Cyber Warfare: A New Era of War

The world of cybersecurity changes on a daily basis. There used to be a time when I would jump on a plane and I would land in another country and I'd be worried that everything had changed. And it seems like that sometimes. But in reality, the contours of the cybersecurity world are just like the contours of the normal international relations world. States hate each other, states dispute, and states will leverage technologies to try and one up the opposition. But the evolution of the technologies that are leveraged against states has been remarkable.

[This is Horizons, stories about what's next in the world. Powered by Compass Data centers.]

Using computers for harm is the basic way you would describe what cybersecurity is. And the goal is to use digital protections to make ourselves more safe and more secure, over time. Russia has a political goal of disrupting the west. They want to ensure that democracy is chaotic. That democracy is problematic, and that was to suggest that their system is just as good or if not better than the Western democratic system. So, they enjoy chaos, but they often don't create chaos. The chaos is created by those who have financial motivations. So there's this kind of symbiotic relationship where the criminals are operating to create chaos in the west and the Russian government is looking the other way. So those things can work hand in hand. Other states, like North Korea, are very much interested in financial payoff and gain because they're not connected to Western or global financial networks.

So, it makes sense for them to try and seek out cryptocurrency or other sorts of options. But other states are really just focused on trying to modify the behavior of the opposition and cyber isn't really a great tool to do that.

War is violence between two groups meant to destroy and kill the opposition. Cyber isn't very great at killing. And quite often, I make this joke about the James Bond movie Skyfall, where they blew up MI6 through a cyber attack. And my basic claim is if you can blow up MI6 from a cyber attack, you have a plumbing problem; you don't have a cyber problem. So this is really the challenge is that if something goes bad internally, it's really of your making and your design that you're allowing someone to access your power plant from Russia, that you're allowing someone three states away to mess with your water facility treatment plants.

Well, there's a few different things about the journalism issue is that, for one, journalists are gonna hype up the most extreme examples in this space, because that's what leads the news. And to start a news article with everything's fine, we had a cyber attack, but we just rerouted something and nothing happened. Isn't gonna lead the newspapers. So that's one of the challenges is that the more nuanced, the more, less destructive, the more common is often avoided by the news, but that's part of their job. But the other thing is that journalism, they're the purveyors of fact, they're the purveyors of information. And in some ways, of course, they've gone down the wrong path where people are masking themselves as journalism when they're not being the purveyors of fact. But every day I still like to live on Twitter and I know that that's not an accurate reflection of the world, but it's a reflection of the news of the world. And I try and get a sense of the currents of how the news is working each and every day, particularly in my field of cybersecurity, through these other inputs, which are mainly journalists, and we have to give some respect to them. But on the other hand, this idea of truth and fact has kind of declined over time.

Well, I think the main thing we've fallen behind in, in college, is the cost of education. And we haven't controlled the cost of education, which other countries, and I've taught in Britain before they've done a lot better in controlling the cost. And if we don't control the cost, we don't really democratize education. We don't really ensure that there's a diversity of people coming into the education system. And instead you get the same types of people with the same types of background coming through and leading the system into the future. And Iwanna do better than that. I think that quite often, the way we've set up our education system, we're fighting with one hand behind our back because some of the people who could contribute to the American system aren't allowed to contribute to the American system. I think the difference in the United States is we see technology as a, I don't know, a higher industry, an industry that pays more an industry that has a certain amount of status connected to it.

But the reality is, I think we need to treat technology as a little bit more commonplace, as like a different path, as like a path away from common forms of education, towards more of a trade school idea of what technology really is. And in some ways, education and training actually hinders people who develop technology because they're taught to think inside the box and you really need to think outside the box. So, being a little bit more free in terms of how we educate people in terms of technology is gonna be more important into the future, but also at the higher ends, in terms of policy making, we need people who are better able to explore data and explore information because we can't get back to this idea of using isolated events to determine how you view the world. That's not how the world works. You know, you can't go outside, find that it's snowing in October and say, every time it's snow, it's gonna snow in October all the time. It's not how the world works. It's a challenge.

Information in the future is going to be currency. It's not so much about goods and services. It's really about information and what we can do with information, particularly with AI, because I think what a lot of people forget about artificial intelligence is that artificial intelligence requires data and inputs and all these data points. Everything you say to your Alexa, everything you do with your phone, everything you do with your map system, is gonna be valuable data moving into the future. And we haven't thought very well about protecting our data. In fact, a lot of people are just very flippant about their data and kind of let anyone have it and anyone take it. But this is gonna be part of our sense of self moving into the future. And we have to do better to train people, to think about what their data is and who has access to it in the future.

The most to gain right now actually is the people developing AI systems. And you know, as much as we talk about AI being our future, it’s very limited without data. So the ones who really have [something] to gain are the people who are developing these emergent algorithms that we're gonna control and run our lives. And as we see, if you put bad data into these algorithms, you get bad data out and you get problems where, you know, there's racial problems where like a AI system can't recognize a non-white face or, you know, it might mistake you for someone else. And then you're never able to fix that, you know, think about it in the future, where the only way we can get on a plane is through facial recognition, or what if facial recognition is just messed up for you and they always confuse you with someone else.

And you're never able to get onto a plane. These are gonna be coming challenges that we haven't really even thought much about.

Oh, it's in our near future. I think within five years facial recognition will basically start to do everything for us. We're already like, you know, we can't get into our computers and our phones without facial recognition. So the challenge is gonna be, is it accurate? Is it right? We have this other idea of what we call the poison frog – the idea of introducing contamination into the data and people using these forms of contamination for protection. So things are gonna get a lot more confusing in the future as we start to rely on facial recognition and AI algorithms. And, as people start to mess with AI algorithms.

Well lately, I've been looking at what we call off-ramps to cyber war and just expanding the notion of what cybersecurity can do. And the main idea is that basically in a run up to war, which almost happened in the summer of 2019, with Iran in the United States, you can use cyber technologies to actually dampen the crisis in providing an off ramp and what the United States theoretically did as we reported in the media. Not that I know anything special. [The U.S.] shut down Iran's ability to monitor shipping in the Persian Gulf, and we shut down their air defense systems. And after that things changed and things quieted down for six months. And this demonstrates that we can use technology not to destroy, but to provide other options for discussion between two states.

We don't really have a defensive infrastructure. We have agencies and we have groups that are working for the defense. But as I recently heard in D.C., if we really want to defend ourselves in cyberspace, we should actually try defending ourselves. I don't think we've actually done that very well. If not, we generally focus more on the offense than the defense, but we're starting to enable structures, particularly CSA, the cyber infrastructure security agency through the DHS. The FBI has become more capable over time. And then of course you have cyber command in the department of defense. So we have individuals, we have groups, but we don't have a lot of great infrastructure. And the emerging infrastructure is two things that I'm very dubious of. One would be insurance. Cyber insurance is a way of protecting ourselves as a society because when you get insurance, you're told to do certain things, you get out insurance, you get insurance on your bike. You have to get a certain lock. You have to get a certain security system. Theoretically cyber insurance would start to push people to do that. But right now it's very ad hoc.