The internet is broken. Not the “buffering on YouTube” kind of broken, but fundamentally, architecturally, absurdly broken. We know why: history, culture, economics, politics, and human laziness have all conspired to turn it into a precarious tower of routers teetering on a cliff.
The question now is: what can we actually do about it? The answer is messy, expensive, and occasionally involves telling very powerful people that their business model is morally questionable.
Accepting the obvious
First, we must acknowledge the unpleasant truth: there is no quick fix. Security is not a feature to be bolted on after launch; it is a mindset, a discipline, and a budget item that competes poorly with shiny new apps and quarterly profits. Anyone promising a “secure internet in six months” is either deluded, lying, or hoping to sell you a consultancy package. Acceptance, at least, costs nothing.
Building things to last
Historically, we have treated digital infrastructure as ephemeral. IoT devices with permanent vulnerabilities, legacy protocols held together with hope and glue, software libraries maintained by single volunteers with full-time jobs — these are the hallmarks of our civilisation.
To create a defendable internet, we need hardware and software that are patchable, auditable, and robust. Systems should survive decades, not quarters. Open standards should be the norm, not a marketing slogan. The digital foundations we lay today must be capable of standing the test of time — and relentless curiosity from people who like poking at things that are not theirs.
Fixing incentives
The internet is a tragedy of incentives. Vendors profit from shipping first, not shipping safely. Users click “accept all” because reading terms and conditions is a form of medieval torture. Governments fund offensive cyber capabilities while hoping resilience will magically appear as a side effect.
Aligning incentives is essential. Companies should face meaningful consequences for shipping insecure products. Open-source projects that underpin critical systems deserve sustainable funding, not burnout-driven heroics. And security should be a selling point, not an afterthought buried in legalese.
Regulation, but intelligently
Yes, regulation can help, but only if it is clever. GDPR-style fines alone are a weak incentive. Effective regulation would mandate maintenance windows, enforce minimum security standards before shipping, and encourage international cooperation. Cybercrime does not respect borders, so resilience standards should not either.
Of course, resistance will be fierce. Change always meets pushback, especially when it threatens profits or prestige. But maintaining the status quo is a choice — a circus that happens to be on fire.
Humans, realistically
Humans are both the problem and the solution. Users cannot memorise dozens of passwords or navigate cryptic warnings. Organisations cannot assume breaches will never happen. Education must be grounded in reality: make secure choices the default, train people to recognise anomalies rather than panicking over every notification, and embed security thinking into organisational culture.
Slow, yes. Expensive, perhaps. But much faster than waiting for humans to become rational overnight.
Planning for the inevitable
Even if every one of the above steps succeeds perfectly, breaches will occur. Systems must be designed with compromise in mind. Segmentation, redundancy, rapid detection, and honest post-mortems are all more effective than hoping attacks will never happen. Resilience is about recovery as much as prevention.
Conclusion
Building a defendable internet is unglamorous and will frustrate executives, politicians, and users alike. Yet the alternative — continuing to rely on hope, duct tape, and human error — is simply not tenable.
The path forward is clear if unappealing: design for durability, align incentives, regulate intelligently, educate realistically, and plan for compromise. It will be messy and expensive, and it will require acknowledging that our current internet is, frankly, a glorious mess.
Start taking these steps seriously, and we might finally move from sandcastles on quicksand to structures that actually stand a chance. And that, however slowly, is worth the effort.