In February 2013, American cybersecurity firm Mandiant released details about a 12-story building in a Chinese government compound east of Shanghai’s Huangpu waterfront. There, the firm believed, a group of hackers had been executing some of the most prolific malware attacks on American companies since 2006–condoned, perhaps ordered, by the Chinese government.
Some security experts warn that it’s only a matter of time before the dire “cyber Pearl Harbor” former Secretary of Defense Leon Panetta predicted in 2012; that terrorists hack into critical infrastructure and find a way to shut off the lights. But whether it’s a slow shift to new cybersecurity measures, or changes following a traumatic shock, 2014 could be the year we prepare to hit the “reset” button on the Internet, and redesign it with more security in mind.
The U.S. loses hundreds of billions of dollars a year due to intellectual property theft (largely from China), and distributed-denial-of-service (DDOS) attacks bombard American industry nearly every day. This past summer, Trend Micro threat researcher Kyle Wilhoit set up fake servers resembling U.S. water utility control systems to see who might exploit them. In just 18 hours, hackers from Russia, Palestine, Germany, and possibly China began to break in.
“There are data breaches every single day, denial of service attacks, the loss and theft of data, worth an inordinate amount of money,” Shawn Henry, president of security firm Crowdstrike and former head of the FBI’s cybersecurity division, said. “I don’t think until we see the cyber equivalent of planes crashing into buildings [that] we’ll have a real movement. I see this as very similar to the terrorist issues.”
But chronic, corrosive hacking aimed at American banks and industry could nudge the private sector to beef up protections with help from the U.S. government in 2014. In February, President Obama issued an executive order with draft cybersecurity regulations for American industry, and he’s meeting with American companies to address them.
Other government initiatives are already preparing a “clean slate” for the Internet. In 2010, the Defense Advanced Research Projects Agency launched a five-year investigation into what it would take to rebuild secure Internet architecture, tackling everything from hardware to software to the cloud, exploring which types of structures might ward off hacking attempts at every step of connectivity.
In the fall of 2013, Darpa also launched the Cyber Grand Challenge. Like Darpa’s vehicle grand challenge spawned self-driving cars, the Cyber Grand Challenge asks experts to design unmanned systems to topple a series of information security challenges. In the end, the tournament should yield prototypes for self-healing, self-defending network systems that differ from our vulnerable structures today.
But will it be enough to calm down the febrile atmosphere of Internet attacks? “Technology as an answer is like saying guns are an answer to war,” Mandiant’s chief security officer Richard Bejtlich says. “Whatever you can do to build better technology is good, but at the end of the day it’s not going to be the ultimate solution.”