The internet has been lost to the bad guys. The attempt to recover it has only just begun. It won’t be easy. Trumpeted as a cornucopia of liberty and prosperity, it has evolved into a Pandora’s box of mischief and malice. Its malevolent exploitation rests on two foundational failures. One, its earliest technical designers in the US military put connectivity over security. And two, its earliest civilian adopters were guilty of a wide-eyed naivete.
The internet is an extension of the original network created by the Pentagon’s Advanced Research Projects Agency, ARPA. In 1967 when the ARPANET was being wired up to connect research laboratories across the US, a prescient engineer warned of the danger of connecting computer networks. Willis Ware, a specialist working for the Pentagon-sponsored RAND Corporation, explained it would become impossible to protect anything connected to those networks. Duly warned, ARPA considered adding security features to the architecture of the net, as chronicled in Fred Kaplan’s book, Dark Territory: The Secret History of Cyber War. But the net’s chief scientist “begged” his superiors not to burden the project with such hindrances, and assured them that it’d take the Russians decades to catch up.
Illustration: Dionne Gain
He was right, but catch up they did, together with a rogue’s gallery of others, and then it was too late.
And among the civilian tech community, the early shapers of the web worked hard to enforce a techno-utopian vision. In pursuit of a worldwide web of beautiful libertinism, they rejected all regulation. The web was ungoverned space.
These two original flaws have allowed the web to become an uncontrolled playground for extremists, tyrants, criminals and rogue states. Yes, the web has spread useful services but it has also equipped terrorists with their most potent tool of propagandising and recruiting. The butchers of Daesh, the so-called Islamic State, last weekend lost their greatest prize in Iraq, the city of Mosul. They still cling to their last major city, their capital, Raqqa in Syria, but they are about to lose that, too. Soon Islamic State will have no state. But it will still have the internet. And that means it will retain the ability to regroup, recruit anew and return, as they did six weeks ago in the Philippines, elsewhere.
The web was billed as a tool for the democratisation of free information and unfettered communication so powerful that dictatorships would prove defenceless against it.
And there was a fleeting moment when web-enabled protesters shook repressive regimes in six countries during the Arab spring. But the Arab spring is now often described as the Arab winter. The uprisings were crushed and unleashed new mayhem and tyranny in all but one of these countries.
And China has shown how comprehensively the internet can be used as an instrument of control.
It wages highly successful political and ideological web censorship at home, against all predictions that it was futile to try.
And it has hacked the commercial secrets of companies worldwide, provoking the then head of the US National Security Agency, Keith Alexander, in 2012 to describe cyber theft of commercial secrets to be “the greatest transfer of wealth in history”.
Of course, governments have sent spies to steal other countries’ commercial secrets for centuries; the US stole much of its early industrial knowledge from Britain, so it’s hard to be too sympathetic.
But the web has accelerated the cycle.
And yes, the web has allowed Australia’s great ally, the US, to wage remote-control warfare in the cause of peace. The US and Israel used the Stuxnet cyber worm to send Iran’s uranium centrifuges spinning out of control in 2010, destroying themselves and setting Iran’s nuclear program back by an estimated two to three years. But the web has empowered other nations too, once they caught up. Russia under Vladimir Putin launched a war against Georgia in 2008. It became the first state in history to use a cyberattack to “soften up” an enemy in preparation for a conventional military strike. Russia followed that by shutting down part of Ukraine’s electricity grid as a precursor to military assault.
And, of course, Russia toyed with the US elections last year, making mischief at will, according to the joint conclusion of 17 US intelligence agencies. It’s not just the US electoral system that’s been penetrated. Director of the US National Security Agency Mike Rogers told the Congress in 2015 that China “and probably one or two other countries” were definitely inside the systems that control US power and water and other infrastructure.
And if the US is vulnerable, Australia is wide open. According to current and former Australian defence and intelligence chiefs, there is nothing preventing a catastrophic cyber attack on Australia’s economy. Only good luck has protected Australia to date.
It was this realisation that was behind the Turnbull government’s announcement last week of a new unit in the Defence Department tasked with cyber offence against potentially hostile hackers.
“The bad news is that Australia is lagging behind many other countries,” as Greg Austin of the UNSW’s Australian Centre for Cyber Security told The Financial Review.
“If the US, widely recognised as the global leader in this, was rated as a five, then Australia would be between one and two. A lot of other countries are at the same level, but there are others, including some we might see as potential adversaries, who are more advanced. The good news is that we are moving ahead.”
But if you want total security for your sensitive data, there is only one solution. Do as the Kremlin and some German parliamentarians have reportedly done – buy typewriters.
Peter Hartcher is international editor.