Cyber defence industry is making money. In 2015, the market will reach 75 billion and in 2020 it will grow to around 170 billion. For some countries like the US, Israel, India and Europe, the cyber industry is vital to their economy.
But, while the industry makes money, it doesn’t solve the problems. If you don’t believe me, try looking for a company that give you guarantee from cyber attacks. You can also look for cyber attacks statistics to see that the amount of attacks and their relative damage is on the rise.
In one of my last interviews with an Israeli branch manager of a known cyber defence company, he told me that the statistics didn’t change for the last twenty years. Yes, the solutions are more advanced and complicated, but the infection rate and the ability to identify a threat is the same.
“it’s a Hamster Wheel”, he told me. “But it’s good money. So nobody care”.
The Emperor’s New Clothes
The question is what’s broken? Is it the solutions that aren’t good enough? The users that can’t change their behavior? The international community that can’t share information and cooperate? Maybe all of it is true. Perhaps the paradigm of cyber defense is fundamentally flawed.
If one is looking from a birds eye, down at the cyber defence industry, he will notice it’s all about preventing information flow. In other words, the paradigm is that there are secrets, islands of private information, that should be hedged.
But the truth is that the world changed, and this paradigm stayed. If one reads Alvin & Heidi Toffler books [and a lot of other stuff on that subject], it becomes apparent that the information is the actual currency of our time. And as such, trying to prevent it from flowing is to go against economic and social evolution.
It’s scary to think about an open digital world. The world without privacy that does not include secrets or private information. A system where sharing information is not mandatory, but a way of life. A culture of openness that most of the knowledge is common knowledge.
In a way, we all are living in such a world. Facebook, Youtube, Twitter, Instagram, WhatsUp, Wechat, Telegram and a lot of others – They are all information sharing platforms. And almost all of us are sharing our life experiences with them. All our secrets are already there, In the cyberspace. One only has to infect the information pieces to know them.
Under this perspective, the hackers and the NSA [and every other intelligence organization] understand something that the defense industry doesn’t – You can’t stop the information flowing.
So if you can’t stop it, why try? And why sell dreams to the public? It’s not a technical failure that you can fix. It’s a mental failure you have to fix. Instead of thinking how to hide information, embrace the fact that everything is exposed and start to think what we can do with the information for the benefit of humanity or business.
WAZE is one example. All the world already knows where I am, so why not use this information to make the traffic better. In Israel, the ministry of health is developing an app to balance the load in emergency rooms based on WAZE. It means that giving up my private information [My location] for public use, can save lives.
In reality, the cyber defense paradigm is broken, and Companies are looking for cyber insurance and regulation as a sign of disbelief in the cyber defense products. If the past twenty years would have produced working solutions, there was no “cyber” problem today.
The truth is that we are ahead of a future market dominated by mandatory behavior dictated by the government and insurance companies, rather than a market driven by positive thinking how to solve the problems.
In a cyberspace where “most do” defense is the norm, hackers will always have the advantage. The defenders on the other side are like a hamster running on a wheel. To get off it, one should a make peace with the death of private information. To do so, we most change the paradigm of how we perceive the meaning of information in the digital world.
Written by Ami Rojkes Dombe
(Security Affairs – cyber defense, cyber security)