Advances in technology continuously bring about changes in our society that must be addressed in a manner as unique as the innovation. Gun laws were not needed when the most lethal gun could only be shot once every minute. However, with advancements allowing them to shoot eight hundred rounds per minute it became necessary to regulate them. A simple bi-plane could not be abused as a weapon, but a Boeing 737 could be used to end countless lives. Without this perspective, an advertisement popping up on your computer could be dismissed as irrelevant after closing it out. However, the issue of new potential dangers of more malicious viruses arises.  Krehel and Anderson start this conversation in “At what point do white hat hackers cross the ethical line?” citing an instance in which Christ Roberts was able to take control of a plane and navigate it off course using a computer program. The increase in use of computers, phones, and tablets has created an environment in which cyber security can be an almost universal issue. Personal computers, businesses, and government programs are all vulnerable and can be abused in different ways. Therefore, cyber security is the next issue that requires reform. Despite the call for a free unrestricted internet, it is essential to take steps to ensure the internet is more secure.

 Currently there exists an often overlooked amount of insecurity online. Personal computers are vulnerable to viruses distributed through misrepresented websites, emailed, and other platforms for the transformation of information. These viruses can be used to damage your computer or to take personal information such as emails, passwords, and even credit cards. A single hacker now has the potential to preform identity theft or credit fraud from their basement. Yet having your credit card stolen and bank account drained is far from the full capability of a security breach. When a business suffers a security breach, the consequences of the breach are much greater. To remedy such a breach, direct costs include the incomplete list of things such as “work time, overtime, equipment leases, and legal costs” (Krausz 30). Krausz estimates these costs can total as low as ten thousand British pounds to well beyond five hundred thousand pounds which is roughly twelve thousand five hundred US dollars to six hundred and twenty-five thousand dollars (Krausz 30). However, there still exists the indirect costs and reputational costs which cannot be quantified but can be in a worst case scenario as severe as the company going out of business (Krausz 30-34).  Nevertheless, this is still only a fraction of the potential danger. Stuxnet, a virus developed by the CIA, exemplifies how cyber breaches could rapidly turn into cyber terrorism. To enable Stuxnet to infiltrate the Iranian network USB sticks containing the virus were dropped in high traffic areas such as airports until an Iranian official picked up and used one. The virus was able to identify which machines to target and then spread from centrifuge to centrifuge slowly speeding the centrifuge up to imitate a malfunction before finally deleting itself before the centrifuge exploded. Galeotti argues that such a virus may have set an unintended precedent by enacting the first terrorist attack preformed entirely utilizing computers (35). This, in combination with Chris Roberts being able to control the flight path of a plane, indicates that the next terrorist attack on the level of 9/11 could be completed without the physical presence of an attacker. 

The potential loss of the internet is an almost always over looked threat. The current degree in which we rely on the internet would render many business and operations incapacitated if it were lost. Incorrectly, people often assume because the internet is not a physical thing it cannot be destroyed. Kugler utilizes the knowledge of white hat hackers to argue three ways the internet could actually be destroyed. Firstly, fiber optic cables which travel underground and across the sea are relatively unprotected. Although the facilities they originate are well protected, anywhere underground or in the sea they can be easily cut. There is so little protection that there are instances of ships anchors cutting these cables (Kugler 19). Cutting these cables can cause a denial of internet to nearby areas, and coordinated attacks in 2008 have already been able to deny “one point five billion people or one fifth of our planets population” (Kugler 19). Secondly, disruption of a power grid would result in an area of the internet stored on a network exchange hub to be unavailable during that time. As well, any information stored in a data center in this area would be inaccessible. Lastly, these two machines could be damaged causing a permanent loss of any information not stored elsewhere. Stuxnet is an indication that the potential for these attacks to occur via a cyberattack rather than a physical attack already exists. Cyber-attacks have already been used in coordination with physical attacks to gain an advantage in war. In 2008 Russia used a distributed denial of service, or DDoS, to interfere with the Georgian government (Galeotti 32). This kind of attack takes continuously sends data packets and requests to a server overloading that server so that it cannot function. By doing so, emergency communication networks would be unable to function limiting the possible communication via electronics. This means innocent people would be unable to receive the necessary warning and would be in danger. 

Understanding the threat is not enough to remain safe from it. Therefore, we must address what approaches should be taken to end the issue of cyber security. Clemente argues cyber security has become similar to climate change in the sense it is a wicked problem (16). He defines a wicked problem as a problem which “cannot be objectively solved… only made better or worse (Clemente 16). This means that anyone who uses technology must accept a certain level of insecurity. Currently security is practically an afterthought in computer programming. This is due to the fact the primary concern when writing a program is to first obtain its basic functionality. After the program is written, cyber security specialists will be paid in attempt to identify any areas that can breached and abused. Schell refers to this method as a “penetrate and patch” method (21). Unfortunately, there are several downsides to this method. Firstly, a specialist or a group of specialists may easily overlook a flaw leaving the system vulnerable (Schell 21). Secondly, each time a patch is made there is potential for this new code to be abused (Schell 21). Lastly, even if this system is properly protected, the use of malware would be able to introduce new flaws to be abused (Schell 21). Schell then argues that three things are necessary to create a secure client: the client “must validate enforcement of the security policy”, be “tamper-proof”, and be “verifiable” to ensure the system works (22). These policies ensure that each piece of data stored on a computer has more secure references to who is able to access and edit them. Realistically on operating system of this capacity would take ten or more years to develop as well as “tens of millions of dollars”, but Schell believes this price is small compared to the possibility of the cost being measured in human lives (23). Fortunately, after an operating system is developed it can be adapted for several different uses more quickly and at a lower cost. 

Unfortunately, this triad is not reliable at the state level in which attacks are more coordinated and more advanced. In order to increase the level of security at the national level, coordination amongst states is necessary. However, currently the opposite exists in the form of state funded cybercrime (Galeotti 34). Galeotti attributes the high amount of cybercrime in Russia to the states “liberal treatment of [their] hackers” resulting in the cost of an email account to be hacked being only one hundred sixty-two dollars and spyware being placed on a computer for three hundred fifty dollars (35). While international organizations have been created in attempt to put a cessation to cybercrime, only states with economic interest have joined (Galeotti 35). Other states who benefit from cybercrime not only allow it but also develop their own methods of cyberattacks. Samy Kamkar is a perfect example of this occurring within the United States. After introducing a virus which crashed myspace, Kamkar “was caught and convicted of a felony” (Kugler 18). However, instead of the full repercussions of his crime, Kamkar was offered a plea deal which enabled him to avoid jail and after three years reenter the technological world using his knowledge of internet security to test websites rather than crash them (Kugler 18). Kamkar’s story is a fortunate one in which his expertise was able to be used for security, but for each situation like his there is one in which that plea deal requires the person to work for the government.

Despite this knowledge there exists a community advocating for fewer restrictions then what currently exist. The argument for a free internet aligns closely with the argument surrounding gun rights. This community argues the first amendment, freedom of speech and expression, extends to the internet. The internet did not exist at the time this amendment was made and does not take into account the many complexities of the internet. The always changing, infinitely expanding internet does not exist in one place. Therefore, laws created must be international not based on principles that only apply to the United States. As well, a decision must be made as to what freedoms should be sacrificed for increased security. Freedom of speech does not extend to illegally watching and downloading movies which websites are notoriously a hub for various viruses. 

Cyber security is an issue that has well exceeded the point that it must be addressed. It is so expansive and so engrained into our society it has the potential to always be an underlying concern. Cyber security threats now span from personal devices to government databases. Adware, although annoying, is rather benign, but more advanced viruses can damage your computer as well as have consequences affecting the victim’s personal life as well. Stuxnet was the first attack to demonstrate that a physical attack could be performed in the form of a cyberattack. However, most people are unaware of this attack and because they have never seen the threat are not concerned with it. As well, there are commonly accepted fallacies such as the belief the internet cannot be destroyed which undermine the importance of cyber security. Our current approach to cyber security has been unsuccessful and a more expansive approach is needed. Beyond a reformed approach, to increase cyber security at the state level, there must be increase in collaboration amongst states. However, currently many states allow cybercrime due to the economic advantages often associated with it. Furthermore, some states even fund cybercrime to increase their potential level of cyberattack. The recruitment of cyber specialists and creation of cyber weapons now imitates a traditional arms race. Therefore, a free unrestricted internet is irrational due to the level of insecurity that would exist and the damage that could be caused. 
