Using the example of the 1965 power blackout that struck much of the Northeastern US as well as parts of Quebec and Ontario, popular British historian James Burke posed the question to viewers of his popular television series Connections in 1978 how they thought they would survive when all the networks of systems they so depend on were stripped away, one by one. Burke’s theme was our deep inter-dependence — and this was before the internet! Take away our modern utilities, communications, transportation, security, food & supplies, medical and other key networks, and we as individuals are suddenly very, very alone, in a Neolithic sort of way. That episode gave Hitchcock a good run for his money.
So why do we expect individuals — individual people and businesses, as well as governments (local and national) — to go it alone in our age of cyber? In a world that has become increasingly inter-connected exponentially through data and the internet, why is cyber security an individual responsibility especially as retailers, banks, insurance companies, telecoms, manufacturers and others collect and analyze mountains of data about us and our behaviors?
Cyber criminals get it. They completely understand the whole inter-connectivity of our modern world and have organized appropriately to maximize their efforts and effectiveness. The Darknet and I2P bring together the resources and all the elements of cyber crime for individual criminals, criminal syndicates and even countries. It’s the kind of organization that the internet and our modern data-driven world was just made for. It’s the reason that some analyst in China has my social security number now.
President Obama signed the The Comprehensive National Cybersecurity Initiative in February of this year to encourage cooperation between government and business on cyber-security and I applaud that effort, though it was really just baby steps. Some insurance companies have stepped up and offer cyber-insurance, but I suspect after a few big (and inevitable) events some big data collectors like banks and insurance companies will quickly become uninsurable – possibly requiring a cyber equivalent of the Terrorism Risk Insurance Act (TRIA).
It’s not enough to install anti-virus software on your computer. We depend on institutions, governments, banks, insurance companies, etc., to secure the data they collect about us. We expect them to take effective counter-measures, but cyber security is an arms race of technology and capabilities. Every bank, every computer, every person working in those banks is a potential weak link in all our defenses. So when are we going to get serious and organize against cyber crime effectively — as effectively as cyber criminals have been doing for years?