Starting with the popular complaint that technology is more trouble than it’s worth, and the call to “repeal the Internet,” the authors don’t mince words:
To put it bluntly, such an idea is a nonstarter. Setting aside that a technology is not a law—it can’t be “repealed” or uninvented—the notion of going back to the world right before the Internet makes as much sense as rebooting Beverly Hills 90210. The world has changed.
We are now dependent on the Internet in everything from commerce to communications to, yes, even conflicts, while the modes and expectations of cyberspace have become woven into an entire generation’s very worldview.
Reengineering the Internet to be more secure, though, is an idea taken more seriously but also faces key challenges. “Resilience” is word bandied around in cybersecurity, but this is a more nuanced discussion than we usually let on: “There is no single definition, path, or strategy for resilience. We need to avoid treating it like a magical buzzword that has no real meaning.”
It’s certainly natural to think about cybersecurity in adversarial terms, given malicious actors. But this isn’t the only way to frame the problem, and the frame matters as it can suggest different solutions. For instance, if we draw an analogy between cyber threats and the Cold War, we might gravitate toward political and military options. But if we use other frames, such as cyber threats as a disease, then we can benefit from lessons in managing public health, such as creating a cyber equivalent of the Centers for Disease Control (CDC):
For instance, the CDC has led efforts to bolster the average American citizen’s awareness and education on basic steps to take to keep themselves safe, as well as prevent dangerous diseases from spreading. The underlying concept to emerge from the CDC’s research is that Ben Franklin’s saying, “An ounce of prevention is worth a pound of cure,” really is true. In studies of everything from malaria to HIV, the CDC found that disease prevention was the best pathway to control and, in turn, that effective prevention required building an ethic of individual responsibility. We see the fruits of this work woven into our daily lives, from workplace reminders on how washing your hands can prevent the spread of the seasonal flu to TV and web advertisements on how abstinence and the use of condoms can prevent the spread of sexually communicable diseases. The same kind of “cyber hygiene” and “cyber safe” ethics might be bolstered through similar efforts to convince users of cyberspace of their own responsibilities to help prevent the spread of threats and malware.
As another analogy, if we think of hackers and other malicious actors as pirates, then we can learn from past lessons in combating actual piracy on the open seas, including the wisdom of empowering industry to defend itself—that is, counterattack, also known as “hacking back” or euphemistically as “active cyber defense.” A path to international cooperation, for example, is now plausible in this frame:
After the War of 1812, for example, the British Royal Navy and nascent U.S. Navy constantly prepared for hostilities against each other, which made sense since they had just fought two outright wars. But as the network of norms began to spread, they also began to cooperate in antipiracy and antislavery campaigns. That cooperation did more than underscore global norms: it built familiarity and trust between the two forces and helped mitigate the danger of military conflict during several crises. Similarly, today the United States and China are and will certainly continue to bolster their own cyber military capabilities. But like the Royal Navy and new American Navy back in the 1800s, this should not be a barrier to building cooperation. Both countries, for instance, could go after what the Chinese call “double crimes,” those actions in cyberspace that both nations recognize as illegal.
Since cyber threats like malware don’t usually care about national borders, cybersecurity is a global problem with much at stake. International institutions are positioned well to drive governance efforts, such as the International Telecommunications Union (ITU). But recent challenges for the ITU, and any such global collaboration, are traced back to the root conflict between competing visions and values, i.e., liberty versus security, as well as human rights versus social stability.