Title: Why Cybersecurity is Hard

In the twenty-first century we face unprecedented challenges in securing the information assets and intellectual property of our public and private organizations. Yet only a few years ago, the cyber war was often derided and declared a mere nuisance to business as usual. Painful experiences over the past two years, such as the Sony and RSA attacks, have now dispelled this naive stance.1 The truth of cyber security, however, is both overt and subtle. It is overt in the sense that the arena is now clearly driven by a mix of political expression, such as the Anonymous social hactivism movement, and economic incentives for criminal gangs to state-sponsored industrial espionage. The subtle facet of cyber security, however, is why it remains a difficult problem. Specifically, the mix of technical, policy, and social dimensions have combined to create and complicate a coevolving, complex adaptive system (CAS). This is the essence of the cyber problem. More importantly, once we accept this is the case, it perforce reshapes our entire policy and technical approach to the problem. Ultimately, we cannot solve a CAS; at best we can merely shape and influence its evolution. The article will first overview what we mean by a CAS in the computer domain, and then will review the characteristics of the technical, social, and legal cyber security themes. (purchase article…)

Robert Ghanea-Hercock is a Chief Research Scientist in the British Telecommunications Security Research Practice.

Image Credit:  Jamie Zawinski, MIT <http://opensource.org/licenses/mit-license.php>, via Wikimedia Commons

This is an archived article. While every effort is made to conserve hyperlinks and information, GJIA’s archived content sources online content between 2011 – 2019 which may no longer be accessible or correct.