“Despite the enormous improvements that technology has contributed to the human condition, if we do not choose to fix the way the Internet works, there remains the potential for a digital Pearl Harbor-type event.”
blizzard of cyberattacks over the last several years has given ordinary people reason to be concerned about the online safety of their data, identity, and money. All the while, we have witnessed the Internet become an effective network for the distribution of child sexual abuse material, drugs, weapons, and stolen data, while also enabling human trafficking, money laundering, and terrorism. Despite the enormous improvements that technology has contributed to the human condition, if we do not choose to fix the way the Internet works, there remains the potential for a digital Pearl Harbor-type event. The only question is which critical infrastructures, from defense to energy to health care, will be targeted.
The complex web of computers, servers, pipelines, clouds, networks, and gateways that we refer to collectively as the Internet was built originally in 1969 to share data in a semi-closed loop among a handful of universities. It was never intended to be a safe deposit box for the world’s most important data or to support its most critical infrastructure. And yet, somehow, here we are. Today, nearly everything of importance takes place on the Internet, where anyone or anything on the planet can go online and be anonymous without adhering to any standardized rules, governance, or security protocols. We would never allow those conditions to exist in our analog lives: After all, we put locks on physical doors, enact laws, and hire police to enforce said laws.
Having worked in regulating the nation’s financial institutions and also helped companies around the world to build out their online presence, I have come to realize that when people are not readily identifiable and no one is in charge, they will say and do things they never would in their analog lives. And, worse still, hostile nations, criminal cartels, or other entities with bad intentions are always eager to abuse the freedom and accessibility of the Internet to steal data, circulate ransomware, and disable networks for fun and profit.
So how did we get here?
Part of the answer is embedded in the hypnotic effect of technology, which can be a complicated siren’s song that is difficult to abstain from. No one is forced to use the Internet, yet everyone feels conscripted to do so. The euphoria of online existence represented by the speed, efficiency, profitability, and social connectivity it provides numbs us to the dangerous choices that we are making, as well as our increasing loss of privacy and personal security. The number and scale of recent data thefts, system breaches, ransomware, and distributed denial of service attacks against a number of large corporations and government agencies suggest that Internet security is difficult to implement and perhaps even illusory. It may seem convenient to share our personal lives online and move money at lightning speeds. However, if one knew that doing those things was the digital equivalent of putting one’s most intimate secrets and money on the curb in front of his house for anyone to pick through, would he be so anxious to do it?
Unfortunately, the only alternative is a life sentence to personal, social, and corporate isolation, which most find entirely unacceptable.
Now, to be clear, we can preserve the benefits of technology and, at the same time, moderate the risks it creates, if we choose to. It will admittedly be costly, inconvenient, and time-consuming to reconstruct the Internet. This is why, decade after decade, so little progress has been made. Most initially object to solutions such as the implementation of secure private networks, personal authentication, greater transparency, global governance structures, and more consistent enforcement of online rules. But these things can be done, and we can be safer. The real question is: Who is going to lead this effort?
Changes that can protect our money and freedoms are as desperately needed as the likelihood that they will not occur. The scientific and academic communities cannot lead that effort, and businesses will not either, so long as the profits they generate from the Internet so greatly exceed the losses and penalties that insecurity exposes them to. Government policymakers and legislators seem frozen in place. They have been writing about and debating the growing risks in the online world for decades but have done relatively little to eliminate them. Political donations such as the nearly $65 million contributed collectively by Google, Amazon, Microsoft, Apple, Facebook, Twitter, and Netflix in the 2020 elections and the approximately $70 million reportedly contributed by FTX-related entities in the 2022 midterm elections probably have a lot to say about the general lack of regulation in cyberspace, its continuing insecurity, and the disappearing right to privacy.
Global policymakers will step forward to lead this effort but not until businesses and voters demand it. But this will not happen until the cost of not acting becomes very substantial and the loss of personal freedoms so unbearable that there is no choice. But when it does happen, policymakers will want a new digital Bretton Woods Agreement to create a consensus of democratic nations for real online authentication that links an Internet Protocol (IP) address to a human, universal rules for digital behavior to make cyberspace resemble our analog world, and the creation of a more efficient cyber police force—human and machine intelligence—to enforce those rules. To do that, governments can use artificial intelligence, for instance, to trigger kill switches that eliminate recalcitrant online travelers.
These types of cybersecurity enhancements should at least be applied to critical infrastructures as soon as possible to protect the basic needs of society. We can only hope that it will not be too late when the critical moment I warn of finally arrives.
Thomas P. Vartanian is the Executive Director of the Financial Technology & Cybersecurity Center and a former regulator and lawyer in the financial services industry. His latest book, The Unhackable Internet: How Rebuilding Cyberspace Can Create Real Security and Prevent Financial Collapse, which was published in February, describes his views on how the Internet might be made safer.