Brookings Institution scholar Peter Singer will be well known to many Interpreter readers for a number of books about the evolution of modern warfare, particularly Wired for War, his 2009 NY Times bestseller on the impact of robotics on warfare (here's an audio interview I did with Peter at the time). Peter is co-author of a new book called Cybersecurity and Cyberwar: What Everyone Needs to Know. Below is part 1 of an interview I recently conducted with Peter via email.
SR: Can you give readers a sense of the stakes at play in cybersecurity? How big are the vulnerabilities? How critical are the potential failures?
PS: Cyber issues are no longer just for the 'IT Crowd'. They have not only dominated recent headlines, but have more broadly evolved from a technology matter into an area that we all need to understand. It connects areas as intimate as your privacy and bank accounts and as weighty as the future of world politics. To put it another way, cybersecurity and cyberwar has shifted from a 'good to know' area into one we all now need to know more about, whether working in politics, business, military, law, media, and academics, or even just as a good citizen or parent.
SR: Your book describes the ignorance about cybersecurity among policy-makers charged with guarding national security. Australian readers will be alarmed to learn, for instance, that your book cites Australia’s most senior Australian cybersecurity official (unnamed) admitting that he or she had never heard of Tor, the system that enables users to communicate anonymously online. What do you regard as the main danger of this ignorance?
PS: Don't feel bad Australia, the head of US Department of Homeland Security, the civilian agency in charge of protecting the nation from cyberthreats, told us just last year, 'Don’t laugh, but I just don’t use e-mail at all.' It wasn't a fear of security, but that she just didn't believe email useful.
The dangers are diverse. Each of us, in whatever role we play in life, must make decisions about cybersecurity that will shape the future well beyond the world of computers. But often we do so without the proper tools. Basic terms and essential concepts that define what is possible and proper are being missed, or even worse, distorted. Past myth and future hype often weave together, obscuring what actually happened and where we really are now. Some threats are overblown and overreacted to, while others are ignored.
SR: Who benefits when policy-makers and citizens remain ignorant about cybersecurity?
PS: These gaps in understanding, these disconnects of policy and reality, mean that we are not only seeing growing tension, but we are also being taken advantage of. It might be at the individual level, being tricked by a hacker to do something stupid like send our bank account information to our mom in Thailand, even though we didn’t realise she was traveling, or the time that senior government officials at the G20 conference were hacked by tricking them into clicking a link hoping to see nude photos of the French first lady.
Or it might be at the business organisation level, with most firms alternatively not doing enough to protect themselves or hiring hucksters that offer to solve all our cyber problems with a silver bullet widget. Or it might be at the national budget level, which might be done by bureaucracies looking for more funding (there are major cyber threats, but is also notable that it's the one part of the military that is expanding) or by companies (over 1500 companies now lobby Congress on cybersecurity issues, up from a literal handful just a few years ago and the same plays out in other countries). Or it might be at the policy level, which I believe is behind a number of the issues with the NSA/Snowden. This can even happen to a president. Reportedly Obama has expressed his 'frustration that the complexity of the technology was overwhelming policymakers.'
The goal of the book is to provide an easy-to-read guide to the key questions, laying out how it all works, why it all matters, and what can we do, most importantly in way that takes the histrionics out of it all. I hope that it helps shift us from being taken in by our own ignorance on multiple levels (whether it's by being individually hacked, by making a bad investment for your organisation or business, or by making bad policy decisions for your agency, your military, or nation on something you really don't understand), and instead start to better manage and better debate these important issues.