There’s hardly any information infrastructure that cannot and will not be attacked by hackers, whether it's our phones, tablets, laptops, PCs, or data centers and the internet as a whole. In the past, both small and large companies have been equally affected, such as Facebook, RUAG, Yahoo and Sony. Neither have critical data and infrastructures been spared—just think of the WannaCry ransomware attack which also hit English hospitals, the Stuxnet computer worm used to sabotage industrial plants, or the theft of health data from 1.5 million people in Singapore.
The outlook for the future Internet of Things (IoT) seems no more encouraging in this respect; billions of devices on the internet will offer an even broader target. A foretaste of this is the October 2016 incident where thousands of inadequately secured IoT devices so crippled a central infrastructure that Amazon, GitHub, Twitter, the New York Times and several other large websites were unavailable for hours. And such threats won’t stop at the hardware either, according to the latest reports of spyware in servers and critical weaknesses in modern processors.
Letting rules dictate
As a result of such attacks, regulatory requirements in companies and organizations are becoming increasingly complex and wide-ranging. One example is the Swiss federal government's new ICT minimum standards, comprising 106 measures that go seamlessly hand in hand with international standards and certification guidelines. The compulsion to adhere to standardized and regulated procedures in our private and working lives is leaving us exhausted and helpless, making us more and more dependent, weakening our intellectual abilities and rapidly reducing the benefits of digital transformation. Yet it seems we’ve settled into this dependent role and found the solution to the problem in adapting our own behavior.
But things are on the wrong track here. If something has to be controlled and constrained, it’s not us humans in our private and work life, but the underlying infrastructure: the hardware, software and information systems.
Safety is the solution
It must be our ambition to build an internet that prevents any significant attack on the communication infrastructure and allows to use machines and infrastructure safely. It’s possible: Over the past six years, researchers at ETH Zurich led by my colleague Adrian Perrig have developed the SCION internet architecture.
SCION delivers security, availability and performance for any networked system and service: data transmission at high bandwidth, secure communication of sensitive data, protection from denial-of-service attacks, high availability of critical infrastructures, and no data is redirected to servers or countries for which it’s not intended. The technology is so well-developed that it’s now being used by banks and various internet service providers in Switzerland and internationally.
Safe and trustworthy haven
These recent advances in new internet architectures must be exploited to improve the security and performance of networked systems, whether for communication between federal agencies, for the exchange of highly sensitive information such as electronic patient files between hospitals, health service providers and research institutions, for communication between research bodies, or for the safe operation of our energy supply.
To achieve this, we in Switzerland must summon the courage to roll out a globally leading technology, a "Made in Switzerland" product, in a nationwide flagship project. This would be a significant stride towards an export hit—internet security from Switzerland. Right now, we have the opportunity to position our country as a safe and trustworthy haven, a global frontrunner: Switzerland, the safest internet country in the world.
Editor’s note: this article was originally published by ETH Zurich and republished here with permission.