situations, technical repair, recovery and reconstruction of internet infrastructure relies on human and social networks and expertise. Private sector choices matter, both for the state of internet resilience but also for the individuals and communities dependent on it.
At the event from which this research paper originated, an attendee posed a deceptively simple question: What is the internet? Among the polite (and nervous) laughter in response, another attendee provided a simple and poignant answer:
This idea has served as a guiding thread for the approach to internet resilience adopted in this research paper. It is a reminder of the fundamentally human dimension of what a resilient internet could – and, indeed, should – look like. It also shows that the technical and sociopolitical aspects of how a resilient, reliable internet works, while often separated for the purposes of analysis, are in practice intertwined.
This paper has advanced three core arguments about the nature of internet resilience, using two case studies to reveal underexplored dimensions of resilience in conflict and crisis settings. It has also used discussion of private sector actors’ shifting roles in said landscape to provide not only a greater understanding of resilience, but also of the use of technologies in modern conflict more broadly.
The first argument is that there is a clear, understudied and revealing interplay between technical and sociopolitical resilience of the internet. Technical repair, recovery and reconstruction relies on humans, their social networks and their expertise, as much as the provision of suitable technology. In part, this is an issue of numbers: the greater the level of connectivity in a given country, the greater the resilience of its internet. This resilience is in part due to alternative routes, infrastructure and connections beyond its borders. But technical and sociopolitical internet resilience are also combined, in the sense that resilience depends on the preparation and reaction of people to disruption. This is precisely why the relationship between technical and sociopolitical internet resilience is amplified (in depth, complexity and consequences) in a conflict or crisis environment.
Second, the technical and sociopolitical resilience of the internet is closely connected to the lives and livelihoods of individuals, and to countries and regions. In places as diverse as Afghanistan and Ukraine, with vastly different levels of internet use and infrastructure, the resilience of the internet – or lack thereof – played a key part in conflict dynamics. Adversaries recognize the strategic benefit of targeting different parts of the internet, incorporating (anti-)resilience thinking into their offensive tactics, as much as defenders incorporate strategic, resilience-based thinking into theirs. Put simply, the internet is increasingly central to modern conflict. One of the most visible manifestations of this centrality is the rise in cyberattacks to accompany – and, in some cases, exacerbate – attacks on energy, telecommunications and other national critical infrastructure in Ukraine. But, as this paper has demonstrated, internet resilience extends far beyond cyber defence to decisions made in global multi-stakeholder governance forums and networks of cable engineers rushing to repair bombed-out connection points.
Third, and finally, the private sector has a crucial but complex role in maintaining internet resilience at all levels of the stack, between and among both types of resilience and from the local to the global levels. The private sector is increasingly implicated in the continued operation of the internet itself and the lives of those using it. The interviews conducted for this paper in particular give insights into the complex considerations private sector entities face in maintaining, withdrawing or increasing their service and operational delivery in a conflict or crisis zone. Some considerations are reputational: will the continued or resumed delivery of service in a conflict zone jeopardize the company’s local, national or global reputation? Others are commercial, rooted in the (often, overriding) incentive to protect against significant revenue disruption on the one hand, or to seek novel opportunities for increasing revenue on the other. Interviewees also highlighted the power of welfare considerations, asking: where are the main risks to the safety of company staff and their local networks? Another consideration relates to political and legal factors, associated with the potential risk of being identified as a party to conflict or the political and diplomatic pressure applied to act or withdraw services to different groups and in different locations.
A simple categorization of private sector roles in internet resilience is impractical, particularly as their roles are constituted and reconstituted along with the shifting realities of conflict and crisis environments. In any case, private sector entities are diverse, and members of the same organization do not act as one unified body with fully aligned incentives and considerations. However, for the purpose of future analysis, this paper identifies a typology of private sector and non-state roles, comprising the following four proposed categories. This typology is intended as a starting point from which to better delineate, untangle and identify private sector and non-state roles in providing internet resilience in conflict or crisis.
- Providers are private sector stakeholders that supply and maintain various parts of internet infrastructure at distinct or multiple layers of the stack (e.g. a telecommunications company supplying hardware such as cables).
- Shapers are those that endeavour to impact policies, strategies and processes concerning internet resilience on the national or international levels (e.g. a major technology company active in the multi-stakeholder community, sharing input in UN-level meetings on cyber governance).
- Entrepreneurs are those that innovate technologies at distinct or multiple levels of the stack with direct bearing on resilience (e.g. a hardware- or software-focused quantum computing and communications company).
- Challengers are those that provide enabling technology, resources or personnel to challenge internet resilience (e.g. a commercial hacking company contracted by an intelligence or military agency to mount cyberattacks targeting internet infrastructure).
The design and deployment of digital technologies, and the resilience of global and local internet, will continue to define the contours and, in some cases, the outcomes of modern conflict. Looking ahead, the nature and impact of future conflicts will become even more contingent on the state of the internet. Emerging technologies like artificial intelligence, which are increasingly prevalent tools in modern warfare, are themselves reliant on stable cloud-data computing and fast global connectivity – all of which are significantly mediated by private sector actors.
For private sector actors operating in existing and future conflicts, progressively harder choices lie ahead, balancing political pressures with shareholder interests and profit-making duties, and maximizing voluntary contributions to provide and safeguard resilience, while minimizing legal and physical risks to staff. This paper has offered two contrasting examples of how and why these choices might be made – and, more importantly, why they matter, both for the state of internet resilience but also for the individuals and communities dependent on it.
This paper has challenged siloed approaches to internet resilience, advocating a more holistic approach that presents a clearer and more informative view on the state of resilience in conflict and crisis environments. The paper’s conceptual approach, case studies and proposed typology ultimately aim to encourage and challenge stakeholders from the public and private sectors to continually reassess and strengthen their own strategic and operational approach to internet resilience.