Parent, Beatty: We need a new Internet

Content of the article

Michel Parent, Simon Fraser University and David R. Beatty, University of Toronto

Make no mistake: we are also in the midst of a pandemic of digital ransomware attacks. Recent ransomware attacks against Colonial Pipeline and JBS USA Holdings Inc. – the world’s largest meat processor – underscore the growing and brazen nature of organized and deliberate attacks against increasingly important targets, and our chronic inability to defend against them.

What we need is a new Internet. The old one is broken.

Today’s Internet grew out of the Advanced Research Projects Agency Network (ARPANET) in the late 1960s – a conglomerate of research institutions linking military, political and industrial actors during the Cold War to the United States. United. It enabled secure communications in the event of conflict and facilitated research and development through electronic information sharing. It was a closed, tightly controlled, highly secure, invitation-only network.

Content of the article

The invention of the World Wide Web by Tim Berners-Lee in 1990 led to the browser-based Internet we know today. The WWW introduced and advocated an open, inclusive, universal and unconstrained mode allowing networks to communicate with each other. He introduced the notion of hyperlinks that a user could simply click on and be transported to a new web page on a separate network. It was the start of the unregulated, user-driven, content-rich Internet.

The paradox of the Internet is that it was born, developed and exists in an environment where control and access are in constant tension and conflict.

Cybercrime is a growing, very prosperous and profitable industry. According to Cybersecurity Ventures, the costs of cybercrime will increase by 15% per year to reach $ 10.5 trillion by 2025: the third largest “economy” in the world, after those of the United States and China.

Content of the article

Much of this is ransomware, multi-faceted attacks that capture an organization’s data and systems. Since the start of the COVID-19 pandemic, ransomware attacks have increased by almost 500%.

The average ransom payment also increased, up 43% from the last quarter of 2020 to an average of over US $ 200,000. What’s particularly insidious about these attacks is that a ransom demand often comes with a breach and extraction of company data, and simultaneous extortion that threatens to disclose these. data unless additional payments are made.

In the first quarter of 2021, more than three quarters of ransomware attacks were linked to such a threat.

Criminals have also evolved to become increasingly systemic. The recent attack on Colonial Pipelines by hacker collective DarkSide is one example. Like their state-sponsored counterparts, criminal groups have created virtual organizations and adopted targeted strategies targeting specific sectors and businesses. They have endless resources, skills and patience. They play a long game where targets are identified, carefully recognized, and only act when the maximum value can be extracted.

Content of the article

Lawmakers have, as might be expected, responded to these attacks. US President Joe Biden has called on federal agencies to use all their resources to deal with digital disruption. The Department of Homeland Security is developing a set of mandatory rules for how pipelines, and possibly other infrastructure providers, will need to protect their assets.

Although this is a good first step, it will not be enough, and we will continue to react, to be behind the attack curve.

Intranets – closed proprietary networks – may hold the key to solving this threat.

We foresee the emergence of a new Internet, with two distinct sides. On the one hand, we will have the completely unfiltered and unregulated Wild West Internet that anyone can access.

Content of the article

On the other hand, we could see the evolution of what might be called the “World Wide Intranet” ie widely accessible but tightly controlled websites with strict access controls for prevent criminal activity, much like the closed corporate intranets that gained popularity two decades ago.

Large online merchants like Amazon, government, healthcare providers and other large organizations will no longer tolerate criminal assaults on their data and resources and that of their stakeholders. So, as security measures like multi-factor authentication evolve, they will increasingly be adopted by these organizations and passed on to consumers as a condition of access.

As a company, we accept checks when the cost of their absence exceeds the restrictions they impose. We see this trend as an inevitable consequence of growing security threats affecting not only networks, but the individuals who deal with them.

Content of the article

By 2025, the world will be storing 200 zettabytes (one trillion gigabytes) of data. The accompanying growth in transactions leaves us with no other choice but to strengthen identity and access controls.

One avenue could divide the web into an open, but inherently risky Internet, and another closed, controlled, regulated and inherently suspicious, where security and privacy dominate.

Michael Parent is Professor of Management Information Systems at Simon Fraser University and David R. Beatty is Academic Director of the David and Sharon Johnston Center for Corporate Governance Innovation at the Rotman School of Management, University of Toronto

This article is republished from The Conversation under a Creative Commons license.