BY
Cybersecurity. If the pen is more powerful than the sword,
what does that make a computer? My last post insinuated that the entire
Internet is compromised. This follows the frequency and severity of wide
ranging security breaches with Stratfor and Ashley Madison to the Pentagon and
the White House, say nothing of the spam, phishing, DDOS attacks and other threats
of concern to 3.5 billion Internet users.
There are over 200 countries and territories with different laws and levels
of enforcement for 7+ billion people using billions and billions of digital
devices, most accessible via the One and Only Internet.
The single greatest security consolation is that the vast majority of
threats originate with less than .1% of computer users. Contending with a
loosely estimated 3.2 – 3.5 million “hackers” is no small task – especially
considering their reach via bots. But, further consolation is derived in that
most (90%) are part-time amateurs, not necessarily criminals, interested in
terrorism or starting wars. Nevertheless:
§
Online crime is estimated at .8% of world GDP.
§
30,000 web sites are hacked every day.
§
Botnets are infecting 18 computers every second.
§
The US Government incurred over 61,000 known security breaches in 2014.
§
Breach of the Office of Personnel Management exposed data of 14 million
government employees.
§
Verizon, a US Telco, had over 600 breaches in 2012 in addition to 47,000
security incidents.
Hackers have taken down a power grid in Ukraine on at least one occasion, and it is known
that there are similar vulnerabilities… probably everywhere.
When states are cooperative, enforcement can be effective – in 2013, the
FBI in conjunction with law enforcement in 19 countries, including Moldova, apprehended 90 hackers. For
the most part, cybersecurity depends upon a seemingly non-centralized
collection of intelligence agencies, law enforcement agencies and
software/network security companies. Their combined effectiveness is offset by
the sheer volume of cybercrime activity – and that a single threat can and
frequently has had an impact on millions of people.
But, the largest problem concerns professional Black Hats who live in
nations where enforcement is lax or the cybercrime activity itself is directly
or indirectly sponsored by the state. Proving it is often difficult for a
variety of reasons particularly when a state does not cooperate with
investigations. Functionally, there is no ultimate authority much less an
organization of any sort with the power to neutralize a cyberthreat in an
uncooperative state.
The initial point of this topic concerned defining the threshold for when
cybercrime becomes an act of terrorism or an act of war. Many components of the
Internet are difficult to define in distinct terms, making it essential to
clearly define that which can be – first to define this threshold, and then to
have any capacity to pre-emptively act against it.
Contrasting ideas as citizenship, state, power, authority, rule of law and
how these matters have been handled in relation to religion might prove useful
for a better context for the Internet. Or not. Rule of Law is the basis for
anything in civilized society and inherent to this is the notion of some
combination of “power and authority” to maintain it. This calls upon Nikolai’s
line of questioning whether it really is needed, how such an authority would be
established, who decides it, who decides who decides, etc.?
Herein we have to take into consideration that theoretically any given
person has the potential to do large-scale, potentially global, harm via the
Internet.
And, as noted in my previous post, there are efforts to change how we
define or redefine things long since established – such as citizenship. This (Biden’s recent comments with follow on commentary) is tangential to
the present topic.
More importantly, it is absolutely necessary to consider efforts to
redefine things as a trend and with the explicit purpose of setting precedents
to enable further changes to the way things are defined (and how we think).
Contextually, if we can be made to question which bathroom to use why not
question our citizenship?
Pursue that line a few decades from now, and you may find the discussion
turning in the direction of AI’s and Digital Ex-Humans and what their
nationality is, whether they are entitled to overtime pay, vacations, social
security, able to adopt children… If we are in any way concerned about the
impact of technology today, more discussion is warranted about the technology
of tomorrow.
Back to task, if we contemplate Rule of Law as applicable to the Internet,
we necessarily must regard everyone who uses the Internet as subject to its laws.
If not citizens, we are netizens. Different states having different laws
coupled with each individual being able to interact via the Internet regardless
of their physical location at any given time complicates matters unnecessarily,
but getting comprehensive international recognition and support for a single
Common Law for everyone who uses the Internet may be difficult. Free trade
agreements are gradually pushing things in that direction though.
Defining the threshold at which point a cybercrime (or espionage/subterfuge)
becomes an act of war, in the security community, is not entirely directed at
preventing such, but for helping to define what they can do without really
crossing the line. It doesn’t matter, as that is up to the “victim” to decide,
for lack of a higher authority. The response could be unpredictable or
disproportionate considering, for example, Russia’s threat to Nuke the Danish Navy…
Most of us like, love, or maybe are addicted to the Internet as it is,
despite the threats. It’s hard to imagine getting anyone, much less everyone,
to agree upon a single, Common Law, much less an ultimate authority to enforce
it. Note that would mean it having the means to shut off Internet access to
entire nations should they prove unwilling to enforce the Common Law. One might
question how long the government of a state would last if suddenly 95% of its
Internet users no longer had Internet access.
If we move in the direction of discussing the Common Good, where the
interests of many outweigh those of the few – we can argue that the Internet
supersedes the interest of individual nations. It would not be a stretch to
imagine that if accepted in those terms, the definition of a state/nation is
likely to change. Sooner or later. Just as we may reach a point where we won’t
have to bother going to the bathroom at all.
No comments:
Post a Comment