Policy

The question now is: what can we do?

The internet is fundamentally broken. The question now is: what can we do? The answer is messy, expensive, and occasionally involves telling very powerful people that their business model is morally questionable. Accepting the obvious First, acknowledge the unpleasant truth: there is no quick fix. Security is not a feature to be bolted on after launch; it is a mindset, a discipline, and a budget item that competes poorly with shiny new apps and quarterly profits. Anyone promising a “secure internet in six months” is either deluded, lying, or hoping to sell you a consultancy package. Acceptance, at least, costs nothing. ...

October 1, 2025 · 3 min · Nienke Fokma
A chaotic swarm of robotic spiders constructed from old IoT devices, their metallic bodies glinting dully, crawls over a fragile, intricate network of servers and cables. Sparks of electricity fly from their joints and the damaged infrastructure.

Why are we not making a defendable internet?

Once upon a time, the internet was described as an “information superhighway”. In truth, it more closely resembles the back alley behind a funfair: noisy, sticky underfoot, and populated by people selling things you probably do not want but will end up buying anyway. It is not defendable in any serious sense, and the extraordinary thing is that everyone knows this but insists on behaving as if surprise breaches and collapses are acts of God rather than consequences of design. ...

October 1, 2025 · 9 min · Nienke Fokma

The slow death of the NVD

The US National Vulnerability Database has slipped from a dull but dependable piece of security plumbing into a sputtering liability. Enrichment of CVEs has stalled, backlogs have exploded, and defenders are left with raw identifiers instead of usable intelligence. This collapse is not accidental, it is the predictable result of political austerity, funding cuts, and a fixation on flashy science over unglamorous infrastructure. In other words, the pipes have burst while Washington debates whether water is really a priority. For security teams all over the world, the message is blunt: stop waiting for rescue. Diversify your sources, automate your own triage, build peer networks, and treat metadata as survival gear, not a luxury. ...

August 20, 2025 · 6 min

Where the power goes missing: a sector-by-sector tour of European unaccountability

We often think of democratic deficits as abstract, something that lives in Brussels conference rooms and academic papers. But in practice, power without accountability isn’t just theoretical. It shows up in the bills you pay, the apps you use, the water you drink, and the politicians you never seem to be able to reach. Here’s how it plays out across key sectors: Climate and energy, lofty goals, murky delivery Europe’s climate policy is a paradox: ambitious in targets, opaque in implementation. ...

July 3, 2025 · 6 min

Defendable Internet?

David Clark remembers the moment the Internet’s Pandora’s box creaked open and said, “Hello, world.” It was 2 November 1988, and the Morris Worm was slithering its way through cyberspace like a python on speed. Designed with the innocence of a curious grad student and the destruction of a cyber sledgehammer, it crashed some 6,000 machines, roughly one-tenth of the Internet at the time. Not bad for an opening act. ...

February 1, 2023 · 4 min