Last Friday\u2019s massive DDoS attack against Dyn.com\u00a0and its DNS services slowed down or knocked out internet connectivity for millions of users for much of the day. Unfortunately, these sorts of attacks cannot be easily mitigated. We have to live with them for now.Huge DDoS attacks that take down entire sites can be accomplished for a pittance. In the age of the insecure internet of things, hackers have plenty of free firepower. Say the wrong thing against the wrong person and you can be removed from the web, as Brian Krebs recently discovered.Krebs' warning is not hyperbole. For my entire career I\u2019ve had to be careful about saying the wrong thing about the wrong person for fear that I or my employers would be taken down or doxxed. Krebs became a victim even with the assistance of some of the world\u2019s best anti-DDoS services.Imagine if our police communications were routinely taken down simply because they sent out APBs on criminal suspects or arrested them. Online hackers have certainly tried. Plenty of them have successfully hacked the online assets of police departments and doxxed their employees.Flailing at DDoS attacksReaders, reporters, and friends have asked me what we can do to stop DDoS attacks, which break previous malicious traffic records every year. We're now seeing DDoS attacks that reach traffic rates exceeding 1Tb per second. That\u2019s insane! I remember being awed when attacks hit 100Mb per second.You can\u2019t stop DDoS attacks because they can be accomplished anywhere along the OSI model -- and at each level dozens of different attacks can be performed. Even if you could secure an intended victim's site perfectly, the hacker could attack upstream until the pain reached a point where the victim would be dropped to save everyone else.Because DDoS attackers use other people's computers or devices, it\u2019s tough to shut down the attacks without taking out command-and-control centers. Krebs and others have helped nab a few of the worst DDoS attackers, but as with any criminal endeavor, new villains emerge to replace those arrested.The threats to the internet go beyond DDoS attacks, of course. The internet is rife with spam, malware, and malicious criminals who steal tens of millions of dollars every day from unsuspecting victims. All of this activity is focused on a global network that is more and more mission-critical every day. Even activities never intended to be online -- banking, health care, control of the electrical grid -- now rely on the stability of the internet.That stability does not exist. The internet can be taken down by disgruntled teenagers.What would it take?Fixing that sad state of affairs would take a complete rebuild of the internet -- version 2.0. Version 1.0 of the internet is like a hobbyist's network that never went pro. The majority of it runs on lowest-cost identity and zero trust assurance.For example, anyone can send an email (legitimate or otherwise)\u00a0to almost any other email server in the world, and that email server will process the message to some extent. If you repeat that process 10 million times, the same result will occur.The email server doesn\u2019t care if the email claims to be from Donald Trump and originates from China or Russia\u2019s IP address space. It doesn\u2019t know if Trump\u2019s identity was verified by using a simple password, two-factor authentication, or a biometric marker. There\u2019s no way for the server to know whether that email came from the same place as all previous Trump emails or whether it was sent during Trump\u2019s normal work hours. The email server simply eats and eats emails, with no way to know whether a particular connection is more or less trustworthy than normal.Internet 2.0I believe the world would be willing to pay for a new internet, one in which the minimum identity verification is two-factor or biometric. I also think that, in exchange for much greater security, people would be willing to accept a slightly higher price for connected devices -- all of which would have embedded crypto chips to assure that a device or person\u2019s digital certificate hadn\u2019t been stolen or compromised.This professional-grade internet would have several centralized services, much like DNS today, that would be dedicated to detecting and communicating about badness to all participants. If someone\u2019s computer or account was taken over by hackers or malware, that event could quickly be communicated to everyone who uses the same connection. Moreover, when that person\u2019s computer was cleaned up, centralized services would communicate that status to others. Each network connection would be measured for trustworthiness, and each partner would decide how to treat each incoming connection based on the connection\u2019s rating.This would effectively mean the end of anonymity on the internet. For those who prefer today's (relative) anonymity, the current internet would be maintained.But people like me and the companies I've worked for that want more safety would be able to get it. After all, many services already offer safe and less safe versions of their products. For example, I\u2019ve been using Instant Relay Chat (IRC) for decades. Most IRC channels are unauthenticated and subject to frequent hacker attacks, but you can opt for a more reliable and secure IRC. I want the same for every protocol and service on the internet.I\u2019ve been writing about the need for a more trustworthy internet for a decade-plus. The only detail that has changed is that the internet has become increasingly mission-critical -- and the hacks have grown much worse. At some point, we won\u2019t be able to tolerate teenagers taking us offline whenever they like.Is that day here yet?