Given the “pre-decision” by the Department of Defense, today I should probably be writing about cyber threats: the current reality, catastrophic possibilities, strong probabilities, and treacherous implications of both passive and active cyber-defense operations. But instead please read the Georgia Tech Report on 2013 Cyber Threats.
The cyber domain is a kind of fourth dimension where natural, accidental and intentional threats can easily cascade into our first, second, and third dimensions. This has happened, will happen, is happening.
Some sort of widespread digital disaster is inevitable. My bet is an insider accident/bad practice will cause a cascading collapse that cannot be hidden and commands our attention for more than a couple of days. But we are also seeing more hacktivist and adversary intrusions. A couple of natural catastrophes could sweep up a fair portion of the network. Anyway, good luck to DoD and others; and be prepared for a massive failure anyway.
As with so much in homeland security, cyber highlights the interplay of purposeful choice and randomness. We look for formulas to avoid (or minimize) failure and achieve (or increase the likelihood of) success or, at least, survival.
Our brains are inclined to perceive patterns — especially threat patterns — and our species has obviously benefited from this adaptation. Wash a couple of synapses with the right (wrong) chemicals and the same positive adaptation produces paranoia, not typically a helpful and happy state of being. But then Andy Grove, one of the founders of Intel, entitled a kind of memoir, Only the Paranoid Survive.
After more than a decade’s experience with homeland security, we can see how a proto- or pseudo-paranoia slices both ways. When we are attentive to possible threats we are able to take action to prevent, mitigate, or avoid potential consequences. But there are also situations where threats are mostly self-created and consequences mostly a matter of self-fulfilling prophecies. My suspicion of you can prompt defensive actions by you that confirm my suspicions.
Yet evil intention is a reality and unintentional threats abound. One person’s paranoia can seem another’s prudence.
Sigmund Freud crafted many still-popular perceptions of paranoia, even as many of his psychological theories have been superseded. Freud was operating on empirical frontiers and his insights can have implications far beyond psycho-analysis. He wrote,
… we have drawn the conclusion that there actually exists in the ego an agency which unceasingly observes, criticizes, and compares, and in that way sets itself over against the other part of the ego. We believe, therefore, that the patient is betraying a truth to us which is not yet sufficiently appreciated when he complains that he is spied upon and observed at every step he takes and that every one of his thoughts is reported and criticized. His only mistake is in regarding this uncomfortable power as something alien to him and placing it outside himself. He senses an agency holding sway in his ego which measures his actual ego and each of its activities by an ideal ego (Freud’s emphasis) that he has created for himself in the course of his development. (The Libido Theory and Narcissism, Gesammelte Werke (1916) translated by James Strachey)
Paranoia seeks the guise of prudence as the gap widens between inner and outer reality. The supposed external threat on which the paranoid fixates is not the precipitating cause. Self-delusion, confusion, and conflict regarding our own intentions and behaviors is, according to Freud, the principal source of paranoia.
Google is watching me. So is my credit card company. So is my wireless provider. Several others. How might these observers objectively describe me via my digital breadcrumbs? How might this description conform or conflict with my self-description? Do I want to claim what is seen in my digital mirror?
Our vulnerability to cyber threats reflects a series of choices made over the last quarter-century and especially in the last ten years. Were we mindful of these choices? I mostly adopted technologies and practices that started out low cost (this is not how I would characterize my current data plan) and promised greater speed, convenience and gratification.
I spent a decade advising clients on how they could develop digital products in secure, sustainable and purposeful ways. Most clients were seeking short-term returns. There was perpetual impatience with requirements analysis, design processes, and product/process testing.
Among personal accounts successfully hacked in 2012 the same passwords were often overcome. Using any of these passwords almost certainly increases your vulnerability: “password”, “123456”, and “12345678”.
Our cyber vulnerability has mostly unfolded — and continues to unfold — from our own choices. We too often choose the cheap, easy, and near-term. The consequences are usually mixed, positively reinforcing at first and only become destructive over time. Adversaries exist, but we have created many of their opportunities to threaten us. Our own choices increasingly endanger us. In response we try to obscure our complicity by blaming those we have enabled, even empowered.
To deal with paranoia Freud prescribed therapeutic attention to narcissism (excessive, non-critical self-regard). Might be worth a shot with cyber. Anyone got a counter-narcissism app?