(Kin Cheung/AP)
August 22, 2014

THE PARADE of misbehavior by spies, thieves and warriors on the Internet is endless. In recent days it was reported that Chinese intruders have stolen medical records for 4.5 million patients and that customer names, postal addresses, e-mail addresses and payment card information were breached at 51 United Parcel Service stores between March and August. The retailer Target has reported that the data breach discovered last December has cost it more than $140 million.

The Internet, a system built on openness and trust, is undergoing a crisis of security. In the past, we have endorsed calls for Congress to act on legislation that would make it easier for the government and private sector to cooperate and fight the predators. But Congress has not moved.

What’s needed is new thinking about how to respond. Jason Healy of the Atlantic Council has warned that it is possible “the Internet will not remain as resilient, free, secure and awesome for future generations as it has been for ours.” We ought to act now for those future generations.

On Aug. 19, Wired magazine posted a series of essays titled “How to Save the Net” that reflect a desire to break out of traditional responses. Peter W. Singer of the New America Foundation suggests creating a kind of Centers for Disease Control and Prevention for cyberspace. The idea, which has been around for a few years, would be a new organization to bridge the gap between public and private and serve as a trusted source of information, as well as a beacon for early warning. Notably, it would not be part of the military or intelligence system, like the National Security Agency, which has considerable cyberprowess but also a lot of baggage.

What’s appealing about a cyber-CDC is that it might enjoy the kind of widespread respect that the Atlanta-based disease-fighting agency has earned. The analogy with biological threats is not perfect; adversaries in cyberspace are man-made dangers that can be agile and avaricious. Yet there may be a kernel of a valuable idea here: to create a new, federally funded research and development center for the cyberuniverse. Mr. Healy has rightly pointed out that involving the private sector is critical; no solution can be government-only.

Globally, the task becomes much harder but no less pressing. James Lewis of the Center for Strategic and International Studies suggests the chaos in cyberspace today resembles the world’s unruly financial and monetary system before the Bretton Woods conference in 1944 laid out a system of rules and institutions. Could the Bretton Woods model for a cyberconference bring some order out of today’s miasma? Would nations sign up for such a cooperative effort? Russia and China are sanctuaries for cybercrime and distruption because they serve their interests, and they may not want to cooperate. But cyberattacks are transnational. Fresh thinking must be global.

Let’s face the reality: Waiting for Congress is getting us nowhere. New thinking is desperately needed.

Continue reading 10 minutes left