Cybersecurity has become a growing field for industries and governments alike. But what exactly are we talking about when we speak of security in the cyber realm?
Whether it’s state advancements in cyber-operations like Stuxnet, the National Security Agency’s global surveillance apparatus, or the breaching of sensitive personal-data and critical infrastructure by cybercriminals and foreign governments, the field of cybersecurity has become associated with a range of threats, impacts, and actors so numerous the term often loses its distinction.
The result has been a battle of “threat inflation” or “threat deflation” in the press, depending on the actor’s position. For some, inflating the threat is extremely lucrative for their industries. For others, depicting cyberattacks as existential threats is not only empirically-unfounded (till this day no cyberattack has resulted in a death of a human), but can lead to the erosion of fundamental civil liberties.
Allan Friedman and P.W. Singer, recent publication, “Cybersecurity and Cyberwar: What Everyone Needs to Know”, argues the truth lies somewhere in the middle of this debate.
According to Singer and Freidman, “97 percent of Fortune 500 companies have been hacked (and 3 percent likely have been too and just don’t know it), and more than one hundred governments are gearing up to fight battles in the online domain . . . The US Department of Homeland Security’s National Cyber Security Division has doubled or tripled in size every year since its inception.”
As Singer & Freidman explain, “A cyberattack is not constrained by the usual physics of traditional attacks. In cyberspace, an attack can literally move at the speed of light, unlimited by geography and the political boundaries. Being delinked from physics also means it can be in multiple places at the same time, meaning the attack can hit multiple targets at once.”
What does this suggest for security in a hyper-connected world like ours?
Because cyberspace relies on physical infrastructure and human users, traditional ideals in a globalized world like ‘sovereignty’, ‘nationality’, and ‘property’ are becoming increasingly difficult to conceptualize as the flow of people, goods, and ideas become more fluid and diverse.
The traditional roles of governments are beginning to alter to reflect this change. Additionally, the private sector (which controls 90% of US critical infrastructure) has taken large steps to change as well.
But as Singer and Friedman point out, the inability to stream
–line responses to cyberattacks by the government, and the plethora of varying standards of security set by the private industry, make preventative and coordinated action extremely difficult.
The result is cyberattacks will continue to persist in our data-driven society. But ultimately, the degree of impact these attacks have on our society at the public, private and individual level, is wholly contingent on the structuring of the public-private relationship, and the costs that would be accrued onto the attacker.