Unabhängige Kompetenz-Plattform
für Integrierte Sicherheit in der Schweiz.

December Issue: Cybersecurity - exemplum docet, exempla obscurant

We are living in times of disagreement. Silicon Valley has turned rule braking into everybody’s practice. “We have to move fast, we have to conquer power as soon as possible, we have to establish us …” that is what many people tend to think these days. Indeed, the digital transformation is increasing heterogenity, transparency, and rule breaking sharply. We hardly ever talk about common sense anymore, since we all had to realize that common ground is dissolving for nearly all activities. Digitalization is paving the way for these tendencies.

However, there is one thing we all possibly can agree upon: None of us wants to become the example that teaches the world how dangerous cybersecurity threats are. Therefore, let us talk about meta-examples, that is archetype examples that tend to appear regularly in digitalization. Maybe they can teach us a lot more than facts that compete with alternative facts. (The latter were not invented by Donald Trump, but by theoretical physicists: “I never believe an experiment that I cannot explain.” Though I admit that there may be disagreement on whether talks by physicists or twitters by Donald Trump are more fun: I prefer physicists.)

As for the meta-examples: Let me recall the 90’ies: The first thing I learned in computer science was that whatever you present, people will refer you to pre-existing solutions – and that afterwards you will find out that these solutions solve a different problem. There is a good reason for this: computer science is notorious for reinventing the wheel. As the most recent example, big data reinvents a lot

I remember a conference key note in the late 90’iers, which essentially presented the re-invention of the LINDA system. The remarkable part of the talk was the example for open collaboration presented: tire change in Formula 1. I forgot how LINDA and collaboration were linked, but I still like the archetype: combining old wisdom with wrong, but appealing, marketing stories. Wonderful! A great example for teaching and for playwriting.

In the first decade of the 21st century I experienced an equally marvelous example as a reviewer: A project team supposed to develop legal ontologies for use in the then contemporary implementation of legislation started its presentation with Hammurabi. When I asked them after the presentation why their progress was so limited, they replied, that in order to deliver something usable they would have needed 100 million Euros. I am sure that since then more than 100 million Euros have been spent on the topic, but I doubt that the original goals of the project have been achieved. This is one form of a famous story that reads like that: Back then, decades ago, they promised XYZ, but till now no one has delivered. (I guess, all disciplines have standard stories like that. For example, in chess, the anecdote about the first world champion playing against a famous banker is told about many former world class chess players, the bankers being replaced by other types of VIPs.)

However, there is a typical closing of the above story: Eventually the promises are kept and it turns out that it was only the time estimate, that was wrong. But hey, time does not exist anyway, as quantum gravity physicists tell us. This experience of eventual delivery leads regularly to delusions of grandeur among young people, while at the same time many old and experienced experts consider the breakthrough as irrelevant crap not worth to be noticed. Artificial intelligence is a great instance of this meta-example. Exemplum docet exempla obscurant.

In the last years, one could observe many products that solve a very particular problem related to cybersecurity and advertise that they provide security. Amazingly, even some 2 to 3 minutes presentations about these products focus on philosophical considerations. For non-specialists – and to some extent even for specialists – it is often hard to compare two of these products. Do they compliment each other? Hard to tell.

I hope that you perceive the similarities among these stories: There is little precision when talking about IT problems or IT solutions. Precision is replaced by self-promotion. Why? Because the audience does not react positively to precision. Why? Because precision is much harder to understand. Why? Because there is little knowledge around and presentation skills are limited. Why?? Because … Ultimately, transparency is rather punished than rewarded.

The result is that available multidisciplinary expertise is not used and lots of creative political idea emerge. Decision makers celebrate the economic chances that cybercrime is creating for Switzerland. Company leaders speculate about copying foreign cybersecurity strategies that contradict Swiss constitution. While many have good intentions, the hard things about the Swiss national cybersecurity strategies remain in the shadow of the big show. We will not profit from storytelling far apart from the hard things.

At the time of writing this column the contributions foreseen included IT forensics, impact of cyberthreats on the insurance market, challenges for preserving autonomy in cybercrime times, the new office of a cybersecurity delegate, and alternatives to the internet. These are just a small list of truly important topics. We shall try to meet our owns standards that were depicted above.

I wish you exciting reading,
Reinhard Riedl

Source and complete article: societybyte.swiss


mySecurityService

  • Consulting, Project, Education
  • Integration, Security
  • SOC-Services
  • Certifications/Standards

Security-Kompetenzen

Kalender Security Schweiz

Security-Finder Schweiz: Newsletter