A Probability of 1

https://api.army.mil/e2/c/images/2020/07/21/33b635e8/size0-full.jpg
Image Credit: U.S. Army

Posted: February 9, 2016 | By: Barbara Endicott-Popovsky

If you protect a luscious, valuable, amazingly tempting data object, the probability of its being stolen is 1. It’s as sure as death and taxes. It’s only a matter of an attacker’s time and resources before it’s gone; these are no obstacles to determined adversaries like nation states and organized crime. So why don’t our corporate leaders ‘get’ this certainty? Why are so many, like Target, caught off guard?

This question has bugged me ever since I attended a professional conference that featured a panel of top executives from the Fortune 500 congratulating themselves on their unbreakable perimeter defenses that ‘no attacker could penetrate.’ As I listened I had images of the Titanic going down and couldn’t help raising my hand to ask if any had considered how to defend against other kinds of exploits that avoid firewall penetration, like Stuxnet (which I briefly explained). Why bother when compromising humans is so easy? Or as a colleague is fond of saying, ‘there is no firewall for stupid!’ [1]

There was stunned silence from the speaker and then a mumbled ‘we probably need to explore other scenarios.’ One of the panelists under his breath muttered, ‘we just installed a USB port in….’ and proceeded to describe a sensitive installation that would be a delightful target for the ill-intended.

How did we get here? How are so many aspects of society so blind when the consequences or cyber theft and compromise are so stark?

Lagging behind in the Information Age

I think you can agree that we all struggle to stay current with technology and often don’t grasp the unintended consequences of the shiny new innovations that we embrace. We’re transitioning to the Information Age, watching the Industrial Age fade in the rear view mirror. According to Covey [2] [3] , this transforms our way of living in profound ways–how we advance in the world, how we work, our sense of time, how we problem solve, how we learn.

To gain appreciation for the enormity of what we’ve done to ourselves with our embrasure of technology, I’ve been reflecting on the table below, imagining myself in each age, visualizing my life in every detail. I marvel at the unintended consequences I’ve discovered as a result, and I work in this field!

I’m not suggesting we become luddites and live by candlelight; I am suggesting that we consider where we’ve come from and where we’re now living. Morris Massey’s training seminar called ‘What You Are Is Where You Were When’ makes the case that our values are fixed in the paradigm existing when we turned age 10 [4] . From then on, we interpret what we see and weigh our decisions through that lens. Where were you at 10?

I invite you to take quiet time and contemplate this question. While you may be among the enlightened, technically, way ahead of most in ‘getting’ technology, ask yourself how likely is it that those who are leading us politically and economically really do understand the impacts of the transformation we are still in the middle of accomplishing. An exercise such as this might help you gain insight into why cybersecurity is something those at the top rarely grasp. Most likely, when they were 10, they were in the heart of the Industrial Age developing their world view from that paradigm. Is it any surprise they need extra help in thinking through cyber risk?

art3fig1
 

Surrounded by Oceans and ‘Soft’ Countries

At the heart of this transformation is our symbiotic relationship with the Internet. Table 2, brings home its pervasiveness; and we’re only at the beginning! With only 25% of the world’s population surfing the Net today, think how our lives will change as saturation increases and we move increasingly online. Further, consider the continued effects of the clash of cultures as radically different countries become side-by-side neighbors online.

In this country we have had the luxury of two oceans on either side, left and right, with two ‘soft’ countries above and below us that are basically cooperative and ‘like us.’ This can inure us to what we have done by becoming virtual next door neighbors with all of our friends online in the Table below. I’m fond of telling my students that my mother named six kids that I was absolutely to avoid like the plague when I was growing up. I still remember the name of the boy at the top of the list. These were perennial troublemakers in the neighborhood; if you hung around them, you were assured of no-good. (I can attest to it, having smashed a church window, by accident, playing softball with a couple of them!)

Now we are side-by-side with cultures and countries radically different from our own, with very different world views about IP (Intellectual Property), freedom, ethics, etc. (Read The Lure [5].) Why do we expect them to behave like us? Why should they?

art3fig2
As we smash Industrial Age infrastructure, replacing it with Information Age interconnectedness, unintended consequences will continue to unfold: online fraud, illegal downloads, continuing threats to security and privacy, wrongful prosecution for misunderstood Internet crimes, and on and on [4][5][6][7]. Like Mickey Mouse, as the Sorcerer’s Apprentice in Fantasia, we have assumed the wizard’s powers without anticipating the risks [8]!

What was meant for good has ushered in unexpected troubling dislocations.

References

[1] : Hamilton, M., CISO of the City of Seattle. (2013). Guest Lecture INFX571 Seminar on Information Assurance, University of Washington.

[2] : Covey, S. (1989)7 Habits of Highly Successful People.New York: Free Press.

[3] : Covey, S. (2005)The 8th Habit: From Effectiveness to Greatness.New York: Free Press.

[4] : Massey, M. ‘What You Are Is Where You Were When’ Retrieved March 13, 2015 http://morrismassey.com/

[5] : Schroeder, S. (2012). The Lure. Boston, MA: Course Technology.

Want to find out more about this topic?

Request a FREE Technical Inquiry!