A Real Cybersecurity Future

If I could get President Trump’s ear in advance of his meeting with Russian President Putin I would try to convince him to do two things associated with this meeting.

Namely, walk into the meeting and tell President Putin that he needs to join the United States in a bilateral treaty against cyber-abuse, and if he refuses, end the meeting and have our cyber-agencies bring-down Moscow’s phone system or some other non-harmful cyber-effect that conveys to President Putin that times — and the United States — has changed.

Politics

Politically this would be quite the win. It would put to end all of the criticism that President Trump needs to deal with Putin as the untrustworthy adversary that he actually is, while at the same time, earning the attention and possibly respect-of-our-strength that President Putin needs to get. Indeed, it would put us in a position of strength to deal with all of the other matters with Russia including those that didn’t get addressed, by walking out of the meeting.

Real World Cyber is Not What our Politicians or Media Think

Politicians, media and other people that are in a position of power, talk of getting Russia to stop their cyber-activity. “Stopping” is not only unrealistic, but it is harmful.

Cyber-activity is an ever-expanding thing; doable by anyone anywhere at any time at essentially no cost or barrier, and can only be defended via a never-ending cat-and-mouse game where hackers discovering never-before-imagined attack-vectors makes the good guys aware of the vulnerability that in turn, they close.

In practical terms, if Russia was to somehow magically “stop” tomorrow, China, North Korea, Iran and some snarky teenager located who-knows-where (including our own Country) will still be working away accumulating vulnerabilities in everything from our Energy-grid to Election-systems.

Politicians and the media talk of “stopping” meddling in our elections. This can’t be stopped — even lone individuals provoking controversy on social media or even paying for inflammatory advertisements in plain sight, can, and it is wise to believe are, meddling with us even just for sport. Similarly, where and how does one draw the line in a country of free speech. We can’t “stop” it but there’s a heck of a lot that we can do to expose the sources and diminish their effectiveness.

I could go on and on, but the point is that instead of thinking that there’s some political or even technical way to “stop” cyber-activity, our politics and policy needs to expect and count on it happening more than ever.

With that brief encapsulation of the right way to “get” cyber matters, here are three of the implications to draw from it.

Politics / Policy

The bilateral treaty identified at the outset puts in place the mechanism assuming and expecting that there will be cyber-activity. Instead of trying to “stop” cyber-activity, the treaty puts the onus on each nation to cooperate in the identification and prosecution of the cyber-actors, but if and when Russia fails to comply with this prosecution, the treaty gives us the justification to cyber-retaliate against Russia. It’s somewhat akin the nuclear weapon treaties wherein they did not even expect that nuclear weapons could be stopped, but rather establish a point/counter-point incentive for each side containing the harmful conflagration of it.

We Have Met the Enemy and It is Us. Burn Me Once Shame on You; Burn Me Twice Shame on Me.

When we suffer a cyber-penetration (from someone else), we did it to ourselves.

The Gestalt of this perspective is woefully deficient throughout our entire economy and culture.

For example, it’s telling that there aren’t high-securitized versions of Android and Apple smartphones (and furthermore that our politicians, field technicians, and anyone touching any system with sensitive controls and/or information just resort to using the Android and Apple smartphones that are publicly available). We could have “perfect” cyber-technology, but as long as our people with power over sensitive information and systems walk around with a smartphone that is an inviting target for a pimply teenager to penetrate just for kicks, we are handing the gun that will kill us to our murderer. Witness, for example, the extraordinary-unanticipated side-effect of mobile-phone physical-training apps actually providing the Taliban with precise and predictable information about when and where to attack our troops in Afghanistan. It’s also time for Apple and Google to develop and offer a cyber-hardened version of their smartphones — indeed, it’s presently a missed business opportunity for them.

Similarly, the infamous cyber-penetration of the DNC computers was through well-known dirt-simple human-factor ploys almost as old as the commercial Internet itself. What was lacking, wasn’t some science-fiction type of cybersecurity technology, but rather nothing more than the proper mindset about cyber-security. Odds are that the cyber-hackers were probably very disappointed that the DNC made it so easy for them.

Meanwhile, the fundamental design of most of the systems the control much of our economy and government is woefully predisposed to cyber-based harm. These systems use single-points of decision; once the perimeter of the system is penetrated they are wide-open to all manner of side-effects. These systems need to be fundamentally redesigned using consensus-based decision mechanisms akin to blockchain technology and other modern technologies. Until we take on these major and decisive changes, both we are vulnerable and we put ourselves in this vulnerable position.

It’s time to cast aside the sound-bite “solutions” and mindset of our politicians and media, adopt the realistic mindset that cyber-resilience and defense is our perpetual responsibility, and let real cyber-experts do their job…. including abiding by any and all cyber-hygiene.

Related posts:

Blockchain is a decentralized public ledger that stores data on various nodes which can be accessed by all users. Which is hastily revolutionizing many industries, as technology advances, it started…

The development of augmented reality goes faster than you could possibly imagine. This could be seen as a good thing, because there are a lot of useful and helpful applications which could really…

Luova Aalto is excited to announce the fantastic mentors that will be there to help and support you throughout the event. Let us introduce you to Eeva Siika-aho and Ella Ronkainen from Industryhack…