Could the Internet be the next ‘failed state’?

If you think the Internet can go on being just like it is, here's some bad news. In the New York City of the late 1970s, things looked bad. The city government was bankrupt, urban blight was rampant, and crime was high. But people still went to the city every day because that was where everything was happening. And despite the foreboding feelings hanging over New York at the time, the vast majority of those people had at most minor brushes with crime.

Today the Internet looks a lot like 1970s New York City. Low-level crime remains rampant, while increasingly sophisticated crime syndicates go after big scores. There is a cacophony of hateful speech, vice of every kind and policemen of various sorts trying to keep a lid on all of it—or at least, trying to keep the chaos away from most law-abiding citizens. But people still use the Internet every day, though the ones who consider themselves "street smart" do so with varying levels of defenses installed.

The recent rash of major breaches of corporate networks, including the theft of personal information from the health insurer Anthem and the theft of as much as a billion dollars from over 100 banks are symptoms of a much larger trend of cybercrime and espionage. And while the issue has been  again been raised to national importance by the White House, it could be argued that governments have done more to exacerbate the problem than address it. Fears of digital warfare and crime are shifting budget priorities, funding the rapid expansion of the security industry and being used as a reason for proposals for new laws and policy that could reshape the Internet.

The alternative futures for the Internet are not pretty. In presentations at multiple security conferences, it was suggested that the Internet could “start to look like Somalia”—a failed state where security is impossible, going about daily life is hazardous, and armed camps openly wage war over the network.

This analysis has been reinforced by events over the past two years: record data breaches, zero-day vulnerabilities released that affected a preponderance of Internet services, and visibility into the vast state surveillance of the Internet. The Internet has been “weaponised,” not just by the NSA and its foreign counterparts but, by other states and Internet crime organizations. A thriving market for vulnerabilities attracts the bright and ambitious to work on discovering "zero days" for profit.

Five years ago, Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council of the United States, was on a team advising the Department of Defense about the structure of its future IT workforce. To do that, the team needed to understand what the networked world would look like in the next decade. Healey was researching the issue, and he started to look at scenarios where “maybe the future is going to look very different from the past,” he said. “Attackers have had an advantage for 35 years—what if that relationship is going to shift?”

The potential answers Healey found were presented in a 2010 paper. He further refined them in a 2011 article in the Georgetown Journal of International Affairs called “The Five Futures of Cyber Conflict and Cooperation.” The most optimistic and least likely of Healey’s scenarios was a “cyber paradise," he told Ars. "Defense is way better than offense—you’d have to be really amazing, like the NSA or KGB, to get anything done as an attacker.” But as he looked at trends, he realized that maybe the classic relationship above wouldn't be shifting. “It’s way more likely that it’s going to go in the other direction—that offense is going to have a significantly larger advantage than it does now.”

In the long run, the security and safety of the Internet is going to only be solved by technology, not laws. Internet Protocol version 6 was supposed to solve many of these problems, but most of the world is still on IPv4; Windows as a service may fix many computers, but there are still millions running Windows XP.

There's only one thing that's guaranteed at this point: the computer security community won't be facing a job shortage anytime soon.

http://arstechnica.com/information-technology/2015/02/fear-in-the-digital-city

« Memex – The new search tool for the Deep Web
Snowden Ready to Return to the US 'if he can get a fair trial' »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Okta

Okta

Okta is an enterprise-grade identity management service, built from the ground up in the cloud to address the challenges of a cloud-mobile-interconnected world.

Packet Storm

Packet Storm

Packet Storm is an online resource for security tools, whitepapers, exploits, and advisories on computer security issues.

Holm Security

Holm Security

Holm Security are taking vulnerability assessment into the next generation as a cloud service.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

Red Piranha

Red Piranha

Red Piranha's Crystal Eye Unified Threat Management Platform is designed for Managed Service Providers and corporations that need extreme security that is both easy to use and affordable.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Noblis

Noblis

Noblis is a dynamic science, technology, and strategy organization dedicated to creating forward-thinking technical and advisory solutions in the public interest.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

NGN International

NGN International

NGN International is a full-fledged systems integrator and managed security services provider established in 2015 in Bahrain.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

Oxeye

Oxeye

Oxeye fills the gap between cloud and code to show exploitable vulnerabilities, and their path from API to code. More visibility. Less noise. More time to build.

ISO WISH

ISO WISH

Take your Business to the Next Level with ISO Certification in UAE.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.

Relyance AI

Relyance AI

Relyance AI - One unified platform for privacy, security, & governance.

PrimeSSL

PrimeSSL

PrimeSSL, a leading Certificate Authority (CA) backed by the trusted Sectigo Root, delivers affordable and user-friendly SSL/TLS certificate solutions.