Paranoia strikes deep
Into your life it will creep
It starts when you’re always afraid
You step out of line, the man come and take you away
– Buffalo Springfield
I recently attended a seminar on information security hosted by the Hudson Valley chapter of ISACA. (One of the interesting things about ISACA is that many of its own members aren’t really sure what “ISACA” stands for. For the record, it’s “Information Systems Audit and Control Association, Inc.” Of course, with the “Inc.” it should really be ISACAI – but I digress.)
The featured speaker for this seminar was Gordon Smith of Canaudit, a company whose work revolves around information security matters. Mr. Smith came across as a jovial and dynamic speaker – albeit one a bit overly consumed with passion for his company’s field. Over the course of his two-hour presentation, he regaled us with the many ways nefarious hackers – and worse – were scheming to attack our computers, networks, and cell phones and make merry sport with them.
He mentioned more than once that the laptop he used for his presentation had a triple-encrypted hard drive, as well as a special film over its screen to prevent people nearby from observing its contents. He noted that on occasions when he realized his laptop had been unsecured and out of his sight, he would subsequently wipe its hard drive and totally rebuild its contents.
Clearly, Mr. Smith walks the talk of his company. And I guess if you’re going to be paranoid about stuff like that, you might as well build a successful business on it. But there were a few times when I wondered if Mr. Smith was not seeing the forest for the trees.
Early in his presentation, Mr. Smith went on a rant about Russia knocking the Republic of Georgia off the internet during last year’s war over South Ossetia. He also talked about the Chinese eavesdropping on laptop computers Americans took with them to last year’s Summer Olympics.
Putting 2 and 2 together, Mr. Smith somehow came up with 11. He compared Russia’s alleged internet attack on Georgia with Hitler supposedly trying out the idea of Blitzkrieg on Poland before applying it to other fronts during World War II. Having laid this groundwork, Mr. Smith hypothesized that Russia and/or China were preparing to someday wage a cyberwar against the US.
While this was all rather compelling, it’s not in synch with the facts in several key ways. Apparently, historians don’t think the German attack on Poland was all that novel. And Russia’s supposed attack on Georgia’s online capabilities is apparently more a media fantasy than a reality.
But beyond that looms a larger question: given the way the world’s large economies are interwoven today, why would one country with a large economy want to disable another? China, for example, has billions of dollars-worth of US Treasury notes. Its manufacturing economy is also hugely dependent on American consumers, which affects China’s approach towards the US:
The dependence of the Chinese manufacturing industries on the US market has introduced a certain moderation in Chinese policies towards the US in strategic areas due to the Chinese anxiety to avoid unnecessary tensions in its relations with the US in matters such as Taiwan lest these tensions affect the trade, which is overwhelmingly in favour of China.
This is in line with Robert Wright’s idea of a non-zero world, in which there can be “win-win” and “lose-lose” outcomes for nations. From this perspective, the claim that China or Russia are preparing to undertake a cyber-attack on the US sounds rather paranoid. Such an attack would severely damage their own economies. Why would they do that?
The other problem with Mr. Smith’s presentation was that it focused heavily on the stratospheric level of technology – all the super high tech hacks and defenses that geeks love. He seemed to have little interest in the more mundane world of human foibles.
Take, for example, the case of Gary Sinnott, a Brit who decided to create a website to promote his hometown of Mildenhall. The only problem was that his website address, http://www.mildenhall.com, was very similar to the web address for a nearby U.S. Air Force base – http://www.mildenhall.af.mil. Apparently, a lot of American military folks were a bit lax in their emailing habits, and wackiness ensued.
We shouldn’t minimize the importance of information security, and I’m sure that Gordon Smith is extremely knowledgeable about the field. But we need to also remember the real world, in which national behaviors can be shaped by their intertwined interests and where information can be insecure just because some people are nitwits.