Toward An Unhackable Internet
What happens if we can’t access money from the ATM or our credit card? What if hackers take down the US Treasury? Why do we scrupulously protect ourselves in the offline world with locks, rules, borders, police, and armies, but fall short in cyberspace? It takes a former financial regulator and futurist to ask such probing questions. Thomas P. Vartanian, founder of the Financial Technology & Cybersecurity Center explores this in his new book The Unhackable Internet: How Rebuilding Cyberspace Can Build Real Security and Prevent Financial Collapse, which follows his American Financial Panics: Crashes, Recessions and Depressions and the Technology That Will Change It All.
Despite reams of regulatory policies from dozens of federal and state authorities, severe and devastating cyberattacks still occur. Hackers outsmart our policies and security upgrades, and the internet is the medium of choice for child sexual abuse material, drugs, weapons, human trafficking, espionage, money laundering, and terrorism. Vartanian says we need to shift toward building systems which are engineered for a security first environment, impose tougher standards on intermediaries, and require more oomph from end users.
In some ways the problem of internet security was predictable. The ARPANET of 1969 was conceived to serve academic and research purposes (and perhaps email), had a finite set of known users, and had the assumption of a secure environment. No one expected that we would be buying stocks and transferring money with our internet connected smartphones. To be sure, the financial industry invests significantly to secure their systems. While they innovate a variety of important security enhancements, they have limited ability to fix the vulnerabilities of the end user’s set up, much less deter malicious state-based and other actors which want to compromise their systems. This is presumably the job of the US military.
The problem of upgrading the internet is similar to the Global Positioning System (GPS), another important US military system which was never intended to become a commercial platform. The debate is whether to build a new GPS (very expensive), or to identify the priority PNT (Positioning, Navigation, and Timing) services and back them up accordingly, preferably by a reliable, non-government actor. For example, mobile wireless standards are driven by the 3GPP (the third generation partnership), and they are more resilient than GPS. An exhaustive RAND Institute report describes that a single alternative to GPS is not only impractical but cost prohibitive. It is smarter to build out dedicated PNT (position, navigation, and timing) capabilities through a piecemeal approach based on function and application with private sector actors funding the effort. In fact companies are already doing this.
Vartanian suggests we could pursue something similar with key internet applications. Indeed this is already underway with private and offline networks: build the network from the ground up with security as the key requirement; block malicious ports, content, and actors outright; have strict rules on access and behavior. One would enter this online system just as one enters a secure physical location: supervision over access, identification, screening, removal of non-essential items, and entry only for specific purposes. This is very difficult from the notion of a public internet in which the user enjoys all possible end points and applications.
An unhackable internet likely requires enhanced authentication (no more anonymous users) as well as upgrades to more secure hardware and software. The transition to clean hardware is afoot; many service providers now rip and replace malign equipment from Chinese government aligned manufacturers, though this thinking falls short to include the billions of connected Internet of Things devices running questionable code. Notably states like Florida and Georgia prohibit the use of such products in state government (think TikTok and laptops from Chinese government owned Lenovo), but protections for consumers are limited. The Federal Communications Commission which authorizes equipment to use connectivity restricts only a handful of entities, even though dozens of sketchy manufacturers have been identified by the US government. Moreover there is nothing to stop malicious actors from using white label products or from embedding compromised chips into consumer products (hence the concerns about Apple working with Chinese military aligned chip fab YMTC).
Vartanian’s tour de force analyzes a continuum of solutions to make the Internet safer and more unhackable. It lays out a sober assessment of the financial Armageddon, however unthinkable, that could be avoided but for the demoralizing and dispiriting failure of leadership which has followed a predictable cycle of attack, rinse, and repeat. The Unhackable Internet offers comprehensive and insightful cybersecurity solutions that just may change the Internet forever. It should be required reading for every executive, and policymaker.