Imagine if 20 years after the invention of the printing press, Kings and Popes had the ability to monitor every book published and who was reading each one. The effects would be staggering. It is likely the Renaissance and Enlightenment would have never taken place and humanity would have lost over 500 years of its most important cultural and intellectual development.
While this alternate history seems unthinkable to us today, its modern day equivalent may be playing out in the current battles being fought over the internet. This is the concern Jay Healey addressed at Def Con 22. With a resume including Air Force Cyber Operations, corporate cyber security, and the Director of the White House Cyber Infrastructure Protection, Healey has extensive experience with the threats posed by what he calls Cyber Offense. However, his focus today was on what these threats mean for us as a people.
“How many future Renaissances and Enlightenments will humanity miss if we—all of us for any purpose—keep treating the Internet as a place for crime, warfare, and espionage?” Healey asked.
Healey referenced the exponential growth of Cyber Offenses contrasted to the defenses that seem perpetually a step behind. He fears a future tipping point when the predators outnumber the prey. The Internet is sometimes thought of as the Wild West, but it may become Somalia: a state that attacks everything of order.
The effects of this destructive force can already be seen. As banking apps are exploited, home electronics hacked, and personal emails stolen, people will have more reason to disengage and disconnect from one of the most important technological advancements of human history.
The solution to this looming crisis starts with the security community and a renewed belief in defense. The security community must believe that meaningful and effective Internet defenses can be constructed. If it does not believe this, then there is no reason to even try. Even worse, if those committed to protecting information assets believe defense is futile, then their only option is to provide defense through counter attacks and thereby compound the chaos in the system. Humanity has overcome countless obstacles thought to be impossible, building a stable and secure Internet should be one more human success.
Healey also sketched out ideas of what a real industry-wide shift would look like. He called for a shift in the way people think about corporate security and the incentives that are available. Instead of going to corporate leadership (such as Presidents and VPs) to reform their security practices, appeal to the shareholders who actually bear the financial risk of security failures. He illustrated this by explaining that CalPers, the California retirement pension fund, went to many of their major investments before the year 2000 to monitor their Y2K preparations. When individual’s wealth is on the line, people are motivated to action.
He also purposed that the Department of Homeland Security (DHS) develop a grant program to fund cyber security firms as they develop new defense programs. While DHS is not often thought of as a partner in Internet security, this would allow federal funding to support those people advancing a more secure internet while still allowing the negative effects of government oversight. Providing multi-million dollar grants to security firms operating on budgets in the thousands could be a critical tool to tip the balance in favor of a more secure Internet.
However, if one walked away from Healey’s talk with anything, it should be this: beyond metadata, banking information, and email security, the battle for the Internet is a fight for the next phase of human cultural development. The Internet offers us limitless opportunities but at a tremendous risk. If we fail to protect it, we fail not just ourselves, but the generations to come and the Renaissances they stand to experience.