I just finished reading “Cybergeddon: Why the Internet could be the next “failed state”” on Arstechnica and couldn’t help but write my own views on a topic, which happens to be quite close to my heart.
Apart from being a blogger, photographer and founder of BCMTouring, I am also a part time network/system admin and webmaster. My work as a blogger and admin of BCMTouring requires me to be all that and more, even though technically and by qualifications, I am not.
In today’s internet, anyone running his/her own self hosted blog/website has to deal daily with threats emanating from all over the world, from spammers to data scrappers to hackers trying to penetrate your servers or competitors/disgruntled users trying to take you down, it is all part and parcel of doing business online today and few if any are spared by it.
While majority of such threats are taken care of by automated firewalls and filters and in case of small blogs and websites, it is usually a headache your host deals with. However for anyone running a moderate or large property on internet, the headache of keeping it all running safe and secure is generally a constant one that you and your team has to deal with on a daily basis.
And the sad thing is, it isn’t getting any easier! On the contrary, things seem to be going downhill these days and as mentioned in the article, internet is sort of becoming 1970’s New York, “In other words, the Internet might soon look less like 1970s New York and more like 1990s Mogadishu: warring factions destroying the most fundamental of services, “security zones” reducing or eliminating free movement, and security costs making it prohibitive for anyone but the most well-funded operations to do business without becoming a “soft target” for political or economic gain.”
In the article, Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council of the United States, describes 5 possible outcomes of today’s internet cacophony and these are:
|Paradise||Security technology becomes so good that the Internet becomes an “overwhelmingly secure place.” Only highly sophisticated attackers sponsored by nation-states can pull anything off. Crime, espionage, and warfare against network infrastructure become very difficult.||Low. New technologies such as cloud-based security or international cooperation could make this happen, but don’t hold your breath.|
|Status Quo||Things as they stand now: High levels of crime and espionage, but no massive cyber wars. Leading e-commerce providers continue to stay on top of attacks, fraud affects a small percentage of transactions, and criminals continue to get rich (but not too rich).||Moderate. Maybe there’s some inherent stability in the Internet. For 15 years, people have been predicting big attacks against vital infrastructure, and none have happened yet. (Sony Pictures doesn’t really count as “vital infrastructure.”) Defensive technologies like distributed denial of service attack protection through content delivery networks and cloud-based security infrastructure could help many organizations stave off major attacks, though the have-nots of information security would remain vulnerable.|
|“Conflict Domain”||The Internet becomes just like every physical domain of human existence: turf to fight over. Crime, espionage, embargoes, and full-blown nation-on-nation conflicts extend into the Internet.||High. It’s happened in every other domain of human existence, and low-intensity cyberwarfare has already happened. Sony Pictures proved that “soft target” companies with high profiles make excellent political targets and that the uncertainty created by attacks can be used to intimidate without the actual use of physical force. Stuxnet showed that cyber-weapons can have a physical effect, but it also offered a blueprint for other would-be cyberwarriors to follow. State-sponsored or tolerated cybercrime could be used as an extension of economic warfare (as some suggest was the case in the JP Morgan Chase attack last year and in the major retailer hacks).|
|Balkanization||For security and political purposes, there is no single Internet, just a collection of national Internets. Nations are possibly blocking access to content, although there may be fewer outright attacks. Internet companies would have to duplicate infrastructure in every enclave, and surveillance would be greatly simplified for nation-states.||Low. Countries such as China and Iran have built national firewalls, and Russia has passed a “data sovereignty” law. Others may do the same, and the effort (thus far blocked by the US and UK) to put the Internet under the regulation of the UN’s ITU could exacerbate the problem. “We really dodged a bullet with Brazil,” Healey said, in reference to Brazil’s brief consideration of requiring all cloud services to keep citizens’ data in that country in the wake of the Snowden spying revelations. But for now, the interconnectedness of the Internet is unlikely to be significantly reduced outside more oppressive states.|
|Cybergeddon||The Internet, “always un-ruled and unruly,” as Healey put it, becomes “a ‘failed state’ in a near-permanent state of disruption. Every kind of conflict is not just possible but ongoing all of the time.” In the “Cybergeddon” scenario, Healey wrote, cooperating to try to thwart attackers “is either useless, as attackers always have the edge, or impossible, like trying to govern a failed state.”||Low? Offense continues to outpace defense, and new attacks quickly evolve to evade or overwhelm new countermeasures. The incrementally built security of many networks and the expense and difficulty of correcting security gaps for individuals and many organizations means that older attacks will continue to be successful. Inertia could take many over the cliff.|
Out of these, I feel we are starting to move steadily towards Conflict Domain leading to Balkanization of Internet, at least in case of countries which can actually afford to run their own infrastructure without outside support (mainly China.)
While governments need to start taking action and try and track down perpetrators of cybercrimes; security, software and hardware industry itself needs to do a close introspection and start coming out with ways to make things secure or at least give an option to user to lock most of the things down!
Of course the end user him/herself needs to be conscious about these threats and needs to act proactively, as we can no longer afford to operate in a world, where end user’s inability to patch his/her system ends up causing major security threats for companies and individuals running businesses online (like it does at the moment).
Otherwise apart from Balkanization, we run the risk of having only walled gardens exist on the internet for the public at large. Which are operated by internet biggies like Google and Facebook and require end user to use their propriety apps to access them, limiting not only the scope of future development of internet but also making it extremely easy for governments and large companies to control flow of information and news.
After all, in a world where the first email you usually receive on a newly commissioned server is alert of a port scan, it is going to become near impossible for anyone to come up with next Facebook, Twitter or even Google, because no one would actually be able to discover such places, which lay outside the walled gardens in a wild-wild web, where the real outlaws rule the roost and determine the destiny of next big thing!