Achieving True Cybersecurity Is Impossible

Achieving True Cybersecurity Is Impossible

Cybersecurity is not a switch, and automating our defenses—computer network defense, national defense—is as likely to destroy us as save us.

 

Of course, we are not at war and, as a result, speed at any cost is just as likely to lead to disaster as it did in the summer of 1914, when all the major combatants believed whoever struck first was assured of victory, while waiting to be attacked made you a sucker.

Cybersecurity suffers from all the same associations. Once we insist that cyberspace is an arena of conflict, speed at any cost seems a necessity. Automating computer network defense is no longer thought of as a policy choice but is reduced to a question of how and when. I should add that if computer network defense can be automated, so can computer network offense, including espionage, crime, and systems compromise.

 

In sum, the cybersecurity we aspire to is impossible. Cybersecurity is not a switch, and automating our defenses—computer network defense, national defense—is as likely to destroy us as save us. We live in a world now, by choice, in which “sticks and stones can break our bones, but words can also hurt us.” As the mass shooting at Uvalde Texas and so many others have highlighted, in this new world there is no armor, no fortress walls, no police or army that can protect us. Along with increasingly extreme weather events, we will have to learn to live with cyber intrusions ranging from election interference, disinformation, cybercrime, and threats to our critical infrastructure. We will have to learn to be more self-sufficient and resilient.

Ivan Arreguin-Toft, Ph.D. currently teaches war and cybersecurity strategy and policy at Brown University’s Watson Institute of International and Public Affairs; where he also serves as Director of the Security Track for the undergraduate International and Public Affairs concentration. He is formerly a founding member of the Global Cyber Security Capacity Centre at Oxford University’s Martin School; where he served as Associate Director of Dimension 1 (cybersecurity policy and strategy) from 2012–2015.

Image: Reuters.