What does the perfect Internet look like?
The paradisiacal vision of its future – a scenario Atlantic Council senior fellow Jason Healey calls “Cyber Shangri La” – is one in which the dreams of Silicon Valley come true: New technologies are born and implemented quickly; secure online access is a human right.
There’s also what Mr. Healey, a Passcode columnist, dubs “Clockwork Orange Internet.” In this dystopian future, criminals and nation-states knock down attempts to secure networks and devices; people are afraid of shopping online or communicating freely with friends.
Passcode was the exclusive media partner for an event hosted by the Atlantic Council’s Cyber Statecraft Initiative on Wednesday focusing on alternate realities for the future of the Digital Age. Here are three things we learned from some of the country’s leading thinkers.
1. The future Internet could be fragmented
In one vision of the Internet, the world’s dominant powers take jurisdiction over users in their own countries. If more countries begin shutting down the Internet to prevent activists from organizing, for instance, or mandating encrypted technology have back doors to enable government access, people’s Internet experiences will be largely driven by the country they’re accessing it from, Healey said.
This could slow down global processes that rely on the Internet – and potentially spark massive economic and trade impacts. “That could really slow down every packet, which stops it from being a little bit of friction to a significant barrier to cross-border trade.”
2. The global paradigm is already shifting
The paradigm spanning back to the earliest days of cyberintelligence has always been that those who have the capability to conduct a destructive cyberattack didn't have the intent to do so, Healey said. It’s also common thinking that those who had the intent to do so – such as terrorists, for instance – didn't have the capabilities.
Now, for the first time, Healey said, there are “competent cyber adversaries” in Iran, or even Russia, who might have both the capabilities and willingness to launch a digital attack if political relationships worsen or their economic status weakens. And if that happens, Healey said, the US president may shoot back in cyberspace. “The gloves are going to come off.”
3. The definition of 'cybersecurity' could change over time
When everything is connected to the Internet, what’s known today as cybersecurity may be considered simply “security” for everyone in their daily life.
But what does it mean to be secure, asked Steve Weber, a professor at the University of California at Berkeley’s School of Information, when everything’s connected to the Internet? During the cold war, the narrow definition of security was “territorial autonomy, and decisional autonomy for nation-states,” he said. Once the freeze thawed, definitions for security expanded to include, for instance, environmental security and economy security.
So within a few years from today, the fact that human life is so dependent on machines may spark other consequences for the human race other than just breaches or vulnerabilities. It could, for instance, put at risk large numbers of jobs in developed countries, Weber said. “I think in a few years, we’re going to call that a cybersecurity issue,” he said. Solving that will require a very different set of people and models to solve what people currently see as today’s cybersecurity issues.
Two notable quotes:
“The cybersecurity industry has only existed for 20 years. There [are] always leaders and laggards. The laggards actually have a short-term benefit. They don’t spend any money on security, until they’re whacked, and then have to spend a lot of money on it. But the leaders are spending all that money, all the time, and they don’t experience that devastating breach and loss of faith in their brand.” – Richard Stiennon, chief research analyst IT-Harvest
“Taking advantage of human beings which are, it sounds trite to say it, the weakest link in a network. I live in a campus that doesn’t even have two-factor authentication. I haven’t changed my password in 22 years. Nobody’s asked me to change it in 22 years … . You already know what it is. It’s the name of my cat followed by one. Which is everybody’s password. There is this super high-end [attack] approach then there’s this really low-end approach. You have people out there using Windows XP that don’t even know what patch means. ” – Steve Weber