It’s the End of the Net as We Know It.

Hi everybody!

Time to tell you about a bunch of really exciting events I’ve been to over the past few weeks. It’s been a fairly crazy mini-tour covering Geneva, Dublin and London non-stop. Two or three days in each city and each time talking to some very interesting people on all sorts of hot topics.

It all started with the United Nation’s International Telecommunication Unit (ITU) meetings in Switzerland. The organization is showing great progress towards developing a common approach to fighting cybercrime on an international level. However, I’m afraid I can’t tell you any further details. It was a very hush-hush private meeting behind closed doors where we discussed some issues I can’t share with you at the moment. Nevertheless – stay tuned and soon I’ll be able to uncover some details…

Next up was Dublin and the F.ounders 2011 conference, which we’ve already mentioned here.

Last stop – the London Conference on Cyberspace. This was quite something – in fact, it unexpectedly turned out to be this year’s best event I was involved in!

The conference, organized by the British Foreign Office, took place on November 1-2 in the Borough of Westminster. I would like to thank the British Foreign Secretary and First Secretary of State William Hague for his personal invitation to me to take part in the event. I must say it was a surprise to find myself as the only “boss” from the IT security industry to address the audience. But then on the other hand I think the Foreign Office made the right choice – big-wigs from competitors would only have given the audience the same old BBB (Boring Business Blah blah blah) and spoiled the event!

The British government did a really great job organizing and promoting the conference, and this is from someone who’s attended hundreds of similar events. Among the speakers were some real heavyweights: British Prime Minister David Cameron, US Vice President Joe Biden, and of course the abovementioned British Foreign Secretary William Hague. James Brokenshire, the British Minister for Crime and Security, was very kind in acting as moderator during my speech. Later I had a private meeting with him discussing pertinent issues regarding cybersecurity. I also had meetings with Ed Vaizey, the UK Minister for Culture, Communications and Creative Industries; Stephen Pattison, the Chief Executive of the International Chamber of Commerce in the UK, and a many other top-ranking officials and businessmen. All meetings were interesting, insightful and enjoyable.

The conference was attended by a couple of hundred VIPs from 40 countries. That’s not all that many for an authoritative infosec gathering, but this one was invitation-only and it wasn’t that easy getting invited. On the flipside the conference was broadcast live over the Internet and widely covered in social media. It was amazing – in just two days I got as many new Twitter followers that I normally get in a fortnight! Thanks everyone!

Plus there was a ton of media attention. I can’t remember so many interviews in just two days. And not just any old interviews, but INTERVIEWS! See for yourself: live talk on Sky News and BBC World; mentions in Forbes, The Financial Times, The Sunday Times, Spiegel, Deutsche Welle and some 50 other high-profile printed and online media. Oh yeah – we had a real blast!

Now, let’s get to the point.

Frankly speaking I thought the conference was going to be just another humdrum phrase-mongering session. Believe me, this is what most infosec events are like. However, things turned to just the opposite. I mean this was the first time I’d ever heard top government officials directly supporting my long-held firm belief that we urgently need some game rules for cyberspace.

And that’s why all the bigwigs got together in London: it seems a lot of the people at the top have finally got their heads round the idea that today’s Internet is on a Highway to Hell, and is a breeding ground for malware and growing cybercrime. Of course, the Net should stay more or less as it is, but we should realize that it has changed to become more than a hangout for meeting people. It directly affects our lives through its use by all kinds of vital services like airports, hospitals, banks, the police, military… you name it!

It comes down to this: the critical global infrastructure depends on the Internet! This is not some kids’ game anymore. A seemingly harmless prank can lead to disastrous consequences. One day we might experience electricity outages, or banks, hospitals or airports stopping functioning – all because of some random malware, or worse – because of a targeted terrorist attack or cyberwar.

The question is not “will it happen?” but “when will it happen?”. Just think of the north-eastern US Blackout in 2003, the Spanair flight 5022 crash in 2008, the infected military drone ground control centers, or the South Korean Internet shortage caused by the Slammer worm outbreak… History contains a lot of examples where malware had really disastrous effects.

With so many aspects of our lives now depending on the Internet I think things will get even worse – especially if we add to the last list the cyber-attack on Estonia and the Stuxnet worm. We are about to experience something even worse – cyber warfare and cyber terrorism. Some governments have already announced they are forming dedicated cyber defense units. I’m pretty sure many others have done the same, but on the quiet. Meanwhile the Pentagon without a moment’s hesitation has equaled a cyber-attack to an act of war and has granted the US military the authority to respond to hacking with physical force. And unfortunately many Hollywood blockbusters (like Die Hard 4) might very possibly become reality – I don’t see it being too much of a stretch of the imagination. Ok, I think I’ve made my point by now.

So, in the face of all the doom and gloom, what are we to do in response? How can we save ourselves from the Internet getting out of control? Are we doomed and gloomed?

These questions, thankfully, were top of the agenda at the London conference. What I liked most of all were the serious intentions, and the problem’s acknowledgement at the highest level – the top international level. There are no borders on the Internet – so those fighting its negative aspects need to also lose borders – at least in this particular fight. Indeed, we can only save the Net (and ourselves too) by joining forces and going beyond national borders and interests. Yes, I mean i-Interpol.

A correct perception of the problem and full understanding of the possible ways of solving it is the way to go and that was what London was all about. David Cameron, Joe Biden, William Hague and many others almost verbatim repeated my long-held idea that without game rules the Internet has no future since it would become way too hazardous for life on the planet. And aye, I did get a kick – or rather, ego boost – by all the top-ranking officials sharing my original thoughts about the future of the Internet :-)

Internet regulation is a moot point and very divisive when it comes to discussing the idea.

Ever since I first outlined my general ideas about Internet regulations I’ve been attacked by all sorts of supposed upholders of net freedom and anonymity. But hold on. We haven’t had the luxury of possession of such things for years already. Internet regulations can’t be said to target freedom and anonymity – because no one has them. Online activity is logged at the Internet service provider level, and is available for both real-time and post-factum investigations. Governments officially declare traffic is snooped upon (and we can only speculate about the number of governments that snoop on traffic unofficially). Just look at online advertising – they know the websites we visit, what search keywords we use, our social preferences, you name it! Net freedom and anonymity are delusions! And the upset and banging-on that accompany their so-called demise are no more than populist rituals based on a lack of understanding of what’s really going on.

So we have public opinion largely believing the populist slogans about age-old freedoms coming under attack. Thus, those who are meant to take care of our security (the authorities) prefer to sweep this topic under the carpet. As a result, by some queer twist of responsibility-taking, instead of protecting our right to freedom we actually sacrifice it! We sacrifice the right to safe Internet surfing and to not get infected by some nasty piece of malware at every step. And of course we also sacrifice the right to high-quality (malware-free) services from banks, companies, hospitals, police, etc.

Could regulations defeat cybercrime once and for all? Certainly not. But the idea is to complicate the cybercriminals’ lot, nip amateur cyber-hooliganism in the bud, and catch the cyber-recidivists. Also to introduce an effective identification system protecting users’ identities, a cyber-law enforcement framework, and a supra-state organization capable of implementing the regulations. Hacking and stealing will stay forever – we’ll just have to live with that. However, hacking and stealing will become much less widespread if regulations come in, reserved to a small, hardened elite – like the bank robbers in Heat, only cyber-robbers. The rest of today’s cybercrime crowd will get the message: no more games, harsh punishment follows the crime. And farewell to amateur hackers’ romanticism!

But, let’s get back to the conference. Let me say it again: I liked it a lot. It was a clear signal that things are finally starting to move in the right direction. I saw there both political will and understanding at the top international level. That’s very positive. It now seems to be dawning on those that count – at the top – that the security industry and governments should start to actively fight cybercrime together.

Still, the issue that keeps me awake at night and which can level our efforts in bringing peace-of-mind to the Internet is the threat of cyber warfare and cyber terrorism. We must try our utmost – together – to prevent both.

Should the Internet become a military-free zone? Should we regulate the usage of cyber weapons the same way we regulate nuclear power with international treaties and organizations? Well, that’s another topic I’ll cover in my next post. Stay tuned!…

You can see more photos fro the London Conference on Cyberspace on my Flickr account.