(Rafe Schwan/Getty Images/Cultura RF)
“Despite the tremendous improvements that technology has brought to the human condition, the potential for a Pearl Harbor-type digital event remains if we don’t choose to improve the way the internet works.”
A blizzard of cyber attacks in recent years has caused ordinary people to worry about the online security of their data, identity and money. Meanwhile, we have seen the Internet become an effective network for the dissemination of child sexual abuse material, drugs, weapons and stolen data, while enabling human trafficking, money laundering and terrorism. Despite the tremendous improvements that technology has brought to the human condition, the potential for a Pearl Harbor-type digital event remains if we don’t choose to change the way the internet works. The only question is which critical infrastructures, from defense to energy to healthcare, will be targeted.
The complex web of computers, servers, pipelines, clouds, networks, and gateways that we collectively call the Internet was originally built in 1969 to exchange data in a semi-closed loop between a handful of universities. It was never intended as a vault for the world’s most important data or to support the most critical infrastructure. And yet here we are somehow. Today almost everything of importance takes place on the Internet, where anyone or anything on the planet can get online and remain anonymous without conforming to standardized rules, governance or security protocols. We would never allow these conditions to exist in our analog lives: after all, we put locks on physical doors, make laws, and hire the police to enforce those laws.
After working to regulate the country’s financial institutions and also helping companies around the world build their online presence, I’ve come to realize that people who aren’t easily identifiable and no one is in charge say and do things that they would never do in their analogue lives. What’s worse, enemy nations, criminal cartels, or other organizations with evil intentions are always looking to abuse the freedom and accessibility of the internet to steal data, spread ransomware, and disable networks for fun and profit.
So how did we get here?
Part of the answer lies in the hypnotic effects of technology, which can be an intricate siren song that is difficult to resist. Nobody is forced to use the Internet, but everyone feels obliged to do so. The euphoria of online existence, represented by the speed, efficiency, profitability and social connectivity, numbs us to the dangerous decisions we make and to our increasing loss of privacy and personal security. The number and scale of recent data breaches, system breaches, ransomware, and distributed denial-of-service attacks against a range of large corporations and government agencies suggest that cybersecurity is difficult to implement, and perhaps even illusory. It might seem convenient to share our personal lives online and move money at lightning speed. However, if you knew these things were the digital equivalent of leaving your most intimate secrets and money on the curb outside your house for anyone to rummage through, would you be so keen to do it?
Unfortunately, the only alternative is a life sentence to personal, social, and corporate isolation, which most find utterly unacceptable.
Well, to be clear, we can preserve the benefits of technology while mitigating the risks it poses if we choose to do so. Admittedly, it will be costly, inconvenient and time-consuming to rebuild the Internet. This is why so little progress has been made decade after decade. Most initially resist solutions such as implementing secure private networks, personal authentication, greater transparency, global governance structures, and more rigorous enforcement of online rules. But these things can be done and we can be safer. The real question is: who will lead this effort?
Changes that can protect our money and our liberties are just as urgent as the likelihood that they won’t happen. The scientific and academic communities cannot lead this effort, and neither will companies as long as the profits they derive from the Internet so far outweigh the losses and penalties they face from uncertainty. Government politicians and lawmakers seem frozen in place. They’ve written and discussed the growing risks in the online world for decades, but have done relatively little to address them. Political donations like the nearly $65 million that Google, Amazon, Microsoft, Apple, Facebook, Twitter and Netflix collectively contributed in the 2020 election and the roughly $70 million reportedly raised by FTX-related companies in the 2022 midterm elections likely have much to offer when it comes to talking about the general lack of regulation in cyberspace, its ongoing insecurity, and the dwindling right to privacy.
Global policymakers will step up to lead this effort, but not until business and voters demand it. But this will not happen until the cost of inaction becomes very substantial and the loss of personal liberties so unbearable that there is no choice. But when it does, policymakers will want a new digital Bretton Woods deal to create consensus among democratic nations for true online authentication that uses an Internet Protocol (IP) address with human, universal rules for digital Behavior linked to make cyberspace similar to our analog world and creating more efficient cyber police – human and machine intelligence – to enforce those rules. For example, governments can use artificial intelligence to trigger kill switches that eliminate unruly online travelers.
These types of cybersecurity improvements should be applied to at least critical infrastructure as soon as possible to protect the basic needs of society. We can only hope that it will not be too late when the critical moment I warn about finally arrives.
Thomas P. Vartanian is Executive Director of the Financial Technology & Cybersecurity Center and a former regulator and attorney in the financial services industry. His latest book, The Unhackable Internet: How Rebuilding Cyberspace Can Create Real Security and Prevent Financial Collapse, published in February, describes his views on how to make the Internet more secure.