The internet has been rocking our world for over 20 years. Sadly, we’re not the only ones benefiting; the bad guys have made good use of the internet’s freedom and lawlessness. This year alone we’ve seen Russians manipulating US elections and elevating Donald Trump as the leader of the free world, the French leader Macron combating similar attacks with a crack cyber defence team, Turkish activists hacking western infrastructures to spread fake news and propaganda, North Korea entering the cyber stage as a prime suspect for Wannacry, and Notpetya wreaking havoc with enormous damages for healthcare and logistics.
Your money and your secrets
These are symptoms of changing times. A decade ago life was simple. Russians stole your money, the Chinese stole your secrets. Now everything is blurred. Russia has no extradition treaties, so global law enforcement can’t repress the plundering of the west. Under Putin’s umbrella western money pours into Russian wallets. Cybercrime companies filled security gaps and cracks, and who can blame them? They created solutions for digital vandalism, fraud, espionage and hacking. Criminals, stupid enough to go on holidays in the west were arrested by the FBI, the NCA or Europol. These arrests are drops in the ocean, the “king pins” are still free.
Versatile skill sets
One Russian Mastermind, Evgeniy Bogachev, was forced to retire after an FBI action. He had millions and life was good with such amounts in Russia. These assets make it difficult to escape the regime, though. Authorities recognized his versatile skill sets. The Russian FSB could have arrested him at their leisure and kicked him into the Gulag. Rumour has it he negotiated a “Golden Cage” deal, doing the odd “consultancy job” for the government in exchange for his freedom. Such as, let’s say, hacking the DNC.
The collusion between criminal hackers and nation states is bad news for the west. The criminals just want our money. Nation states have darker motives. They’re out to weaken the west in every unpredictable way. Their security services are starting to collaborate with the fraudsters and spies. They share tips and tricks, and attack technology. Determining who is in your network is becoming increasingly difficult. It could be a weekend hacker or a nation state using the same malware.
The security industry’s role
Unpredictable is difficult to stop. Difficult to stop means expensive to stop. The security industry is stepping up, but Big Data and Artificial Intelligence is not within everyone’s budget. Cyber security is becoming more complex every day, what happens if you can’t afford it anymore? At a RSA conference in San Francisco, hundreds of vendors were peddling their wares to enterprises and governments alike, who were queuing up to get the latest and greatest. But, some feel they’re already dumping their investments in a sinkhole.
Laws and borders
There’s almost 200 countries on earth. Half of them are what we call free. All have law books, friends and treaties. They’re all connected to the same internet. It’s as if we all fenced in our front yards, while sharing one big back yard. There’s vandalism, theft and riots. We all know where the perps live, but we’re unable to touch them.
The FBI is taking the lead in bringing criminals to justice. On the law maker’s side Europe is illuminating the path. The GDPR regulations forces organisations to become more resilient toward cyber threats, and more diligent with personal identifiable information. The UK is working to create similar laws, aimed at punishing organisations that are hacked.
A nice first step, but we cannot ignore the context: in the world’s largest nations, both in the free world and outside, pressure is building up. Cyber is the capability every nation invests in. Discerning between cyber crime and cyber armies is difficult. They’re working together. Putin himself joked “hackers are patriotic artists, who shouldn’t be restrained in their craft”.
Is the well-intended GDPR, created by nice European bureaucrats enough to future proof ourselves?
A tool to fine the hacked
If we don’t accept cyber crime is a political problem, companies will pay the price. The GDPR will be a tool to fine the hacked. But who is going after the perpetrators, and who’s going after the nation states facilitating their “artful” work?
Internet should be part of international geopolitics. And since it’s a global “back yard”, the biggest political organisation we can muster should care for it. We can’t ask the security industry to do this for them, it’s neither fair nor wise. Cyber budget should be part of UN membership, there should be a UN cyber security council. My recommendation would be to not give veto rights to Russia.
If we don’t create an international council, the internet is going to be split in vague segments like the oceans and the seas. Territorial waters, international waters and all the quarrels that go with it. It’s the end of the internet as we know it. It’s not going to be easy, but the clock is ticking.
Our freedom is at stake.