Author: Ted Price, Assistant General Counsel, International Government Affairs

Cybersecurity is a global issue that does not recognize national boundaries. With global demand for 5G, video, social media, online marketplaces and the Internet of Things growing at an unprecedented rate, the opportunities for cybercrime become ever greater.  It is estimated that in 2018 alone the cybercrime industry generated at least $1.5 trillion in revenue. 

Security practices for the information and communications technology (ICT) industry, along with national laws that many countries have passed in response to cyberthreats, can best be described as a patchwork.  To address the need for greater consistency and international cooperation among governments, businesses, non-profit organizations and internet service providers (ISPs), global policy organizations are working to develop norms and principles that address cybersecurity.  Examples include:

• The United Nations (UN) General Assembly has formed a Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG) to study responsible state behavior and the role of international law in cyberspace.  The GGE has concluded that the UN Charter and general principles of international law apply to state use of ICTs.  Both the GGE and OEWG continue to work on the question of how international law applies and whether new treaties are necessary.

• The UN Secretary-General has established a High-Level Panel on Digital Cooperation, which issued a report recognizing that the “currently fragmented efforts” on cybersecurity need to “coalesce into a comprehensive set of principles to align action and facilitate cooperation that raises the cost for malicious actors.”

• The Organisation for Economic Co-operation and Development has issued several recommendations for governments and other stakeholders on cybersecurity risks and strategies.

• The Council to Secure the Digital Economy, in collaboration with USTelecom and the Consumer Technology Association, published the International Botnet and IOT Security Guide 2020 (CSDE Anti-Botnet Guide) to “facilitate the mitigation of botnets and other automated, distributed threats through voluntary participation and collaboration among disparate stakeholders throughout the global internet and communications ecosystem.” 

• Most recently, the World Economic Forum published a report in January 2020 entitled Cybersecurity Prevention: Principles for Internet Service Providers (WEF Principles) recommending that ISPs (1) work with each other to respond to known threats, (2) raise awareness and help consumers protect themselves, (3) work with hardware and software vendors to increase security and (4) strengthen routing and signaling security. 

As one of the largest internet backbone operators in the world, CenturyLink has a vested interest in an open and safe global internet, where networks and information can cross borders seamlessly and where cyberthreats can be resolved before they do harm.  To advance this vision, CenturyLink’s Black Lotus Labs, one of the world’s most advanced threat research teams, leverages our expansive global threat visibility to act against, and share information about, cyberthreats.  This directly benefits CenturyLink’s customers and helps mitigate threats quickly. 

CenturyLink also puts its cybersecurity expertise to use in the realm of international policy.  Chris Betz, CenturyLink’s Chief Security Officer, has endorsed the WEF Principles, stating that they “align well with our existing cybersecurity practices and will enhance our collective work alongside our ISP peers to protect networks, and those of our customers, against cyberattacks.”  Kathryn Condello, CenturyLink’s Senior Director of National Security, contributed to the development of the WEF Principles.

CenturyLink was also a significant contributor to the CSDE Anti-Botnet Guide, which makes use of research contained in CenturyLink’s 2019 Threat Report and the work of Black Lotus Labs.  The guide received international recognition when it was referenced in a UN Internet Governance Forum white paper as an example of an industry norm on cybersecurity.  Susan Mohr, CenturyLink’s Director of International Government Affairs, was a key contributor to the white paper.

Global harmonization of cybersecurity laws and norms is important to preserving the internet as a platform for innovation and global economic growth.  CenturyLink supports and encourages the development of meaningful international cybersecurity norms such as the WEF Principles and the CSDE Anti-Botnet Guide, which both align with actual ISP practices. 

CenturyLink is using its considerable expertise as a large internet backbone operator and taking strong actions to prevent harm caused by botnets and other cyberthreats.  CenturyLink stands ready to continue this work, in collaboration with governments, global policy organizations and the ICT industry, to keep the internet safe and the world connected.