There are two types of companies in the world: those that know they've been hacked, and those that don't.
The Internet has fashioned a new and complicated environment for an age-old dilemma that pits the demands of security against the desire for freedom.
I think that we're now deep into a struggle for control over the Internet and there are various actors - state, corporate, civic, criminal and military. The great genius of the Internet is its interconnectedness, but this is also what makes it an incredibly difficult problem when things start to go wrong with it and when people exploit for their own purposes.
You don’t have to sleep with prostitutes or take drugs in order to have a relationship with organized crime. They affect our bank accounts. They affect our communications, our pension funds. They even affect the food that we eat and our governments.
The issue of cyber-security, cyber-crime, and cyber-malfeasance has an impact on a whole range of issues, not the least of which is civil liberties, political activity, and so on and so forth.
The internet is fracturing into a series of huge country-based intranets, in which governments define, in the name of security, what is legitimate personal and intellectual communication, and what is not.
The Internet obviously changes things; we've seen that in the music industry above all else. As an author, I'm now having to deal with the fact that it's happening in the publishing industry as well. And publishing is going through a very difficult time. Some view it as positive, some negative, but nobody really knows how to deal with it. If you're an author it looks very challenging because your work can be pirated so easily and there's very little you can do about it.
The criminal justice system - although this applies less to the U.S., where rehabilitation is not seen as a valuable contribution to criminal justice - in Europe where rehab is supposed to be integral, we have no way of rehabilitating skilled hackers. On the contrary what we do is we demonize them and continue to do so after they come out of jail because we restrict their access to computers by law. Crazy world, crazy people.
What has happened is that we have seen a shift in the past twenty years in the very concept of hacking. So hacking twenty years ago was a neutral, positive concept. Somebody who was a hacker was someone with advanced computer skills, which could expose vulnerabilities and could explain why systems worked well or worked badly and they were generally regarded as an asset. Over the past twenty years, a combination of media and law enforcement has changed the perception of the concept so that it has almost always, if not invariably, a pejorative sense attached.
When you're researching things that have happened, the clear narrative arc is not there already. This is the problem of writing nonfiction for me - writing nonfiction which is about serious subjects and has serious political and social points to make, yet which is meant to be popular to a degree - what happens when the facts don't fit a convenient narrative arc? I guess that for a lot of nonfiction writers that is a central challenge.
Clearly there are some things about WikiLeaks... the material is in part very interesting although none of it is a real game-changer. I think if I was an American I'd be rather proud that American diplomats are quite assiduous in the way that they chronicle issues. Of course the impact has been that the whole culture of sharing is going down the tube.
If there is an event for whatever reason, which interferes with the Internet or network communications, are people able to deal with it? It seems like our dependency on these systems is so great that the room for maneuver as it were is very small. So that is problematic.
It's great that the Internet can enhance and speed up our communications and that computers can do all the things they do. It's fabulous. At the same time, it changes our priorities. For example, before I would always remember people's telephone numbers and now I don't know anyone's number. So what happens if computer systems go down but you still have landlines? Well, I couldn't call anyone because I don't know anyone's number.
The anonymity issue is a big question. As long as people can disguise cyber attacks and as long as there is a sort of question mark over who is responsible, then the problem will continue to exist. And of course what happens in response to that is that there is a move to try and refashion the Internet so that anonymity is impossible, which of course leads to fears among all sorts of groups - civil rights groups, NGOs, and political parties - that the Internet is going to be used simply as a method of control. So these are very sensitive issues.
One of the problem with cyber is that it lends itself to preemptive action. Your assets in cyber-warfare are your opponents' vulnerabilities, therefore in order to quantify your assets you have to be able to ascertain how vulnerable your opponents are and that involves pre-emptive exploration of your opponents' networks. So in that sense it lends itself to some pretty nasty stuff.
The U.S. has the most advanced cyber-weaponry on the planet, and t if you look at the U.S. from the perspective of the Chinese People's Liberation Army, which runs most of its cyber activities, they look at you and they see Google and Facebook - the two largest depositories of personal data in the world - and they see the reach of the National Security Agency, which has huge digital capacity to know what is going on around the world. So the Chinese would see cyber as an un-level playing field, because the U.S. holds all sorts of advantages.
The sort of sweeping parochial espionage and attempts to extract information from all sorts of institutions are well documented, but I think in this context there's a danger of oversimplifying and seeing that sector of cyber as a one-way street.
The attack on the law firms and attacks like that are industrial espionage, searching for copyrighted materials to lift and so on; it's not quite the same as cyber-warfare. They are regarded as related. The Chinese are trying to steal an economic march on the West, which is a consequence of the fact that we outsourced all of our manufacturing to China in the 1990s.
In 2010, you have roughly 38 billion dollars spent by government on cyber and telecoms security and another 60 billion or so by private corporations. So approximately 100 billion dollars spent on security, mostly on technological solutions, which the corporates are offering governments in particular; it's a very high growth area. So everyone is climbing over each other to get the contracts for government procurement on this. There is undoubtedly an element of this and that's what encourages, in part, the whole idea of locking down the Internet.
There are governments who are regulating things in different ways and those forms of regulation often don't square up. So you have a real legislative mess, in the meanwhile various bad people are developing all sorts of tools to exploit the Internet for their own gain and the militaries are beginning to develop some extremely frightening offensive capabilities in cyber. Yet all of this is taking place outside of any international agreement or even framework.
What we're going to get as this next generation grows up is more hacking skills and this is spreading geographically also - Africa is about to come on the scene, South and Central America are going to be major sources of hackers. These people have got to be engaged with.
