This chapter reviews the assumptions on which this section of the book is based, explores the irreversible dependency of society on information and communications technologies, and sets the scene for the asymmetric nature of cyber-attacks, and lists the main the challenges facing security practitioners in the public and private sectors. These are discussed in more detail in subsequent chapters.
Top1. Lessons From History
Those who cannot learn from history are doomed to repeat it. (George Santayana)
History is merely a list of surprises. It can only prepare us to be surprised yet again. (Kurt Vonnegut)
History tells us that human societies have been creative –from the invention of writing and numbers, the development of knowledge and science to the construction and deployment of many technologies.
There are many books about the destructive nature of the human species – from impacting the environment and causing other species to become extinct to many forms of war and terrorism throughout the ages.
At least four “species”, however, have survived and continue to thrive despite massive efforts to control them if not eradicate them: cockroaches, rats, criminals and terrorists. The latter two have become adept at using various forms of electronic forms of attack.
Will there be a cyber-terrorist attack or even a cyber-war? Will civil society be disrupted? Many people have no doubts. For example, in May 1998, when addressing the U.S. Naval Academy in Annapolis, Maryland, President Bill Clinton said:
Our security is challenged increasingly by nontraditional threats from adversaries, both old and new, not only hostile regimes, but also international criminals and terrorists who cannot defeat us in traditional theaters of battle, but search instead for new ways of attack by exploring new technologies and the world’s increasing openness.
He then added “…intentional attacks against our critical systems are already under way.” (Transcript, n.d.)
From this statement, not the only one of its kind in the last few years, it would seem that cyberwar has already started but has not yet caused such impact that it becomes instant global news. Other known attacks are discussed in Chapters 3 and 4.
President Clinton’s statement also confirms that information security, in all its aspects, is not a technical problem. It is a problem caused by human action, and the only way to manage it is to apply one of the fundamental principles of Physics: a reaction of equal force in the opposite direction which also needs human action.
Attacks to information and communications technologies (ICT) have happened so many times that while they regularly make the news, they no longer come as a surprise.
Top2. Assumptions Made In Preparing This Part Of The Book
This part of the book is based on eight assumptions – all of them discussed in this chapter:
- 1.
Few activities in the developed and developing world are not touched by ICT;
- 2.
The dependency on ICT is both strong and irreversible;
- 3.
Information Security has been an issue for many years;
- 4.
Attacks have been happening for many years;
- 5.
Software is not perfect and systems are complex;
- 6.
The seven myths of terrorism;
- 7.
Technical innovation will continue at a rapid pace; and
- 8.
Legislation to deal with the consequences of technical innovation emerges many years later.