Week 7: 7/3-7/9 Information Assurance & Cybersecuty
The internet was built from its inception on the idea of the robust and open flow of information to route around damage to the network (like water flows around barriers) to ensure the survival of the communication network. The packet switching nature of the net was designed for maximum robustness and survivability. But this has increasingly become a liability as the nature of the information carried over the network has evolved and changed from mostly information messages (think email) to carry code that can itself initiate control over the device (or an intermediate system) that it is in contact with. The computer virus (introduced to the world by two young Pakistani brothers in 1985) was only the first harbinger of an increasingly sophisticated and capable proliferation of cybernetically enabled code objects and methods to influence or control devices and networks. And just as the biological sphere has evolved in response to the evolutionary arms race of different species seeking to take advantage of the opportunities presented by the physical environment and the internal environments of other creatures, the infosphere is experiencing a similar diffusion of information objects arising to exploit “niches” provided by hardware and code systems to create viruses, Trojan horses, botnets, and other potentially malicious entities that can be exploited for good or ill. And as the infosphere has pervaded the realm of physical objects through computer chips, sensors and control systems, the ability of ubiquitous networks to be manipulated to degrade, damage or destroy physical objects and infrastructure is calling forth a completely new response to these real and potential threats. This is a domain that is spawning new knowledge and technologies as fast as the deployment of new languages and technologies are introduced. How to manage the risks involved in technology without losing the benefits of the made possible by the technology is the balancing act being negotiated in the aftermath of these cyber security issues. Liability, privacy, and legal frameworks are intersecting more pervasively as the reach of the infosphere has penetrated deeper and deeper into the human world of people, relationships, and objects. We are decades into the cybernetic age and technology continues to affect and influence more and more aspects of the human sphere. Responding to the threats of malicious and unintended consequences must be factored into the policies, economics, and constraints that social systems must actively navigate to avoid failures of systems and avoid totalitarian control regimes where the infosphere is used to dominate, coarsen, and brutalize social existence.
Determining the types of constraints that will be required to reign in these threats is going to continue to roll through the human sphere and change the configurations and evolved structures of the world in its wake. Already there are new agencies, legal measures, and new criminal categories that have arisen from this rapidly evolving information ecology. There are more areas of discussion for this topic than can even be mentioned in a discussion post of this length. Each of this week’s articles highlighted different facets of the cyber security and information assurance issues that are arising. And when we take into account the 18 month doubling of processing power, the falling price of memory storage, and the accelerating capabilities of software due to machine learning, we may soon reach a point of evolved development in which human control is going to be hopelessly outpaced by machines and control will be given over increasingly to systems that have the velocity and scope to keep up with ever accelerating intelligent systems and code. This will be a moment of epochal significance fo the continued evolution of intelligence on this planet. An automated “immune system” would seem to be the inevitable conclusion in the development of the infosphere. Biological development will be recapitulated in the image of the machine and code. What this means for biological life is open for debate as the thousands of works of speculative fiction and futurology demonstrate convincingly.
Takeaways: (1) Cyber security is a huge domain of knowledge that will only continue to grow in importance as the capabilities of our machines and computer continue to increase capabilities and reach. The internet of things should give us all pause on the need to really confront the issues that will common occurrences in the near future. (2) I am struck by how similar the development of computer/machine system intelligences are to paths of biological development – only accelerated in evolution and scope. I think there is a fruitful path of analysis to examine information ecologies in terms similar to biological systems. This should shine light on the differences and similarities. Clearly, Nature has solved the problem of system resilience perhaps billions of times. What can researchers take from these solutions evolved over billions of years of development?
Cyber security and information assurance (i.e. risk management) as topics in informatics resonate with me as the most important issues facing humanity in the coming decades. Each of the articles from this weeks reading highlighted areas where new capabilities are emerging and where vulnerabilities continue to exist. The report on 3-D printing should offer a cautionary tale about the potential dangers of manufacturing technology being democratized. How trustworthy will things made be? What sort of regulation will be needed to avoid human tragedies involving materials that don’t meet industry standards for safety? The article on the data exposure of voters is another cautionary tale that human error will continue to a play a role in privacy concerns. I’ve included a link to youTube video of footage of the Aurora Generator Test https://www.youtube.com/watch?v=fJyWngDco3g (Links to an external site.)Links to an external site.
which was conducted in 2007! To demonstrate how a cyber attack could damage the electric grid through the destruction of physical components of the grid – in this case a diesel generator. And Pasquale in this article - Secret Algorithms Threaten the Rule of Law – demonstrates some of the perils of turning over human decision making to machine intelligence and algorithms. It reads like the precursor to the movie Minority Report with its incipient promise of predictive crime prevention. Being sentenced for a longer time in prison because an algorithm has determined this as the best course of action. This is an extension of the current practice of mandatory sentencing. We risk losing our humanity as we turn over liability to machines.
Liability is a thread that runs throughout this topic. Who will be held responsible for failures in security? For the inadequate protection of data? For poorly written code that can be hacked and systems that are vulnerable to remote control? As the discussion of information assurance in the slides makes clear, there are many areas of potential liability and system breakdowns from both human and machine operators that must be dealt with. So far, the externalities surrounding data security, system reliability, and privacy are still being handled under creaking legal and social frameworks that date from the 20th century.
Let me close by saying I felt an overwhelming sense of the enormity of security and risk management. We’ve talked previously about the need to safeguard patient records, new knowledge being generated by big data and machine learning, and the power of mediation to potentially make all knowledge “readable”/”searchable” by machines. Privacy and the vulnerability of the world to malicious actors seems even more credible today than even dreamt in the worst nightmares of the dystopian fictions of the past. But Nature has faced challenges and extinctions many times in the past and still it thrives and evolves. Let’s hope for wisdom and resilience in humanity as prodcuts of that Nature.
For an excellent series of lectures and on this topic, I recommend https://www.thegreatcoursesplus.com/thinking-about-cybersecurity-from-cyber-crime-to-cyber-warfare (Links to an external site.)Links to an external site.. It’s also available from audible.com as an audiobook. The lecturer has the following book available as well: Cyber Warfare: How Conflicts in Cyberspace are Challenging America and Changing the World. http://www.worldcat.org/oclc/780481148 (Links to an external site.)Links to an external site.
Aurora Generator Test. (n.d.) Retrieved July 5, 2017 from https://en.wikipedia.org/wiki/Aurora_Generator_Test (Links to an external site.)Links to an external site.
DOE/Sandia National Laboratories. (2017, March 21). New brain-inspired cybersecurity system detects 'bad apples' 100 times faster. Science Daily. Retrieved from https://www.sciencedaily.com/releases/2017/03/170321122540.htm (Links to an external site.)Links to an external site.
Fung, B., Timberg, C., & Gold, M. (2017, June 19). A Republican contractor’s database of nearly every voter was left exposed on the Internet for nearly 12 days, research says. The Washington Post. Retrieved from https://www.washingtonpost.com/news/the-switch/wp/2017/06/19/republican-contractor-database-every-voter-exposed-internet-12-days-researcher-says/?hpid=hp_hp-more-top-stories_gop-data-115pm%3Ahomepage%2Fstory&utm_term=.4f34e344385d#comments (Links to an external site.)Links to an external site.
Meserve, Jeanne. (2007, September 27). Staged cyber attack reveals vulnerability in power grid. [Video file]. Retrieved from https://www.youtube.com/watch?v=fJyWngDco3g (Links to an external site.)Links to an external site.
NYU Tandon School of Engineering. (2016, July 13). Researchers report cybersecurity risks in 3-D printing. Science Daily. Retrieved from https://www.sciencedaily.com/releases/2016/07/160713114941.htm (Links to an external site.)Links to an external site.
Orcutt, Mike. (2017, May 9). A “bug fix” that could unlock the web for millions around the world: Too many domain names with non-Latin letters are still shut out of the global Internet economy. MIT Technology Review. Retrieved from https://www.technologyreview.com/s/604251/a-bug-fix-that-could-unlock-the-web-for-millions-around-the-world/?set=607847 (Links to an external site.)Links to an external site.
Pasquale, F. (2017, June 1). Secret algorithms threaten the rule of law. MIT Technology Review. Retrieved from https://www.technologyreview.com/s/608011/secret-algorithms-threaten-the-rule-of-law/ (Links to an external site.)Links to an external site.
Pendergast, T. (2016, January 20). Behavioral analytics: The future of just-in-time awareness training? Information Week. Dark Reading. Retrieved from http://www.darkreading.com/vulnerabilities---threats/behavioral-analytics-the-future-of-just-in-time-awareness-training/a/d-id/1323979 (Links to an external site.)Links to an external site.
University of Alabama at Birmingham. (2014, February 280. Brain research tracks internet safety performance, dispels assumptions, identifies traits of those at-risk. Science Daily. Retrieved from https://www.sciencedaily.com/releases/2014/02/140228121130.htm (Links to an external site.)Links to an external site.
University of Pittsburgh. (2013, May 30). When friends create enemies: Facebook's mutual-friends feature may create security risks, privacy concerns. Science Daily. Retrieved fromm https://www.sciencedaily.com/releases/2013/05/130530132437.htm (Links to an external site.)Links to an external site.
White, B. (2016, August 11). What the TSA teaches us about ip protection. Information Week. Dark Reading. Retrieved from http://www.darkreading.com/analytics/what-the-tsa-teaches-us-about-ip-protection/a/d-id/1326576 (Links to an external site.)Links to an external site.
Tanya…
You wrote: “It’s important to note, too, that intensification of security can itself become a threat—I’m thinking about Edward Snowden as I type this, but that’s maybe an extreme case.” I heartily agree. Too often the ability to measure or detect a pattern grows in scope and exceeds it operational boundaries and is applied in harmful ways. I think back to the IQ test as originally conceived by Binet and Simon in 1905. It was to quote Wikipedia: “ It was initially created by the French psychologist (Links to an external site.)Links to an external site. Alfred Binet (Links to an external site.)Links to an external site., who, following the introduction of a law mandating universal education (Links to an external site.)Links to an external site. by the French government (Links to an external site.)Links to an external site., began developing a method of identifying “slow” children for their placement in special education (Links to an external site.)Links to an external site. programs (rather than removing them to asylums as “sick”)” as was the previous practice (Wikipedia, 2017). But over time, the test was extended to cover more areas where it provided less actual value and because it offered a numeric value measure, it was often used as if it was a real thing instead of a representative measure. Big data and pattern analysis are creating analogous patterns that may correlate well with some things but be overextended to determine things about you that lead to negative real world consequences. One of my articles this week describes just such a phenomenon leading to increased jail time because of predictive algorithms. And I've had similar situations where because I used my credit card in some places I don't normally visit, my ability to use my card and my credit was temporarily suspended until I verified that I was the one using my card in these places.
What are we to do? I think your point is well taken.
One of the suggestions for what might be done is to create a “parallel” internet that was built from the ground up to be secure - having strong encryption and usage restrictions. This could be done for government data channels, financial transactions, health records and other communications that need to be protected from prying eyes. It would not, of course, eliminate the actions of bad human actors who choose to leak, steal, or misuse such secured communications. Penalties for bad human actors could be set accordingly high making it potentially very punishing and risky to act in a malicious way.
I think cyber security is one of the most important and frightening ascepts of the continue penetration of information technology into more and more areas. The infosphere is overlapping more tightly with the human sphere every year and the potential for catastrophic malicious actions grows along with it. This was a very sobering week of material.
-B
—
Pasquale, F. (2017, June 1). Secret algorithms threaten the rule of law. MIT Technology Review. Retrieved from https://www.technologyreview.com/s/608011/secret-algorithms-threaten-the-rule-of-law/ Links to an external site.