Platt Perspective on Business and Technology

Rethinking national security in a post-2016 US presidential election context: conflict and cyber-conflict in an age of social media 5

Posted in business and convergent technologies, social networking and business by Timothy Platt on November 6, 2017

This is my 5th installment to a new series on cyber risk and cyber conflict in a still emerging 21st century interactive online context, and in a ubiquitously social media connected context and when faced with a rapidly interconnecting internet of things among other disruptively new online innovations (see Ubiquitous Computing and Communications – everywhere all the time 2, postings 354 and loosely following for Parts 1-4.)

I have been addressing change in this series, and disruptive change, and in both the positive sense of improving and expanding the information technology and communications systems that we rely upon, and on the downside vulnerabilities side that these innovations bring with them too. And I have also and in that same context, been addressing how many of us, and both as individuals and as participants in organizations, keep failing to even address old and known cyber-risks and even when effective means are readily available to patch them. I add that that circumstance continues to hold, even when effective risk reducing measures are readily and even freely available and when warning signs are developing that those risk sources are being systematically exploited already.

I begin this series installment by citing some recent news pieces that might focus in on specific events and specific organizations, but that hold warning for all. The three news stories that I would cite here, address very different seeming events, but I would argue that they hold more in common than might be apparent, as explicit examples of realized vulnerabilities to the issues that I raise in this series. So I offer them with that point in mind:

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency,
Equifax Says Cyberattack May Have Affected 143 Million in the U.S. and
Every Single Yahoo Account Was Hacked – 3 billion in all.

Focusing in on the last of these three as a starting point for follow-up discussion of these events, I note that at its peak, Yahoo was valued at just over $100 billion as a company. It has lost value since then, over a period of some 15 years and for a variety of reasons. But this event had to have contributed to its level of devaluation from that high point, as of when Verizon bought out Yahoo – for only $4.8 billion. Not to belabor the obvious, that sale price was less than 5% of Yahoo’s peak value and even then, right now Verizon executives must be thinking that they still paid way too much for what they got.

And turning to the first two of those news stories: the first of them simply adds to already existing concerns as to the safety and reliability of virtual and crypto-currencies such as bitcoin. And this successful hacking of the Equifax database system, with the loss of control over personal confidential records for so many: records with data in them that can be used for identity theft, has become an all but existential threat to that organization as a whole: one of the three major credit reporting agencies globally.

And this brings me to the core point that I would raise here in this posting, which I offer here in the form of a brief set of bullet points:

• The more globally interconnected we all become, and both in general
• And through the elaboration of specific organization-to-organization information sharing and communications channels,
• And through the elaboration of deeper and more pervasive organization-to-individual and individual-to-organization data sharing,
• The more difficult it becomes to both prevent security breaches there,
• And the larger they can expect to become when and as they do arise.

Quite simply, a malicious hacker does not have to be able to breach any and all possible points of connection and entry into an organization to steal or suborn the keys to its information holding kingdom. They only have to find one route in that they can identify and exploit system vulnerabilities through. And if that represents a source of vulnerability that would not readily raise red flags if probed and exploited, so much the better for the hacker and so much the worse for all of the rest of us. And one of the core consequences of the above bullet pointed observations, is that every one of these new technologies created both new points of connection and new types of points of connection: each potentially having within them their own set of still to be discovered zero-day vulnerabilities.

• Ultimately, it is our race to ubiquitous connectivity and our race to build newer and better tools and approaches for achieving that, that become our truest vulnerability here. And the pace of technological advancement in all of this, with its steady flow of new and of disruptively novel and different, simply represents the new area of an already large map for where to look, when seeking to protect and safeguard all of those communications and information systems that we have come to absolutely rely upon.

I want to be as clear as possible here. I am NOT in any way espousing a turning back from the emerging technologies of the 21st century. Their positive value is way too great, for blocking or even just significantly limiting them as a general cutting-off due diligence measure to make sense, and ultimately for any of us. What I am proposing here is that we need to find better, more real-time effective, more resilient and more consistently followed approaches to safeguarding these systems and the resources they contain so they cannot so readily be turned against us for malicious reasons. And I am writing of a need for greater resiliency and flexibility in the systems that we do have in place, so we can more rapidly and effectively expand them to accommodate new challenges and their security needs.

I have written in this series, among other places, about how any such solution has to include new types of technology components in its coverage. But at least as crucially importantly, it has to have human, and human behavior accommodating (and shaping) components too. I am going to continue discussing the issues and challenges and problems faced here in this posting, but I am also going to at least begin to more explicitly address approaches for resolving them in my next installment to this series.

I wrote at the end of Part 4 that I would:

• “Discuss threats and attacks themselves in the next installment to this series. And in anticipation of that and as a foretaste of what is to come here, I will discuss trolling behavior and other coercive online approaches, and ransomware. After that I will at least briefly address how automation and artificial intelligence are being leveraged in a still emerging 21st century cyber-threat environment. I have already at least briefly mentioned this source of toxic synergies before in this series, but will examine it in at least some more detail next.”

I will explicitly discuss those issues next. Then after more fully discussing the problems faced that I have been examining here, I will turn to consider approaches for better addressing these challenges. And in anticipation of that, I note that:

• On the human side of this conundrum, that has to mean shaping effective information security enhancing options that mesh with basic human behavior and with what we tend to do by default. And that challenge is daunting.
• And on the technology side, this means trying to stay at least one step ahead on the white hat hacker side, in the technology arms race that we are in here, vying effort to secure and safeguard against effort to breach and challenge,
• And all while making legitimate system usage easy and in accordance with the “human side of this” challenge as just noted.

Meanwhile, you can find this and related postings and series at Ubiquitous Computing and Communications – everywhere all the time and its Page 2 continuation. And you can also find this and related material at Social Networking and Business 2, and also see that directory’s Page 1.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: