How Does Cyberspace Work?

Teaching Resources—Cyberspace and Cybersecurity: Introduction (including lesson plan with slides)
Higher Education Discussion Guide 

Getting online is pretty straightforward, right? Plug in a router and the rest is virtual: you enter a password, open a browser, and type in an address. But wait. Not so fast.

Hidden five miles below sea level and up to twenty-two thousand miles above the earth’s surface, a large and complex network of cables and satellites allows you to find your way in a new neighborhood, stream the latest Netflix show, message your overseas grandparents, or scroll through photos on Instagram. In an age of wireless connectivity and pocket-size devices, we’re ultimately dependent on a web of massive physical installations.

That infrastructure is mostly developed and maintained by private organizations and is subject to limited regulation by various groups with differing levels of authority. Most people in the world are online, yet no centralized, international regulatory entity controls what happens on the internet or how cyberspace is structured and managed. And with new technology advancing about as fast as you can tweet, the landscape is only getting more complicated. Here’s what you need to know about the infrastructure that supports the internet and how it is governed.

The “cloud” isn’t in the sky. It’s underwater.

That’s right: nearly 99 percent of all our data is transmitted via submarine cables using fiber-optic technology. This means that everything from financial transactions to Instagram posts to YouTube videos of puppies travels through the ocean floor.

The first transatlantic fiber optics cable project was completed in 1988. Today, more than 400 cables wrap around the world, spanning a distance of nearly 750,000 miles. They collectively send and receive terabytes of data in the blink of an eye, with one modern cable boasting data speeds sixteen million times faster than your router at home.

Those submarine cables are the dominant carriers of data, as they transmit lots of it quickly and relatively cheaply. (On land, underground cables, usually laid adjacent to highways and railroads, continue the work.) However, they don’t work alone.

As you read this, thousands of satellites are orbiting the earth.

As fiber-optic technology has improved, satellites have fallen out of favor, because they’re more expensive and several times slower than cables. Still, they’re not obsolete. A global positioning system (GPS) relies on satellites, which also monitor weather and enable radio and television communications. Satellites are particularly useful for least developed countries that lack fiber-optic capacity, and they can also facilitate cable traffic. For example, a video captured by a military drone is first transmitted to a satellite, which then sends it to a cable that delivers the footage to the operator’s computer.

Private companies own most of this infrastructure.

The internet connects billions of people doing nearly as many things. Because connectivity is basically as essential to modern life as electricity or running water, the internet is sometimes referred to t as a public utility. The reality, however, is that its basic infrastructure is almost entirely run by private businesses (or “privatized”).

At the same time, the digital space can be vulnerable to bad actors who disrupt daily life through online hacking (see the World 101 video, “The Growing Threat of Cyberattacks”). An attack on the internet system could, for example, stop the electric grid from functioning properly, potentially damaging safety systems and basic utility access of millions of people. For this reason, governments and the general public can have a strong interest in bolstering the security and stability of private companies’ online systems. 

As of April 2020, fewer than three thousand satellites operated in space, and the majority of those in orbit today operate commercially. For example, in 2018, the Federal Communications Commission granted SpaceX permission to send more than four thousand satellites into orbit.

Because private companies own this infrastructure, they’re in charge of its upkeep. When a ship’s anchor or a natural disaster breaks a cable (shark bites and intentional sabotage are rarely to blame), those companies get to work funding and performing repairs.

But governments do intervene in a few areas.

Countries grant licenses to companies that install cables, and, depending on the government, take steps to regulate, monitor, and set standards for all kinds of cyber infrastructure. For example, New Zealand passed legislation in 1996 to protect cables and pipelines, in part by regulating fishing and anchoring activity, and establishing a cable protection zone. In 2018, the European Union enacted the General Data Protection Regulation, which—among many other provisions—limits what companies can do with personal data stored in data centers: the big, energy-guzzling buildings where networks converge and exchange information. That European law has been one of the most significant legal efforts worldwide to better protect citizens’ control of their personal data. It shaped the development of similar laws in Argentina, Chile, Kenya, South Africa, and Turkey.

Two main international agreements govern cyber infrastructure.

For satellites, there’s the 1967 Outer Space Treaty. Drafted at the height of the Cold War, with the space race at full throttle, the treaty doesn’t specifically lay out guidelines for satellites, but it holds that outer space belongs to all, should be free of weapons of mass destruction, and must be used for peaceful purposes.

For submarine cables, the 1982 UN Convention on the Law of the Sea (UNCLOS) applies. Under UNCLOS, any country has the right to lay cables in international waters. Even within a country’s territorial waters, which extend up to twelve nautical miles from shore and constitute sovereign territory, the country can’t forbid the installation of cables but can take steps to regulate them.

A few organizations set standards, but their reach is limited and not legally binding.

The most notable is the Internet Corporation for the Assignment of Names and Numbers (ICANN). A nonprofit established in 1998 and originally tied to the U.S. Department of Commerce, ICANN has operated independently since late 2016. ICANN provides internet protocol (IP) addresses and gives domain names to those addresses (e.g., you typed a domain name, world101.cfr.org, to get here, rather than the site’s IP address, which is a series of numbers).

This patchwork of rules, responsibilities, and regulations is the legacy of the internet’s niche origins.

Remember, the first people to be online were a handful of military personnel, scientists, and engineers who used the internet to share information. That’s a far cry from the 5.1 billion people who hop online to live tweet, watch TV, and buy millions of different products.

That means the rules, when they exist, are often retroactively applied or outmoded. Look at UNCLOS, for example: although it was drafted several years prior to the installation of the first submarine fiber optics cable, it remains the main international agreement pertaining to the submarine cables.

As the number of internet users—and uses—multiplies, so do the regulatory challenges.

Cyberspace is already vast, and it’s getting even bigger. As people live more of their lives online, they should at least have the infrastructure to do so efficiently and securely.

However, with so many relatively slow-moving actors—nongovernmental organizations, national governments, private companies, and international bodies—involved in managing and governing a technology that changes rapidly, regulation will keep pace with technological advances. We’ll have to continue determining the rules of the road (and the ocean and outer space) while barreling forward.