Friday, 08 August 2014 14:18

How do we save the internet?

Written by

Reading time is around minutes.

DEF CON 22, Las Vegas, NV Aug 2014 – One of the most concerning things about the future of the internet and technology in general is the fact that the “bad guys” have the advantage. We have known about this for a very long time, but because of the state of the security industry many have allowed themselves to be blinded to just how bad it is and also how our current methods of patching and fixing are not working.

This was the focus of a talk by Jason Healey during DEF CON 22 today. Healey is part of a think tank in Washington DC and has a long history in security from both defensive and offensive stances. The talk started out very interestingly with a video that was terribly laggy, but was obviously supposed to be very cool. Healey promised that his talk would not be as laggy. As a first time speaker Healey also got to take a shot on stage with the crew.

The talk about saving the internet was very different from what is usually given at DEF CON. Instead of being about a specific technology, breach or vulnerability it was more about the way we think about the future of the internet and how we can keep it going as a sustainable service. As an analogy he likened the internet to the creation of the printing press and asked us to imagine what would have happened if a few years after the printing press was created the Pope or someone else was able to know everything that was printed and who was reading it. This is a very sobering thought and there is a direct historical correlation to this thinking. The Pope and the Church did often remove books on science and jailed some authors who had the audacity to write things that countered the thinking of the church.

Thankfully, the Pope did not have the same reach that most governments or criminals do these days so even with the few banned books we did not miss out on the renaissance or the enlightenment. Sadly, today’s internet is not so lucky. With many outdated laws (that are ignorant of the technology) and the desire to push national security and defense over a sustainable internet we are looking at a situation where will could potentially miss out on the next renaissance.

Healey compared the current state of affairs to having a fight with gasoline (think Zoolander). Again this goes back to the philosophy of preventing specific attacks or, since defense does not work, too many companies going on the offense to deal with the matter of security (on in the case of copyright, to stop piracy). There are more predators than prey and no one is watching the farm. This stance is trading off then perceived needs of today for the lack of a sustainable internet. One of these decisions will end of being the match that sets off the gasoline we have all been playing with.

What makes this gasoline fight so bad is that we have known about this state since 1979. That is a long time to be aware of an issue and not do anything about it. Think about how far we have come since 1979 (when there was no internet) and the situation has not significantly better. There have been improvements in security, but the pace is not as fast as the bad guys out there. There needs to be a fundamental change in the way we think about the internet or we might not have it for the future. Healey suggested that we need to stop thinking about today and start thinking much father into the future. To do this we have to shift become more involved in making defense not just better than offense, but superior to them. Failing to do this will result in future generations possibly missing out on a future renaissance or enlightenment.

To do this we need to all get involved in the process. The community needs to get over the futility of action and believe that we all can make a difference by contributing the security. We need to care about the state of the internet and get involved in groups that are trying to protect it. While it is great to point out how to exploit things, we need to make a shift to see how we stop these threats at a fundamental level. The security solutions of tomorrow cannot be focused on one vector, but need to work at scale. Removing entire classes of attacks instead of simply ditching for one. Disruptive defense systems must also work at scale and not be focused in nature.

In the end until we stop thinking about the next hack, vuln, exploit, breach etc. and think about a larger picture we will continue to keep playing with gas. Once we are good and soaked someone will light that match and burn the whole think down. That is a sobering thought and one that we all should be concerned with. It is up to all of us to be concerned about the state of security on the internet and to push for the changes that are needed to ensure that things keep working.

Stay informed, be involved, add your voice, and share in the common security of the internet.  Every single voice added helps ensure that the internet will have a tomorrow.

Tell us your thoughts in our Forum

Read 3633 times Last modified on Friday, 08 August 2014 14:21

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.