Millions of people anticipated a glimpse of Taylor Swift at this year’s Super Bowl. That was likely millions more than noticed the stunning announcement by the government just four days earlier that Volt Typhoon — a conglomerate of cyber actors sponsored by the People’s Republic of China — had pre-positioned itself inside American critical infrastructures in preparation for cyberwar.
Intellectual theft, weather balloons, TikTok and now cyber war. What’s left for China to do before someone in charge takes action?
Like Taylor, technology tends to mesmerize and captivate us. Videos of gearheads unpackaging products and peeling plastic off screens in what resemble ritualistic ceremonies litter YouTube. Cryptocurrency computer codes invented by who-knows-who with no underlying value, backing or adult supervision intrigue us as they masquerade as the money of “the people.” Tech applications like TikTok have a pollyannish, feel-good, video game aura that lulls us into thinking bad stuff really won’t happen.
China knows how to take full advantage of it. If it had amassed its military offshore and focused every rocket in the direction of major U.S. cities, there would have been mass hysteria. But the insertion of digital explosives that can turn off our water, lights and ability to communicate seem to be too surreal to rate even a whimper.
Cyberspace has become the most dangerous and defenseless ecosystem on the planet. Instead of calling time out and rebuilding it to be more secure, we play the role of rats on spinning wheels foolishly thinking we can outrun the never-ending exploits of national adversaries, hackers, terrorist, traffickers and all-around creeps who are more than willing and capable of taking advantage of the internet’s porous qualities.
It makes no sense to share the same murky cyber waters with countries like China, Russia, North Korea and Iran. We certainly would not share a military base with them. But as with the latest shot across the U.S. bow that Volt Typhoon represents, all the government can seem to muster is the admonition that businesses — which have less than any control of what bad guys do in cyberspace — be more vigilant and spend more money for cybersecurity. Cybersecurity consultants, a business that will approach $500 billion by 2030, love that.
The government should be announcing that a consortium of democratic nations is taking steps to implement fundamental solutions to cyber insecurity.
First, real authentication of humans rather than machines and IP addresses would add a new level of certainty. Multi-function processes help, but few incorporate all of the time-consuming and annoying elements that actually strengthen authentication: something the user knows, something the user has, something the user is, something the user does and somewhere the user is. Zero trust architecture must also be applied so that once authenticated into a domain, users don’t get free roam. Every inch of anonymity that is clawed back in cyberspace will result in a mile of greater security.
Second, internal and external governance standards that impose rules of conduct that resemble those we use to govern ourselves in the real world must be adopted. That necessarily includes the establishment of annoying global governing bodies and the enforcement of the rules by a readily identifiable and accessible cyber police force assisted by state-of-the art technologies. Violations of the rules must be punishable — perhaps by network expulsion or, in the most egregious cases, digital annihilation. Otherwise, much like paying a fare to ride the New York subway system, honesty and civility in cyberspace become optional.
Finally, we should return to the concept of secured private networks (SPNs) used by our legacy computer systems before there was an internet. Those new SPNs should require adherence to the most stringent security protocols before passports are issued to limited groups of users. Anyone who won’t accept those standards should be denied access, likely eliminating non-democratic nations and online creeps from cyber freeloading.
There is no magic to these solutions. They simply replicate what we do in the real world where fences, locks, borders and police have always existed. If we are willing to pay the small price to make these changes and create a more secure cyberspace, we won’t have to worry about waking up to warnings about China preparing to flip the switch on the United States.
It is time to shake off the hypnotic effect of digital technology and see it for the mixed bag of good and evil that it is. That must include an effort to evaluate the moral and ethical issues raised by the deployment of ever more powerful cyber weaponry, much as occurred with regard to the potential risks of nuclear proliferation after World War II. If we don’t act judiciously and merely plod along following the path carved out by tech entrepreneurs, our adversaries will slip into our lives as we’re distracted by the Taylor Swifts and TikToks on our screens, and we won’t realize it until it is too late.
Thomas P. Vartanian is executive director of the Financial Technology & Cybersecurity Center and the author of “The Unhackable Internet.”