The problem with defending the Internet is that it wasn’t built with security in mind. The web as we know it was born in the ‘60s, when scientists adopted a new communications standard, dubbed packet switching. Unlike circuit switching, a protocol used in telephones that sends messages in full, packet switching splits information into nuggets that pass through access points more efficiently. Additionally, a plethora of access points means the network is protected by a built-in redundancy that allows the Internet to survive even if a section of it fails.
Of course, the structure of the Internet reflects a different set of priorities than thwarting failure in the first place. In fact, that’s a challenge that security experts have deemed impossible. The Internet is constantly under attack—albeit by thieves, not cyber terrorists—says Larry Clinton, president of the Internet Security Alliance, a cybersecurity lobbying group whose members include Symantec, VeriSign, and Verizon Wireless.
“It’s easy to do, it’s profitable, and your chances of getting caught are small,” Clinton said. “On the other hand, the perimeter we have to defend is virtually limitless.”
So it should be no surprise, then, that this underworld industry of online scams has mushroomed in the past few years. The number of unique threats rose to 286 million in 2010, with a 93-percent increase in web-based attacks from 2009, according to Symantec, which declined to comment for this story due to the sensitivity of its relationship with the goverment. During that same year, companies whose data was compromised lost $7.2 million each on average, up 7 percent from the previous year.
All told, Clinton estimates that solutions currently on the market, such as anti-malware software made by Symantec and other companies, block anywhere from 80 to 94 percent of cyber attacks. The remaining slice of attacks are mostly the work of well-organized and well-funded thieves.
If you ask some scholars, it’s organizations such as Clinton’s that exaggerated the potential for cyberterrorism in the first place. At the same time, legislators have exaggerated the threat of a cyber emergency, said Jerry Brito, a political science researcher at George Mason University. He warns that a cyber-industrial complex is emerging—helped, of course, by the same defense contractors who stand to benefit from tighter security policies.
Moreover, Brito said lawmakers tend to lump together myriad threats, from state-sponsored espionage such as Chinese attacks on Gmail, to the kind of security breach that took down Sony’s PlayStation Network.
“These are all very different types of threats and they should have different ways of dealing with them. We hear about the worst-case scenario where you have planes falling out of the sky. We haven’t seen that yet. It’s up to them to show us it’s likely. We don’t have a reason to believe it’s as doomsday as some folks seem to think.”
Ultimately, Brito argues that alarmist rhetoric about remote attacks on chemical plans and the like could lead to unnecessary regulation of the Internet, similar to how defense spending spiked in the run-up to the Iraq war amid breathless speculation about weapons of mass destruction.
If that’s the alternative to leaving the Internet untouched, it’s no wonder, then, that six in 10 Americans would rather see the president shut it down, said York of OpenNet. “I think people have become so concerned about national security that they’re willing to give up one of our most precious rights, the First Amendment.”
Ultimately, as fantastical as cyberterrorism may seem, going dark could be too simplistic a solution. After all, government officials could use the Internet to monitor the bad guys—not to mention, to compare notes.
“The current best practice when you discover you’ve been compromised by an advanced persistent threat is to look at it,” Clinton said. “You examine it. The same way when the FBI stumbles across a criminal or terrorist they don’t arrest them right away. They try to find out what else they’re doing.”
Image Credit: The Commentary ‘Journal