Defending cyberspace: why national mindsets need to change
by James Morgan,Science Releif Contributor
Experts from De Montfort University (DMU) have warned that as the defence of cyberspace becomes more important than that of land, sea or air, Cold War attitudes towards cyber security must be abandoned. The researchers, whose arguments have been published in the latest edition ofJane’s Intelligence Review, contend that a radical shift in thinking will be necessary if we are to successfully defend the virtual domain against would-be cyber attackers.
I spoke to Dr Watson, Director of the CSC, to learn more about the relationship between the future security of cyberspace and this much-needed shift in thinking…
To what extent are present-day attitudes towards cyber security coloured by notions dating back to the Cold War?
The short answer to your question is that present-day attitudes are influenced by Cold War thinking to a very great extent. In the early days of the internet – when it was known as the Advanced Research Projects Agency Network (ARPANET) – its entire design was based around facilitating communication in the face of nuclear war. Since this time, the system has not necessarily developed with commercial interests at heart. You have to remember that the roots of the internet are largely grounded in West Coast American thinking; it began life with an anti-corporate flavour. In addition, there was the ever-present threat of attack that existed during the Cold War. As a result, when corporate America got involved with the internet, a siege mentality was adopted: ‘This is our technology, we use it to run our business and we control it’. In the early days, this represented a fantastic selling point. It was brilliant to work for a large corporation because if you were lucky, you got your own computer and you were given free reign to write programmes. The corporations owned the IT, but more than that, they had the best IT.
Since then, however, a radical shift has taken place. The technology that you have in your home right now is likely to be far superior to that provided to you within your work environment. Your personal technology is probably much more flexible, and aids your life to a far greater extent, than these locked down, bunkered systems that organisations continue to use. Our basic thesis is that if you understand the history of the internet, you will appreciate that the world has changed dramatically since its inception. In turn, we too must change our thinking accordingly.
How can nations and corporations go about enacting the changes that you are proposing?
Again, I would suggest that they take a leaf from history. The tradition of the nation state with a single controlling mind at its helm is dominated by the notion of property ownership. Diplomacy came second to military conquest. From Viscount Castlereagh’s time onwards, however, we have witnessed the emergence of diplomacy and global governance. Rather than unilateral treaties between individual nations, there is now a preference for multilateral agreements such as those associated with the United Nations. This model can be translated to the cyber domain. There persists a sense of ownership over IT, and individual organisations continue to adopt unilateral treaties. We must move to a system that concentrates on the common good of our shared infrastructure, rather than one which focuses on ownership. We need a much more organic approach; one that treats IT like the high seas or like space. It no longer makes sense to say that people can own ‘parts’ of cyberspace. Neither does it make sense to assume that these parts can be isolated from the rest of the domain.
What consequences might result from the failure to change our thinking? What are the dangers as you see them?
The danger is that organisations, communities and nations will lose the things that they value, such as freedom and economic wellbeing. To give a concrete example, there are companies today that are losing hundreds of millions of pounds of their own value because they continue to sit at the boundary of their IT systems, trying to defend. This is rather like adopting the French Maginot Line. Organisations are trying to protect against invaders with firewalls and locked-down systems. What they fail to appreciate is that their own employees are wandering about with personal smartphones and laptops. They are bringing their own devices to work and they are browsing personal websites. This means that attackers who want to get their hands on intellectual property don’t have to go through a company’s firewall. Employees are leaving the doors open for anybody to walk in and to take whatever they please. The majority of products and services that are currently being sold to companies – antivirus software and firewalls – are shrink wrapped and have lots of assurances associated with them. However, there isn’t much in the way of sensible security on sale that can effectively manage the consumerisation of IT.
Why would it help to learn more about the origins of our dependence on computer networks? What practical benefits might result from this knowledge?
I would answer that question with another question. What practical benefits do we, as a nation, feel result from studying history? It is said that if you don’t understand the past, you are destined to repeat it. For instance, an understanding of history – an appreciation of how we got to where we are – is of great benefit within politics. Politicians, whether in the Foreign Office or in senior positions elsewhere, have a keen sense of both recent and longer-term history. For exactly the same reason, we need to have a keen sense of history in respect to the cyber domain.
If we want to understand why we think as we do and why we make the choices that we make, we must understand where we come from. We need an appreciation of the context and the origins of the normative assumptions that we make. One dysfunction that has persisted since the Cold War epoch of computing is the notion that computing systems are principally technical, scientific, mathematical constructs. They are not; they haven’t been for a considerable period of time. On the contrary, they are now profoundly human systems with profoundly human-centred interactions. As a result of the widespread failure to recognise and act upon this fact, people continue to work for organisations in which they encounter artefacts, architectures and constructs that actively impede their capacity to work. This contrasts horrendously with their experiences at home, where technology is both empowering and enabling. Why? Why do we continue to integrate hierarchical structures within commercial computing? Why do businesses and nations persist with a subject-object construct when in reality, other computing sectors have long since dispensed with this model?
Do you have any thoughts as to why this might be?
It’s because cultural overhangs are a phenomenon of human existence. I’ll give you an example. For centuries, kettles were boiled over fires. Consequently, their handles were placed on top. This makes perfect sense because it is the most distant point from the source of direct heat. However, this design also means that the user’s hand is closer to the steam than it needs to be. When you pour the boiled kettle, your hand is moved into the path of the steam. When we invented the electric kettle, we changed this model completely. A direct heat source was no longer necessary, yet for about three decades, we continued to put handles on top of kettles. Today, the vast majority of electric kettles have handles on their sides.
There is a cultural and intellectual inertia which represents an abiding feature of the human condition. This inertia is reinforced by powerful social and economic constructs. It is not simply about the way in which we think about computers; it is also about the way in which the economy around computers operates. One of the Cold War’s legacies is an economic model that continues to form the basis for a multi-billion dollar business. In societal terms, this is becoming a concern.
So what needs to happen in order for this situation to change?
I think that you can see change taking place right now. If you look at the Arabian Peninsula – to North Africa and the Arab Spring – the role of technology is already changing. Consider the role of technology in the economy. It is adapting in line with certain economic realities. Access to capital used to be a minority sport. Nowadays, this is not the case. Innovations that exploit the interconnectivity, ubiquity, power and availability of modern technologies, are beginning to confer massive advantages upon those who adopt them. 3D printing will also factor into this. One of the characteristics of cyberspace that is distinct from the internet is that it is a domain of human operation. It renders obsolete older notions concerning the division between the corporeal and the virtual. Cyberspace encompasses corporeal printing. Within the next decade, people will begin to print products in their own homes. They won’t buy them, they won’t have them shipped to their houses; they will print them. I think that corporeal printing will explode in exactly the same way that mobile phones did. In the 1980s, mobile phones were the preserve of the rich. If you had a mobile phone, you were as much an object of ridicule as you were of envy. Nowadays, mobile phones are utterly ubiquitous. They have exploded at an unprecedented rate.
When I was young, if somebody worked with computers it was a mark of intelligence and high status. This is no longer the case. In the television programme The IT Crowd the IT support staff are objects of ridicule; not the technology, the people. They are pilloried in the show because they thinkthat they are experts but in actuality, they are simply denying their co-workers the goodness of the IT. The fact that there is such a successful television show based around this premise tells you something very important about the changes that are taking place right now.
Experts from De Montfort University (DMU) have warned that as the defence of cyberspace becomes more important than that of land, sea or air, Cold War attitudes towards cyber security must be abandoned. The researchers, whose arguments have been published in the latest edition ofJane’s Intelligence Review, contend that a radical shift in thinking will be necessary if we are to successfully defend the virtual domain against would-be cyber attackers.
The technology that you have in your home right now is likely to be far superior to that provided to you within your work environment. Your personal technology is probably much more flexible, and aids your life to a far greater extent, than these locked down, bunkered systems that organisations continue to use.
Dr Tim Watson
Whilst many governments and corporations appreciate the importance of cyber defence – the UK’s National Security Strategy treats hostile cyber attacks as seriously as it does international military crises – the team warns that the nature of cyber security remains widely misunderstood. The paper, which was co-authored by Dr Tim Watson, Colin Williams and Ian Bryant from DMU’s Cyber Security Centre (CSC), points out that despite lingering attitudes to the contrary, cyberspace is the direct product of, and will continue to be entirely shaped by, human activity.Dr Tim Watson
I spoke to Dr Watson, Director of the CSC, to learn more about the relationship between the future security of cyberspace and this much-needed shift in thinking…
To what extent are present-day attitudes towards cyber security coloured by notions dating back to the Cold War?
The short answer to your question is that present-day attitudes are influenced by Cold War thinking to a very great extent. In the early days of the internet – when it was known as the Advanced Research Projects Agency Network (ARPANET) – its entire design was based around facilitating communication in the face of nuclear war. Since this time, the system has not necessarily developed with commercial interests at heart. You have to remember that the roots of the internet are largely grounded in West Coast American thinking; it began life with an anti-corporate flavour. In addition, there was the ever-present threat of attack that existed during the Cold War. As a result, when corporate America got involved with the internet, a siege mentality was adopted: ‘This is our technology, we use it to run our business and we control it’. In the early days, this represented a fantastic selling point. It was brilliant to work for a large corporation because if you were lucky, you got your own computer and you were given free reign to write programmes. The corporations owned the IT, but more than that, they had the best IT.
Since then, however, a radical shift has taken place. The technology that you have in your home right now is likely to be far superior to that provided to you within your work environment. Your personal technology is probably much more flexible, and aids your life to a far greater extent, than these locked down, bunkered systems that organisations continue to use. Our basic thesis is that if you understand the history of the internet, you will appreciate that the world has changed dramatically since its inception. In turn, we too must change our thinking accordingly.
How can nations and corporations go about enacting the changes that you are proposing?
Again, I would suggest that they take a leaf from history. The tradition of the nation state with a single controlling mind at its helm is dominated by the notion of property ownership. Diplomacy came second to military conquest. From Viscount Castlereagh’s time onwards, however, we have witnessed the emergence of diplomacy and global governance. Rather than unilateral treaties between individual nations, there is now a preference for multilateral agreements such as those associated with the United Nations. This model can be translated to the cyber domain. There persists a sense of ownership over IT, and individual organisations continue to adopt unilateral treaties. We must move to a system that concentrates on the common good of our shared infrastructure, rather than one which focuses on ownership. We need a much more organic approach; one that treats IT like the high seas or like space. It no longer makes sense to say that people can own ‘parts’ of cyberspace. Neither does it make sense to assume that these parts can be isolated from the rest of the domain.
What consequences might result from the failure to change our thinking? What are the dangers as you see them?
The danger is that organisations, communities and nations will lose the things that they value, such as freedom and economic wellbeing. To give a concrete example, there are companies today that are losing hundreds of millions of pounds of their own value because they continue to sit at the boundary of their IT systems, trying to defend. This is rather like adopting the French Maginot Line. Organisations are trying to protect against invaders with firewalls and locked-down systems. What they fail to appreciate is that their own employees are wandering about with personal smartphones and laptops. They are bringing their own devices to work and they are browsing personal websites. This means that attackers who want to get their hands on intellectual property don’t have to go through a company’s firewall. Employees are leaving the doors open for anybody to walk in and to take whatever they please. The majority of products and services that are currently being sold to companies – antivirus software and firewalls – are shrink wrapped and have lots of assurances associated with them. However, there isn’t much in the way of sensible security on sale that can effectively manage the consumerisation of IT.
Why would it help to learn more about the origins of our dependence on computer networks? What practical benefits might result from this knowledge?
I would answer that question with another question. What practical benefits do we, as a nation, feel result from studying history? It is said that if you don’t understand the past, you are destined to repeat it. For instance, an understanding of history – an appreciation of how we got to where we are – is of great benefit within politics. Politicians, whether in the Foreign Office or in senior positions elsewhere, have a keen sense of both recent and longer-term history. For exactly the same reason, we need to have a keen sense of history in respect to the cyber domain.
If we want to understand why we think as we do and why we make the choices that we make, we must understand where we come from. We need an appreciation of the context and the origins of the normative assumptions that we make. One dysfunction that has persisted since the Cold War epoch of computing is the notion that computing systems are principally technical, scientific, mathematical constructs. They are not; they haven’t been for a considerable period of time. On the contrary, they are now profoundly human systems with profoundly human-centred interactions. As a result of the widespread failure to recognise and act upon this fact, people continue to work for organisations in which they encounter artefacts, architectures and constructs that actively impede their capacity to work. This contrasts horrendously with their experiences at home, where technology is both empowering and enabling. Why? Why do we continue to integrate hierarchical structures within commercial computing? Why do businesses and nations persist with a subject-object construct when in reality, other computing sectors have long since dispensed with this model?
Do you have any thoughts as to why this might be?
It’s because cultural overhangs are a phenomenon of human existence. I’ll give you an example. For centuries, kettles were boiled over fires. Consequently, their handles were placed on top. This makes perfect sense because it is the most distant point from the source of direct heat. However, this design also means that the user’s hand is closer to the steam than it needs to be. When you pour the boiled kettle, your hand is moved into the path of the steam. When we invented the electric kettle, we changed this model completely. A direct heat source was no longer necessary, yet for about three decades, we continued to put handles on top of kettles. Today, the vast majority of electric kettles have handles on their sides.
There is a cultural and intellectual inertia which represents an abiding feature of the human condition. This inertia is reinforced by powerful social and economic constructs. It is not simply about the way in which we think about computers; it is also about the way in which the economy around computers operates. One of the Cold War’s legacies is an economic model that continues to form the basis for a multi-billion dollar business. In societal terms, this is becoming a concern.
So what needs to happen in order for this situation to change?
I think that you can see change taking place right now. If you look at the Arabian Peninsula – to North Africa and the Arab Spring – the role of technology is already changing. Consider the role of technology in the economy. It is adapting in line with certain economic realities. Access to capital used to be a minority sport. Nowadays, this is not the case. Innovations that exploit the interconnectivity, ubiquity, power and availability of modern technologies, are beginning to confer massive advantages upon those who adopt them. 3D printing will also factor into this. One of the characteristics of cyberspace that is distinct from the internet is that it is a domain of human operation. It renders obsolete older notions concerning the division between the corporeal and the virtual. Cyberspace encompasses corporeal printing. Within the next decade, people will begin to print products in their own homes. They won’t buy them, they won’t have them shipped to their houses; they will print them. I think that corporeal printing will explode in exactly the same way that mobile phones did. In the 1980s, mobile phones were the preserve of the rich. If you had a mobile phone, you were as much an object of ridicule as you were of envy. Nowadays, mobile phones are utterly ubiquitous. They have exploded at an unprecedented rate.
When I was young, if somebody worked with computers it was a mark of intelligence and high status. This is no longer the case. In the television programme The IT Crowd the IT support staff are objects of ridicule; not the technology, the people. They are pilloried in the show because they thinkthat they are experts but in actuality, they are simply denying their co-workers the goodness of the IT. The fact that there is such a successful television show based around this premise tells you something very important about the changes that are taking place right now.
Leave Your Comments!
Feel free to leave
comments!
Posted by Unknown
on Thursday, January 03, 2013.
Filed under
Computer And Math,
Technology
.
You can follow any responses to this entry through the RSS 2.0