Home / Cybersecurity / A cybersecurity expert on why you should be very worried about the internet's future – Vox

A cybersecurity expert on why you should be very worried about the internet's future – Vox

In 2012, the New York Times’s David Sanger broke a bombshell story detailing a joint US-Israel cyber attack on Iran that undermined its nuclear enrichment facilities. The computer virus, dubbed “Stuxnet,” disabled 1,000 of Iran’s 5,000 centrifuges at the time.

In 2014, a Chinese hacking group, known as Unit 61398, penetrated the computer networks of major US companies like Westinghouse and US Steel in order to loot trade secrets. This was one of numerous such attacks by Unit 61398.

In 2016, Russian government hackers gained access to Democratic National Committee computer networks, stole sensitive information, and systematically leaked it in an effort to damage Hillary Clinton’s presidential campaign.

And just a week ago, the Washington Post reported that the United Arab Emirates had hacked various Qatari government social media accounts, sparking one of the most dangerous diplomatic crises in the Middle East in decades.

A new book, The Darkening Web, argues that stories like these are going to become more and more common as countries seek to project power in cyberspace. The author is Alexander Klimburg, a program director at the Hague Centre for Strategic Studies and an adviser to several governments and international organizations on cybersecurity strategy and internet governance.

Klimburg games out a few possible futures for the internet. One of them is apocalyptic: Imagine the world’s major powers unleashing malicious code on one another, irreparably destroying vital infrastructure. Another is an Orwellian world in which the internet has become a tool of subjugation, monitored and restricted by state powers. Still another possibility is that the internet remains free, controlled by non-state actors, and a wondrous instrument of global connection.

It’s hard to say which of these scenarios is most likely. For Klimburg, it’s a matter of mobilizing concern now before it’s too late. “Ultimately,” he told me, “it will take the attention of the free society that built the internet to save it.”

You can read our full conversation below.


Sean Illing

Have we lost control of the internet?

Alexander Klimburg

I don’t see the internet as a fumbling, evil machine that’s out of control. What I think is it’s more like a man-made ocean that suddenly just became deeper and more complex than we previously envisioned. It’s still an overwhelmingly positive development and one of the greatest human inventions ever.

What I am concerned about is the direction it might take if we continue down a route we’ve embarked on in the last couple of years, particularly the last year or two, in which, effectively, we are increasingly asserting government influence over the internet. The internet was originally intended as a non-state domain, run by a multitude of different actors that balance each other out and prevent one group from taking over and gaining control.

Sean Illing

You mentioned government influence just now, and your book is largely about cyberwarfare between countries. Why are you worried about this?

Alexander Klimburg

Well, the worst-case scenario is a no-holds-barred exchange of every single malware kit (software that identifies vulnerabilities in computers in order to upload and execute malicious code) we’ve developed entering into cyberspace, and the worst possible outcome is not simply that the lights go off and then you go and you flip on the generator and it’s back again. It’s that the infrastructure is destroyed irreparably and cannot be reconstituted.

A serious cyberattack could burn out the power transmitters and utterly decimate vital infrastructure. If this were to happen, we would not be able to reconstitute our infrastructure because there would be no way to build it, and we’d have to rely on other parts of the world delivering generators to get us started.

A full-scale cyberattack could be the functional equivalent of a massive electromagnetic pulse or a solar flare that totally shuts down all of our electrical systems, only it would be a man-made disaster.

Sean Illing

Is the ability to execute a cyberattack like this widely shared among major powers?

Alexander Klimburg

It’s hard to tell because we don’t know to what extent they’ve invested in acquiring these capabilities. We know only that it’s theoretically possible given the right intent and focus. We know that the US has these capabilities, and we can be reasonably sure that other major powers do as well.

Sean Illing

Are there any critical institutions or systems that aren’t on some level completely vulnerable to cyberattack?

Alexander Klimburg

No is the short answer. You can’t simply disconnect from the internet — it doesn’t work like that. Anything that uses internet technology is connected to an internal network. Once you’re in the internal network and you can jump from device to device, it doesn’t matter if you’re connected to the global internet or not. Every single device, even down to tractors in agriculture, which these days are increasingly controlled via the internet itself, [is] suspect to being hacked.

Sean Illing

You lay out all of these ways in which the internet could be used to upend civilization, and yet the book is also a plea to resist efforts to restrict what can be done on it. Why?

Alexander Klimburg

The internet has been an incredible boon to mankind, both in terms of our liberties and also in terms of our productivity. But we’ve taken it for granted. This is really what my book’s about. We’ve got to stop taking it for granted, because the internet doesn’t obey fixed laws. There’s no gravity in cyberspace except the gravity that we say exists.

That’s why I’m increasingly concerned that if we cast the security threat that comes from the internet in such stark terms, then we’re simply advancing the narrative of those powers that want to put an internet that is run by a multi-stakeholder galaxy under more centralized control in order to simplify the problem. But we should be very wary of any attempt to do this because it will only further the interests of undemocratic powers.

Sean Illing

That’s a fair point, and I certainly agree that so far the benefits of the internet far outweigh the costs, but I wonder if we’ll still feel that way in 10 or 20 years.

Alexander Klimburg

That’s a valid question. I think it depends on whether the internet maintains its status as a global commons, free from singular control. That’s what my book is dedicated to. I want people to understand that this man-made domain, like finance, touches every part of our life. If the internet gets undermined by special interests or corporations, if governments are allowed to militarize cyberspace, the internet will become something different.

Sean Illing

But haven’t governments already militarized cyberspace? Aren’t we having this conversation precisely because the internet has changed?

Alexander Klimburg

That’s certainly partly true. I’m worried that the governments of the world are turning the internet into a domain of security and fear. If we continue along this path, then that’s what it will become: a domain of fear and control. We can already see what this looks like in countries like China and Russia, and it’s what will happen in democracies too if we allow it.


Iranian President Mahmoud Ahmadinejad (C) visits the Natanz uranium enrichment facilities 200 miles (322 km) south of Tehran, Iran, on April 8, 2008.
Getty Images

Sean Illing

You’re talking about the end of liberal democracy, of free and open societies where information and inquiry is unconstrained.

Alexander Klimburg

Yes, that’s exactly what I’m talking about — the end of democracy.

Sean Illing

Something else you address in the book, which I don’t think is discussed enough, is how the internet has transformed international power dynamics. States no longer need giant militaries and enormous material capabilities to inflict serious damage on other states. Obviously there’s still a power hierarchy, but do you see the internet as a great equalizer?

Alexander Klimburg

Ten or 15 years ago, we were talking about how the internet basically equalizes everyone and allows individuals to make war on the state. That’s true, but the bizarre thing is that the opposite is now also true. It has also empowered governments, and the government can now also make war on the individual, can target people on a much more individualized basis. So I don’t think we can say that the internet has flattened hierarchies. All actors have gained more power.

Sean Illing

We have an abundance of power and no idea what to do with it or how to manage it in a way that doesn’t undermine security.

Alexander Klimburg

You make a great point. The question now is what do we do with this abundance of power? Everyone has been empowered — from nation states to corporations to 12-year-old hackers to intelligence agencies. But we haven’t figured out what the restraints are that we need to impose on ourselves, legally and even morally.

Sean Illing

You stress over and over again that the internet was built by civil society, is maintained by civil society, and will become something much darker if that ceases to be the case. What are more authoritarian states like Russia and China seeking to accomplish by so aggressively exploiting cyber vulnerabilities? Why are they raising the specter of cyberwar?

Alexander Klimburg

Russia and China have been pushing for a long time to “bring peace to cyberspace,” which basically means bring it more under state control. They’ve been advancing since the 1990s something called the “Code of Conduct” and many other documents aiming to establish a multilateral, intergovernmental solution to anything regarding the internet. The more we’re worried about cybersecurity, the better for them because that supplies the justification for more control, more security.

So this is why they want to change the multi-stakeholder nature of the internet to one where the governments are in control. This is something that effectively amounts to the invention of the wheel being suddenly converted into a tool for security and war. I think this is the shift we’re constantly fighting. And this is what I mean when I say we’re waging a battle for the soul of cyberspace.

Sean Illing

Do you consider Russia’s meddling in our election an act of cyberwarfare?

Alexander Klimburg

It’s clearly an information warfare attack using cyber means. This is something Russia has done elsewhere — in Scandinavia, in Sweden and Denmark, in Estonia, in Germany and France. The aim of these attacks isn’t to undermine physical infrastructures, though. When I say information warfare, I mean they’re trying to define the political narratives in these countries. They were unsuccessful, sometimes spectacularly unsuccessful. In Sweden, there’s been a blowback to such an extent that Sweden has now introduced conscription, among other things.

Sean Illing

Why was it so successful in the United States?

Alexander Klimburg

Well, that’s a whole other question. You have to have resilience against these types of operations. In my view, there is absolutely no other way to deal with information warfare than with resilience. What we cannot do is respond with propaganda and insidious covert strategic operations of our own, because then we’re weaponizing information. If you go down that route, the New York Times, Facebook, your blog comments, everything becomes a weapon in a war, and one that basically needs to be adjudicated by governments.


President Trump meets with Russian Foreign Minister Sergei Lavrov and Russian Ambassador Sergei Kislyak, in the Oval Office. Even if Russia didn’t help Trump win the election, his legitimacy is in question.

President Trump meets with Russian Foreign Minister Sergei Lavrov and Russian Ambassador Sergey Kislyak in the Oval Office.
Alexander Shcherbak / TASS / Getty

Sean Illing

But hasn’t information already been weaponized?

Alexander Klimburg

Well, this is why international law exists. The whole point of international law is you can’t say we’re going to war because you hurt my feelings. That doesn’t work. Otherwise, we have pure anarchy and pure chaos. You only can go to war under very specific circumstances, which typically require death and destruction and physical damage. But this is something that authoritarian states don’t like, because they want to establish the law that anything that involves or weakens their hold on power is an act of war.

Sean Illing

Perhaps international law is outdated. This is a new world with new threats, and I’m not sure the legal framework of the 19th and 20th century has adapted to it. A piece of malicious code can be every bit as destructive as a nuclear bomb, so I’m not sure at what point information becomes a material threat, but clearly it can.

Alexander Klimburg

Here’s my view: I don’t consider information a weapon any more than I consider bad words a weapon. It doesn’t ever justify shooting somebody. I don’t think hostile verbal acts should be answered with tactically kinetic means. That’s not something we can put up with, not if we believe in free speech and not unless we’re prepared to shut down websites because they insult the wrong leader or produce bullshit narratives.

Sean Illing

What should the international community do to get a handle on this problem? Is it a matter of developing new norms, new values, new laws, new institutions?

Alexander Klimburg

The only way to make sure we have some type of stability in this environment is what I consider to be a triad. Basically, a triad of a free internet, which basically means we have three different discussions that are kept very separate from each other and which are informed of what each other are trying to accomplish.

The first one would be security, the second one would be economy and crime, and the third is internet governance. They all also align by the way to committees in the UN, but the UN plays a very different role in each of these. In the first case, security, we have long-running discussions that unfortunately recently failed between Russia, China, the United States, and many other nations, called the UN Group of Governmental Experts.

Those are informal consultations that effectively try to set up norms for state behavior in cyberspace. It’s a process I’ve been a part of for many years. We want clear rules for state behavior in this realm both during peacetime and during wartime. But there will have to be a political solution to this problem.

Sean Illing

What do you mean by “political solution”?

Alexander Klimburg

We have to show that this is destabilizing, and we have to push back. And the conversation can’t just happen in the security environment because that means the discussion is only occurring between governments, when we also need to have other actors in the room — including corporations and civil society organizations that build and sustain the internet.

These are the people who solve most of the problems happening in cyberspace. Russia and the US can talk about cyberattacks online all they want, but the cleanup will be done by the private sector and by civil society. So this can’t just be a nation-state problem.

Sean Illing

How likely is it that the internet becomes principally a tool of subjugation?

Alexander Klimburg

It’s unlikely, but we still have to worry about it. It’s unlikely in the way that nuclear armageddon was unlikely. But I have to say, I think this is much more likely to happen than nuclear armageddon ever was.

The reason is that if there really was a fundamental move to grab key functions of the internet and put them under governmental control, the internet would split. China, for instance, has already done this, basically forming their own internet — although theirs is still connected to the rest of the global internet for economic reasons. But they could separate themselves further if they wanted to. Other countries could as well. Then we’d have a fragmented internet.

The question then is what would happen in those fragments? You could easily have a North Korean-style information bubble being bred over decades where people are completely and utterly brainwashed due to the ability of their government to choose what information they see. That type of risk is there.

The more dangerous scenario, which is less likely to occur, is the entire global internet becomes subjugated as Western countries abide by these threats and fall into the trap of information warfare. If that happens, the internet will cease to be free. That is the true dark web scenario I worry about.

Sean Illing

I guess I’m failing to see why this cyber dystopia scenario remains unlikely. We seem to be inching inexorably in this direction.

Alexander Klimburg

Again, a lot of things would have to go wrong. But to make sure it doesn’t go wrong, I think it’s important that we all have a basic level of understanding of what’s at play. As I said before, it’s like finance: It’s complex and overarching, but you don’t need to understand all components of it.

Everyone, however, has to understand what part of it really does impact their lives. We have to be careful of all attempts to impose easy solutions or rip up the whole thing and start again, because all those attempts only advance singular interests and the internet is not about singular interests. It’s about collective interests, and that is what we have to keep.

Sean Illing

Well, I was hoping you’d shake my pessimism about the future of the web, but alas…

Alexander Klimburg

You’re experiencing what many other people experience when they first encounter this issue. I promise you everyone who has entered classified programs finds out what’s actually been going on for many years in this environment, and their first reaction is despair. People can’t believe how much complexity is out there, how much aggression is out there, and how casual[ly] people are taking risks that could lead to hard war. It’s incredibly disheartening.

We have all benefited from the internet, and I think it’s really easy to forget what this magical tool that simply works in the background that nobody really seems to care about actually requires. Ultimately, it will take the attention of the free society that built the internet to save it.


Source link

About admin

Check Also

Siemens Leads Launch of Global Cybersecurity Initiative – Dark Reading

The new ‘Charter of Trust’ aims to make security a key element of the digital …

Leave a Reply

Your email address will not be published. Required fields are marked *