Government Sponsored Cyber-insecurity Is A Gift For Hackers

Uploaded on 2017-05-25 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The political legitimacy of democratic capitalism, that unlikely political formation that has brought us the end of history and now presents itself as the only bulwark against rightwing extremism, rests on a clear distribution of functions between governments and corporations.

The former take on the role of regulating the latter in order to protect the customers from the occasional harmful effects of the otherwise beneficial business activity.

This system is deemed to be democratic because people elect governments and can always vote them out; it’s capitalist because corporations are constrained by the logic of competition, which prizes efficiency, innovation and infinite expansion.

That logic, with its penchant for creative destruction of all things stale and permanent, can produce toxic results, which is precisely why government action is needed. Such, at any rate, is the social democratic consensus accepted by both centre-left and centre-right parties.

The questions of war and security, and the existential imperatives that they impose on the most democratic of societies, have always posed unresolved challenges to this framework, as can be glimpsed from occasional warnings about the military-industrial complex expressed by many a political insider nearing retirement.

Thus, standard democratic procedures are regularly suspended as governments demand tighter control over the flow of information, classify more of their internal communications and expand surveillance without any requisite checks and balances.

The standard critique of such practices attacks the undemocratic-because-unaccountable activities of the so-called “deep state”. Rooted in campaigns to defend privacy, opponents aim to make the deep state shallower, ideally by means of legal interventions aimed at restoring transparency and accountability. The real problem, they argue, is with the malfunctioning of democracy, we could easily ignore the capitalist part of “democratic capitalism”: we just need more and better legal instruments to tame the intelligence agencies.

Alas, the world in 2017 is not so easy to pigeonhole into the neat compartments of this scheme. Consider just one example: cyber-security. Plenty of rogue states are, indeed, busy hacking the servers of their adversaries in western Europe or North America. Likewise, there’s no denying that non-state hackers, operating for commercial or patriotic motives, have damaged their targets.

None of this punctures the founding myth of democratic capitalism – that governments are here to constrain the toxic activities of businesses; such new dangers actually warrant a greater role for the state.

What does puncture that myth, though, is the growing realisation, boosted by WikiLeaks’ recent disclosure of CIA hacking tools, that it’s democratic governments themselves, via their intelligence agencies, that are responsible for creating vulnerabilities in our communication networks, tinkering with our smart TVs and exploiting loopholes in our operating systems.

They do this for motives that some might view as noble: to identify early signs of terrorist activity, to track down criminals, to disable devices that might be part of sophisticated plots to wreak havoc on our cities. Whatever the motives, we should not lose sight of the larger political effects produced by such actions.

First, the expansion (and even the maintenance) of the surveillance capabilities of democratic governments presupposes a permanent structural insecurity of our communication networks. That insecurity, in turn, gets exploited not just by democratic governments but by anyone else, including all those rogue states and non-state hackers.

However, once insecurity is structural, the right response is not more security, but more insurance. This explains why cyber-insurance has become one of the most promising segments of the insurance market, with even sectors like manufacturing (itself increasingly wired up and interconnected) needing to spend more and more to insure against disruptive cyber-attacks.

In essence, cyber insurance, like any other form of insurance, is a domain of rentiers who are keen to extract a regular premium payment from those needing their services. The truly innovative element here is that the risk that creates this new class of rentiers exists partly, and, one could even say, mostly, because of government activity.

Here, the logic of democratic capitalism is no more: governments are not restraining the toxic activities of companies; rather, they engage in toxic activities of their own, which companies mitigate with activities that are either more or less toxic, depending on one’s views about the parasitic nature of economic activities pursued by rentiers.

The second political effect of the ever-expanding surveillance apparatus is the disadvantage it creates for small companies and non-profits, not to mention individuals. Remember the early utopian vision of a digital world, where we would all be running our own mail servers and, with time, might even master our own version of the connected home?

Well, today we demand more autonomy at our own risk: given the sophistication of cyber-attacks, which both aim to steal data and overwhelm sites with fake traffic, it’s obvious that the only actors capable of defending ordinary users, be they individuals or corporations, are big tech firms such as Google, Apple and Microsoft. This, too, violates the basic premise of democratic capitalism: citizens are encouraged to seek protection from companies, not governments.

When both spam and security threats are assessed using the most advanced forms of artificial intelligence, one can forget about any other, smaller player being able to compete with such firms that use the structural insecurity created by governments to further consolidate their near-monopoly status.

Democratic capitalism is thus always democratic monopoly capitalism, and even more so in its digital version. The idea that the normal imperatives of capitalist competition would exert extra pressure on digital giants seems quaint. There’s no garage big enough to house a startup that can unseat Google, not with its trove of customer data and artificial intelligence.

The third effect of this new post-democratic compromise is that, in presenting cyber-insecurity as a natural rather than human-made problem, it delegitimises the role of law, and politics in general, in mitigating conflicts between citizens and corporations.

Consider how we deal with other types of disasters. It would be imprudent to rely on the power of law and politics to ward off floods and earthquakes; insurance, under these conditions, is not an unreasonable option. But none of this prevents us from requiring stricter building standards so as to minimise the damage when the disaster does strike.

The world of cybersecurity does not follow this logic. Imagine if the government regularly dispatched a group of well-paid and well-educated saboteurs to weaken the anti-flood or anti-earthquake defences of our houses, leaving us no option but to turn to the private sector for security, either in the form of better defences or better insurance. This is the situation we are in right now; the only difference is that cyber-security disasters are almost entirely human-made and thus avoidable.

Rhetorically, the governments might even agree that, in the face of all these dangers, we all need to strengthen our privacy laws. In reality, though, we all know that it would only result in them sending even more saboteurs, with even more powerful tools, to weaken our defences. Who, under these conditions, would retain any faith in law and politics, rather than accept protections promised by the market, however flawed and expensive?

Cyber-security, alas, is just one of the many examples where the legitimacy of democratic capitalism, as well as of the social democratic parties that have traditionally defended it, has expired, even if its talking points are still in circulation. No wonder that social democratic parties are collapsing, as elections in the Netherlands and France have shown: they claim to be defending a system that no longer walks the talk.

Guardian:

You Migh Also Read:

Nation State Hacking Has A Big Commercial Impact:

We Are In A New Era Of Espionage:

 

 

 

« Uber Faces A Criminal Probe In The US
Google Neutralizes Phishing Scam »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Bob's Business

Bob's Business

Bob's Business adopts a fresh approach to information security awareness and compliance training, delivering key information through the use of short animated movies.

OIC-CERT

OIC-CERT

OIC-CERT is the Computer Emergency Response Team for Organisation of Islamic Cooperation (OIC) member countries.

Efecte

Efecte

Efecte is a Nordic SaaS company specialized in IT Service Management, Self-Service, Identity Management and Access Governance solutions.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

Wiser Market

Wiser Market

Wiser Market is a leading company in global online brand protection services, intellectual property protection, anti-Counterfeit & trademark infringements.

Nominet

Nominet

Nominet's cyber division offers network detection and response services to governments and enterprises worldwide.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Approov

Approov

Approov provides a comprehensive runtime security solution for mobile apps and their APIs, unified across iOS and Android.

Olympix

Olympix

Dev-first Web3 security that starts at the source. Olympix is a pioneering DevSecOps tool that puts security in the hands of the developer by proactively securing code from day one.

Hiya

Hiya

Hiya's mission is to secure voice with trust, identity and intelligence. We're protecting people from spam and fraud calls, and helping carriers secure their networks for all.

LT Harper

LT Harper

LT Harper specialise in cyber security recruitment. We believe in providing an individualised service to our customers whether they are looking for a new opportunity or to hire talent.

Argantic

Argantic

Argantic aims to help organisations thrive and reach their full potential in a modern cloud-centric era.