International Internet day and Internet historyOct. 29 marks the anniversary of one of the most important days in tech history, International Internet Day, or the day the Internet was born. It’s probably no understatement to say that the Internet is one of the greatest technologies ever invented. In fact, the Internet accounted for 6% of the country’s Gross Domestic Product in 2015, or about $966 billion. Additionally, Pew Research Center’s ongoing study on Internet use found that roughly every nine out of 10 Americans use the Internet today — that’s 36% more Internet users when compared to the 2000 results. Yet, despite the gains produced by the Internet, the technology isn’t without its costs. Daily hacks, breaches, harassment, ransomware threats and malware attacks ruin an untold number of online lives. Although putting a price on cybercrime can prove difficult, some estimates in 2014 suggested that it was as much as $400 billion, with costs potentially exceeding $1 trillion by 2019.

In light of these extreme contrasts, many may wonder exactly how a system so complex and important could be so vulnerable. While such a broad question can be difficult to answer, to honor Internet Day, we’ve decided to take a look at the history of the Internet and how it can help explain the vulnerabilities of today’s world.

A brief history of the Internet

The history of the Internet is a topic that has spanned entire books, but there are key inventions that could be considered the stepping stones to today’s Internet.

The “first” Internet

Depending on how you define it, the “Internet” could have been born on several different occasions. That’s because while today the word is synonymous with the World Wide Web, it wasn’t always the case. Typically, the accepted birth of the Internet is associated with the creation of ARPANET, one of the more well-known early computer networks (although this isn’t without contention). Though ARPANET was a pet project of the U.S. Defense Department’s ARPA (Advanced Research Projects Agency) and the wish for a decentralized network did partly come from the fears of war, ARPANET owes far more to academics and curiosity than to military men and war strategy. The system was ultimately created by university faculty and used to connect university departments across campuses. Many specifically consider Oct. 29, 1969 – the day UCLA and Stanford faculty (almost) communicated with each other through computers – to be the birth of the Internet.

It was on ARPANET and other similar networks that ideas familiar to modern Internet users, like email and passwords, would take root, and although the network lacked the modern character of today’s Internet, it’s easy to see some of today’s problems on ARPANET. In a message to the ARPANET working group sent in 1973, Robert Metcalfe, who would become the father of Ethernet, identified security issues on the network that are eerily prescient of those plaguing the modern Internet. Abuse on other computer systems, like MIT’s CTSS, also foreshadowed the potential for malicious actors to exploit rather than disclose vulnerabilities.

ARPANET gets an upgrade

In the 1970s, researchers worked on a way of connecting multiple computer networks through a single, unified standard. While individual computer systems could join existing networks, there was no way to have existing networks communicate with other existing networks. This all changed with the invention of the TCP/IP protocol suite, a key component of today’s Internet. This new invention meant disparate and isolated networks could reach each other, regardless of the hardware they used, something closer in line with the modern Internet.

While TCP/IP served an important function, it was not without vulnerabilities; however, at the time, these vulnerabilities weren’t apparent because of the needs these protocols served. It wouldn’t be until the creation of the World Wide Web, when the system was used in ways unanticipated by its creators, that these issues would even begin to be identified. Vint Cerf, one of the creators of TCP/IP, has talked several times before about his regrets of failing to implement encryption and other features into TCP/IP. But even if Cerf were aware of future problems, it’s not apparent that implementing such things would have been feasible at the time. For example, Cerf once pointed out that encryption technology was an NSA classified secret in the 1970s.

Modern networking is born

Another much later innovation that was critical to the Internet of today was the Border Gateway Protocol (BGP). BGP is important to how routers function and allows information to flow freely and autonomously across the Internet without the need for network maps or central control. While BGP was an ingenious solution to a timely issue when it was invented in the 1990s, like TCP/IP, BGP has vulnerabilities that are now being noticed and need to be addressed.

The rise of the modern Internet

As many likely already know, the 1990s saw the rise of personal computing and the first websites – the so-called Web 1.0. Even back then, though, insecurity wasn’t uncommon. In order to make programs more accessible, the tech companies of the day often forwent engaging with cybersecurity proactively. One can arguably say that the story of the Internet as a whole is shaped by the tradeoffs between security and convenience – old vulnerabilities, many created unknowingly, would collect and gather in systems only to be addressed after being exploited.

Depending on who you ask, the era of reactive or “patch and pray” security hasn’t gone away. Nowhere is this issue more evident than in the modern Internet of Things (IoT) ecosystem, where consumer convenience seems to best cybersecurity. In addition to all of the vulnerabilities of eras past, IoT introduces another layer of insecurities which can be exploited by hackers. As we’ve mentioned in other posts, some smart device manufactures hard-code passwords and fail to disclose the security risks of IoT devices to consumers until they’ve already been exploited, allowing for the rampant hacking of these devices.

What’s being done about the Internet’s insecurities?

Many security researchers and computer scientists have discussed the issues of the Internet at length. While there’s no singular vision about how to move forward, a number of proposals and projects have emerged in response to the problems plaguing the Web. Some have suggested rebuilding the Web from scratch, while others wish to change how networking happens over the Internet. In small ways, each of these ideas might be shaping the Internet’s future. Perhaps the biggest shift is that cybersecurity is an issue that has become important in the last two decades. In fact, many companies now have dedicated cybersecurity departments, and the online data industry as a whole has seen increases in investment. Additionally, with privacy and security issues continuously making headlines, more and more consumers are demanding that systems be secure by default.

What can you do to stay safe online?

Whether the Internet is patched or rebuilt from scratch in the future, there are a few things you can do in the present to stay safe.

1. Use strong passwords. Weak passwords have been a liability since the days of ARPANET, so it stands to reason that in today’s world, they’re a total security risk. While the idea of memorizing long and complex passwords for each of your accounts might seem absurd, using a password manager is a viable alternative that might prove useful. If you do opt to stick with the old way of memorizing passwords, make sure your password includes a mixture of uppercase and lowercase letters, special characters and numbers. Also, be sure that you don’t have the same password for all of your online accounts or reuse passwords, as both are habits that make your accounts more vulnerable to hackers.

2. Use optimal security and privacy for your accounts. Every service online should have a section of its site or program that allows you to set the security and privacy features for your account. For each of these, you’ll want to commit to using the highest security and privacy settings possible. In most cases, this will mean activating things like two-factor authentication and creating more complex password reset answers. If it’s a social media site, you’ll want to make sure you check your privacy settings regularly to confirm your posts are only viewable to your online friends. Also, be mindful about what you share, as you could be exposing your identity.

3. Favor services that use encryption (or set up your own). While encryption by itself doesn’t guarantee safety it can eliminate some common threats. You should make sure to stick to sites with HTTPS, especially on pages where you’re inputting or sharing any type of information, such as your login information. If you’re a more technical user, you might want to consider using a plugin like HTTPS Everywhere or a Virtual Private Network (VPN) to encrypt all of your online activity.

4. Reduce your attack surface. Do you have any old accounts or devices that you no longer use? If so, it’s time to take them out of commission and complete a factory reset. In fact, you should do some digital cleaning once every six months or so to reduce your attack surface (the number of entryways granting hackers access to your information). Closing out old accounts and being mindful of your activity online are two ways you can start managing your attack surface.

5. Think like a hacker. With phishing increasing in frequency, it’s time that we all started thinking like scammers and hackers. In addition to securing your devices and online accounts, familiarize yourself with social engineering and the anatomy of a scam so that you aren’t the weakest link in your attack surface.

6. Don’t purchase products that are insecure by default. With all of the high profile breaches and leaks that took place this year, it looks like 2017 might be a watershed moment for cybersecurity as companies begin realizing its significance and the dangers of not taking it seriously. With that in mind, consumers should become more cybersecurity conscious and avoid purchasing insecure products. Doing so will send a clear signal to companies that creating products that are insecure at launch is a bad investment.

Looking for more informative cybersecurity content? Keep reading our technology blog, where we break down the cybersecurity stories that affect you directly.