discovered and learned to ‘obey’ the laws of physics and chemistry, we began to
thrive in our world. It enabled us to make
fire, build machines much stronger than ourselves, to cure diseases, to fly.
What will it
take for us to thrive in the world of cyberspace? What are its laws – its set of primitives and
rules? Just like our scientists learned
to honor the fundamental elements of matter & gravity in our physical world,
our cybersecurity scientists must honor the fundamental elements of our virtual
world – speed & connectivity.
often ignore these fundamentals, bolting on cybersecurity solutions that slow
you down or make it hard to communicate; they’re doing the equivalent of
“ignoring gravity”. Just as you wouldn’t
want to be on a plane whose designer failed to accommodate the effects of
weight or friction, you wouldn’t want to be on a cybersecurity platform that
fails to accommodate the Internet’s fundamental forces.
To build a
cybersecurity foundation that will work now, and continue to work in a world
exponentially faster and more connected, we must start treating cybersecurity
more like a science.
When the internet
began, it was built upon principles of game-changing speed and a deep
understanding of the importance of connectivity. Security and privacy were not needed for its first
small group of trusted users. Consequently,
security and privacy have not kept up as the internet has matured. In fact, it’s
the cyber adversaries—not the defenders—who have shown to master speed and
connectivity to overcome security and privacy.
analogy here is found in the scientific study of the Big Bang.
years after the creation of the universe, physicists and chemists study the Cosmic
Big Bang’s fundamental elements and their interactions, in part to explain what
things are made of and how they behave; protons naturally stay separated
because they repel each other, but check out the massive amount of energy that
results from protons that get fused!
In the same
vein, we can take on the mindset in cybersecurity to look at the birth of the
digital universe and attempt to understand what is driving it forward. Consider these facts:
- It took just 50 years from the beginnings of the internet for the explosive forces of digital speed and connectivity to transform society from the Industrial Age to the Information Age.
- 90 percent of all the data ever created was generated in the last two years.
- The internet itself—a vast and hyperconnected data transmission system—now creates 2.5 quintillion bits of data per day. That’s a number with 18 zeros.
How do we make
sure that information is kept separate (ala protons) but that when it’s
authorized to be combined (fused), massive amounts of efficiency or
effectiveness is achieved?
opportunity is to describe how the Digital Big Bang progressed over time,
understand its significance and do something smart and productive about it.
of the Digital Big Bang
The internet has its roots in the desire to communicate
at unheard of speeds, and share computing and information resources. This prototype internet served as a
communication platform for a tightly restricted group of specific users, what
the internet’s creators got right were speed and connectivity—the digital big
bang’s equivalent of matter and energy. But they assumed there would be a shared sense
with Assumed Trust
It wasn’t until 1993 and the release of the
first web browser that internet access became mainstream. At that point, both the internet and its
security—or lack of security—achieved greater significance. The assumption of trust that was still deep
within the DNA of the internet became a huge problem the moment the public
could go online. On an increasingly vast
and anonymous network, that trust soon transformed from guiding philosophy to
What came to be known as cyber-attacks soon
followed, and the field of cybersecurity has struggled to catch up and
compensate ever since. For example, the
lack of foolproof authentication haunts us in everything that’s done in
So, with the fate of the digital universe at stake, it’s time to borrow a page from the Scientific Revolution, which enabled humans to admit that we don’t know everything, and opened the door for scientific curiosity and inquiry. Using these principles, we can launch a Cybersecurity Scientific Revolution in taking the following steps:
- Acknowledge what we got wrong (e.g., authentication).
- Implement steadily stronger strategies to become masters of the cyber domain.
- Replace outmoded assumptions and strategies with rigorous fundamental strategies that build up to advanced strategies.
- Acknowledge the weaknesses (and strengths) that humans bring to the domain, and leverage computers to compensate & augment them.
connectivity – including cyber-physical interfaces (in the Internet of Things/IoT)
– machine learning and artificial intelligence (AI) proliferate, it is more
important than ever to treat cybersecurity as a science and a business enabler.
Not as a cost of doing business. For example, on an airplane’s wing, friction
actually helps increase lift, helping
the airplane fly. Cybersecurity should
be viewed the same way.
cybersecurity as a science will serve us well to keep in mind the connection
between fundamental scientific principles and cybersecurity best practices. What are the foundational primitives and rules
that would have been beneficial to have at the beginning of the internet? How can we create a better form of
cybersecurity based on the nature of fundamental forces and accurate
cybersecurity as a science can be an incredibly powerful and effective way to
underpin innovation. It will enable us to focus on successfully leveraging the internet’s
forces of speed and connectivity.
cybersecurity more scientific may seem like an audacious goal, but it is
achievable with the right vision and engineering. By doing so, we can further extend the power
of speed and connectivity to thrive within the digital world.
If we hope to
make cybersecurity more scientific, today’s solutions must be built to support
and leverage the fundamental forces of speed and connectivity, and leverage the
already-proven & emerging strategies. As critical as these fundamentals are, though,
they can easily be overlooked or forgotten by a digital culture that looks
myopically to the near future, placing short-term gains ahead of long-term
stability and sustainability. Cybersecurity
is a science—not an art.
At the same
time, we need to stop expecting our network operators to continuously run ahead
of ever-more sophisticated attacks. You
can’t outrun the speed of light. Today,
slow security is essentially no security. Organizations can build their defenses with
connectivity and speed, and go audaciously within the digital big bang.