Understanding Cyber Security — or not
I must admit that I watch the public discussion about Cyber Security with one part amusement, one part incredulity, and three parts bafflement.
Some of the discussion is insightful, considered, and nuanced. But in the public/political sphere, most of it is not. Most of our elected officials seem to have missed the point on the seriousness of day to day cyber hygiene, have missed how security and privacy are related but not the same, and think that if you could just throw more resources at it the whole problem will disappear.
The biggest barrier to understanding cyber security is that it’s not about computers at all — no more than your drinking water is about computers, or your food security is about computers, or your fashion is about computers, or anything else is about computers.
Our public officials need to learn that to combat cyber insecurity we will need the engagement of everyone, to set community norms and to change behavior, to establish a culture of security-aware activity. It will mean stopping punishing victims for falling for a cyber attack, and start encouraging people and companies to be secure without having to think about it. It will mean re-framing the conversation to include people who don’t know the first thing about computers, but do know what they want others to know about their personal lives.
In order to do this, our public officials will need to stop talking about computers, and start talking about information: who owns it; who manages it; and who shares it. Is it OK for Target to mine our data to determine who is pregnant? Is it OK for Yahoo to share email data with the government? Do we have a right to be forgotten? Without answers to these questions, any government effort to regulate “the cyber” will be ineffective — because it is users (who run companies and government agencies) who share their information (or not). Any attempt to protect the USA from the “Fifth Dimension” of warfare will not succeed without a solid cultural understanding of what is, and what is not, acceptable.
So, as the political discourse moves from the uneducated to the bizarre, I will continue to look for ways to drive the public conversation back on track.