Cyber Trust

Cyber conflict and cyber trust – a citizen’s perspective.

Covid-19 is being fought as a national and international imperative. Every lever of power is in play, from education campaigns to national behavioural shifts, to medical research, to vaccination programmes at immense scale.

The pandemic has left millions of dead, resulted in devastating economic impact and is underpinned by an ongoing information war. The response is unprecedented, truly systemic and global, and is at last delivering tangible benefit against an unseen enemy.

Global cyber competition shares many features of Covid; silent infection, unpredictable harm over time, the need for a collective approach to provide immunity. All reinforced and amplified by attacks on ideas, information, influence. Despite that, cyber is framed as conflict against us, Covid as health amongst us. We risk losing on cyber.

The difference of approach is partly due to the views that prevail in debates around “cyber”.

·      Big tech companies. Computer literate leaders, keen to meet technical challenges with new product sales. But, as social media companies are finding, with a minefield of political and ethical tensions to navigate. Answering to shareholders first, then society.

·      National security specialists and brilliant scientific brains in government roles, responsible for harm reduction, but focused on the privacy / security debate and often constrained by ‘need to know’.

·      Defence, framing cyber in terms of conflict, capabilities and domains, the consequences of ‘miscalculation’, and the necessary but highly specialised issue of warfighting.

Democracies’ vulnerabilities (both technical and societal) are ubiquitous. Yet board rooms still defer cyber issues to the IT department. Classrooms still teach ICT as a separate subject; or view computing as the device in the hand, not the capability to change thinking. “Cyber” is the environment we live in, the tools we use, the means by which we are connected to others (known and unknown, trusted and untrusted). That environment is being polluted. Is that really a problem that defence, or intelligence, or big tech can sort alone?

Two analogies prevail on cyber, despite the more obvious comparison with human health and pandemic management. One is of a football match; 11 a side, red on blue, a referee to blow the whistle if anyone strays offside. The other is of an escalatory war, where presumably the day is saved by the tanks rolling in.

The football analogy fails in cyber competition, because the aim is not to score goals; it’s to take 11 players off the pitch (better still, stop the team bus from leaving home).

The reduction of cyber conflict to an analogy with conventional fighting is also unhelpful. First, the more likely scenario is a war of attrition, rather than a war of escalation. If the troops did turn up for the cyber war, they would likely be in the wrong place, with no kit that functioned. Second, despite the care of some with language, the impression is of a distant problem on a foreign field; not a guerrilla fight in bedrooms and boardrooms.

And most importantly, as with Covid, the cyber threat eventually affects people. The new war puts brains on the front line not bodies – a battle for ideas and influence and authority. It puts the citizen at the forefront of the debate and moves well beyond technical security.  Which knowledge do you accept and why, who and what do you trust in, when and where are you prepared to act?

In a world where threats attack silently, whether cyber or Covid, a systems approach is required to ensure our communities are healthy and strong.  We should reframe cyber competition as a psychological contest more than a physical conflict, and cyber operations as more influence than control. All requiring very different thinking about risk and protection.

Otherwise, the erosion of trust in our systems will continue at a scale and with a subtlety and obfuscation that dulls the senses, has none of the big screen draw of destructive power, none of the emotion of arguments, none of the logic of debates. It’s like lockdown on steroids, slowly corroding and eroding and diminishing, eating away at the fabric of society without ever quite making it into the light.

Trust is the answer. 

The security of our technical devices and systems is vital and the progress made on cyber security to be commended. The protections of our national interests by specialist defence and intelligence communities is critical, and the National Cyber Force is to be celebrated.

Yet more is needed. Cyber capabilities thrive in low trust environments. From defrauding of grandmothers in Luton, to slowing of nuclear centrifuges in Tehran, security alone is not enough. Next generation technology alone is not enough. There will always be a human in the loop, or a human brain outsmarting the machine commands. Cyber capabilities exploit vulnerabilities. Vulnerabilities will always exist, even more so in a democratic system.

The thinking needs to shift. We need to protect our environment and our beliefs and our systems and our communities, and demand a focus on trust. Trusted technology. Trusted data. Trusted connections between people, between organisations, trust by default in computer operations, even over months and years.

Covid has shown that the answer to a life changing virus isn’t (just) more specialists on the front line – vital as that is. It’s getting everyone to understand the challenge, and do their part. Same, same, Cyber.

There is a better route to cyber power, and it involves us all.

Share this post