Government Sponsored Cyber-insecurity Is A Gift For Hackers

Uploaded on 2017-05-25 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The political legitimacy of democratic capitalism, that unlikely political formation that has brought us the end of history and now presents itself as the only bulwark against rightwing extremism, rests on a clear distribution of functions between governments and corporations.

The former take on the role of regulating the latter in order to protect the customers from the occasional harmful effects of the otherwise beneficial business activity.

This system is deemed to be democratic because people elect governments and can always vote them out; it’s capitalist because corporations are constrained by the logic of competition, which prizes efficiency, innovation and infinite expansion.

That logic, with its penchant for creative destruction of all things stale and permanent, can produce toxic results, which is precisely why government action is needed. Such, at any rate, is the social democratic consensus accepted by both centre-left and centre-right parties.

The questions of war and security, and the existential imperatives that they impose on the most democratic of societies, have always posed unresolved challenges to this framework, as can be glimpsed from occasional warnings about the military-industrial complex expressed by many a political insider nearing retirement.

Thus, standard democratic procedures are regularly suspended as governments demand tighter control over the flow of information, classify more of their internal communications and expand surveillance without any requisite checks and balances.

The standard critique of such practices attacks the undemocratic-because-unaccountable activities of the so-called “deep state”. Rooted in campaigns to defend privacy, opponents aim to make the deep state shallower, ideally by means of legal interventions aimed at restoring transparency and accountability. The real problem, they argue, is with the malfunctioning of democracy, we could easily ignore the capitalist part of “democratic capitalism”: we just need more and better legal instruments to tame the intelligence agencies.

Alas, the world in 2017 is not so easy to pigeonhole into the neat compartments of this scheme. Consider just one example: cyber-security. Plenty of rogue states are, indeed, busy hacking the servers of their adversaries in western Europe or North America. Likewise, there’s no denying that non-state hackers, operating for commercial or patriotic motives, have damaged their targets.

None of this punctures the founding myth of democratic capitalism – that governments are here to constrain the toxic activities of businesses; such new dangers actually warrant a greater role for the state.

What does puncture that myth, though, is the growing realisation, boosted by WikiLeaks’ recent disclosure of CIA hacking tools, that it’s democratic governments themselves, via their intelligence agencies, that are responsible for creating vulnerabilities in our communication networks, tinkering with our smart TVs and exploiting loopholes in our operating systems.

They do this for motives that some might view as noble: to identify early signs of terrorist activity, to track down criminals, to disable devices that might be part of sophisticated plots to wreak havoc on our cities. Whatever the motives, we should not lose sight of the larger political effects produced by such actions.

First, the expansion (and even the maintenance) of the surveillance capabilities of democratic governments presupposes a permanent structural insecurity of our communication networks. That insecurity, in turn, gets exploited not just by democratic governments but by anyone else, including all those rogue states and non-state hackers.

However, once insecurity is structural, the right response is not more security, but more insurance. This explains why cyber-insurance has become one of the most promising segments of the insurance market, with even sectors like manufacturing (itself increasingly wired up and interconnected) needing to spend more and more to insure against disruptive cyber-attacks.

In essence, cyber insurance, like any other form of insurance, is a domain of rentiers who are keen to extract a regular premium payment from those needing their services. The truly innovative element here is that the risk that creates this new class of rentiers exists partly, and, one could even say, mostly, because of government activity.

Here, the logic of democratic capitalism is no more: governments are not restraining the toxic activities of companies; rather, they engage in toxic activities of their own, which companies mitigate with activities that are either more or less toxic, depending on one’s views about the parasitic nature of economic activities pursued by rentiers.

The second political effect of the ever-expanding surveillance apparatus is the disadvantage it creates for small companies and non-profits, not to mention individuals. Remember the early utopian vision of a digital world, where we would all be running our own mail servers and, with time, might even master our own version of the connected home?

Well, today we demand more autonomy at our own risk: given the sophistication of cyber-attacks, which both aim to steal data and overwhelm sites with fake traffic, it’s obvious that the only actors capable of defending ordinary users, be they individuals or corporations, are big tech firms such as Google, Apple and Microsoft. This, too, violates the basic premise of democratic capitalism: citizens are encouraged to seek protection from companies, not governments.

When both spam and security threats are assessed using the most advanced forms of artificial intelligence, one can forget about any other, smaller player being able to compete with such firms that use the structural insecurity created by governments to further consolidate their near-monopoly status.

Democratic capitalism is thus always democratic monopoly capitalism, and even more so in its digital version. The idea that the normal imperatives of capitalist competition would exert extra pressure on digital giants seems quaint. There’s no garage big enough to house a startup that can unseat Google, not with its trove of customer data and artificial intelligence.

The third effect of this new post-democratic compromise is that, in presenting cyber-insecurity as a natural rather than human-made problem, it delegitimises the role of law, and politics in general, in mitigating conflicts between citizens and corporations.

Consider how we deal with other types of disasters. It would be imprudent to rely on the power of law and politics to ward off floods and earthquakes; insurance, under these conditions, is not an unreasonable option. But none of this prevents us from requiring stricter building standards so as to minimise the damage when the disaster does strike.

The world of cybersecurity does not follow this logic. Imagine if the government regularly dispatched a group of well-paid and well-educated saboteurs to weaken the anti-flood or anti-earthquake defences of our houses, leaving us no option but to turn to the private sector for security, either in the form of better defences or better insurance. This is the situation we are in right now; the only difference is that cyber-security disasters are almost entirely human-made and thus avoidable.

Rhetorically, the governments might even agree that, in the face of all these dangers, we all need to strengthen our privacy laws. In reality, though, we all know that it would only result in them sending even more saboteurs, with even more powerful tools, to weaken our defences. Who, under these conditions, would retain any faith in law and politics, rather than accept protections promised by the market, however flawed and expensive?

Cyber-security, alas, is just one of the many examples where the legitimacy of democratic capitalism, as well as of the social democratic parties that have traditionally defended it, has expired, even if its talking points are still in circulation. No wonder that social democratic parties are collapsing, as elections in the Netherlands and France have shown: they claim to be defending a system that no longer walks the talk.

Guardian:

You Migh Also Read:

Nation State Hacking Has A Big Commercial Impact:

We Are In A New Era Of Espionage:

 

 

 

« Uber Faces A Criminal Probe In The US
Google Neutralizes Phishing Scam »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC - JAMK University of Applied Sciences

JYVSECTEC is a cyber security research and development and training centre

Avanan

Avanan

Avanan is The Cloud Security Platform. Protect all your SaaS applications using tools from over 60 industry-leading vendors in just one click.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

NXO France

NXO France

NXO is an independent leader in the integration and management of digital workflows with services covering digital infrastructures, communications & collaboration, and security.

miniOrange

miniOrange

miniOrange is a cloud and on-premise based identity and access management (IAM) solution provider.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

The main objective of the Hub is to bring cybersecurity and other advanced technologies closer to companies and as a result help to increase their performance as Industry 4.0.

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

RUSCADASEC

RUSCADASEC

RUSCADASEC is an independent non-profit initiative on developing the open Russian-speaking international community of industrial cyber security/ICS/SCADA cyber security professionals.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

Deeper Network

Deeper Network

Deeper Network represents the world's first decentralized blockchain network for building a truly private, secure and fair Internet.

Data Priva

Data Priva

Data Priva is the UK's leading subscription-based data protection, governance, risk and and compliance service.

FastNetMon

FastNetMon

FastNetMon is a very high performance DDoS detection and mitigation tool which could detect malicious traffic in your network and immediately block it.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.

Simbian

Simbian

Simbian, with its hardened TrustedLLM system, is the first to accelerate security by empowering every member of a security team from the C-Suite to frontline practitioners.

National Renewable Energy Laboratory (NREL)

National Renewable Energy Laboratory (NREL)

NREL is transforming energy through research, development, commercialization, and deployment of renewable energy and energy efficiency technologies.