Cybersecurity experts from across industries and sectors share insights on how to think like scientists to master cybersecurity challenges
Humankind's efforts to explain the origin of the cosmos birthed disciplines such as physics and chemistry. Scientists conceived of the cosmic 'Big Bang' as an explosion of particles--everything in the universe centered around core elements and governed by laws of matter and gravity. In the modern era of digital technology, we are experiencing a similar explosion of ones and zeros, an exponentially expanding universe of bits of data centered around the core elements of speed and connectivity. One of the disciplines to emerge from our efforts to make sense of this new universe is the science of cybersecurity. Cybersecurity is as central to the Digital Age as physics and chemistry were to the Scientific Age. The Digital Big Bang explores current and emerging knowledge in the field of cybersecurity, helping readers think like scientists to master cybersecurity principles and overcome cybersecurity challenges.
This innovative text adopts a scientific approach to cybersecurity, identifying the science's fundamental elements and examining how these elements intersect and interact with each other. Author Phil Quade distills his over three decades of cyber intelligence, defense, and attack experience into an accessible, yet detailed, single-volume resource. Designed for non-specialist business leaders and cybersecurity practitioners alike, this authoritative book is packed with real-world examples, techniques, and strategies no organization should be without. Contributions from many of the world's leading cybersecurity experts and policymakers enable readers to firmly grasp vital cybersecurity concepts, methods, and practices. This important book:
* Guides readers on both fundamental tactics and advanced strategies
* Features observations, hypotheses, and conclusions on a wide range of cybersecurity issues
* Helps readers work with the central elements of cybersecurity, rather than fight or ignore them
* Includes content by cybersecurity leaders from organizations such as Microsoft, Target, ADP, Capital One, Verisign, AT&T, Samsung, and many others
* Offers insights from national-level security experts including former Secretary of Homeland Security Michael Chertoff and former Director of National Intelligence Mike McConnell
The Digital Big Bang is an invaluable source of information for anyone faced with the challenges of 21st century cybersecurity in all industries and sectors, including business leaders, policy makers, analysts and researchers as well as IT professionals, educators, and students.
"The most fundamental forces of cybersecurity are speed and connectivity. Our solutions must support and leverage these forces."
"Embracing cybersecurity as a science can be an incredibly powerful and effective way to underpin innovation."
Humankind experiences some of its greatest disappointments and disasters when we fail to acknowledge the fundamentals of physics and chemistry. As we solve problems and improve technology, we must work with, not against, the foundation of the laws of mass, force, energy, and chemical reactions-laws that began with the cosmic big bang.
Like the physical world, cybersecurity has its own set of fundamentals: speed and connectivity. When organizations ignore these fundamentals, distracted by sophisticated marketing or new products, we suffer the consequences. We end up with solutions that solve only part of the problem or that simply stop working (or stop us from working when put to the test of real-world conditions).
That's partly because, to date, cybersecurity has been treated as a cost of doing business, as opposed to a foundational set of primitives and rules that are leveraged to achieve greater things. To build a cybersecurity foundation that will work now and continue to work in a world exponentially faster and more connected, we must start treating cybersecurity more like a science. We must understand its fundamental elements and how they interact.
The early Internet, constructed decades ago to serve a small, tight-knit and primarily academic community, was built upon principles of game-changing speed and a deep understanding of the importance of connectivity. Security and privacy were not needed for that first small group of trusted users and thus were not part of the original design requirements. Although security and privacy have demonstrated their importance in today's blisteringly fast, global network, they have not kept up as the Internet has matured.
While we are exponentially more connected than at any other time in history, with nearly instantaneously accessible information at our fingertips, the cyberadversaries-not the defenders-are the ones who have mastered speed and connectivity to their advantage. Speed and connectivity serve us well as communication building blocks, but too often have failed us in cybersecurity, because we have failed to establish the foundation of cybersecurity upon those fundamental elements.
In a hypercompetitive business landscape, not only do cybersecurity fundamentals protect you and make you a much less attractive target to bad actors, but they also cast a halo of protection across all the individuals and organizations to which you are connected.
When we build our cybersecurity based on a complete understanding of fundamental elements and how they can work together, we can inspire and encourage scientific revolutions and evolutions in cybersecurity that will make us much better off.
We are on the verge of a new understanding of a basic element of human society. Just as the world has understood that economic security has been highly dependent on a stable flow of fossil fuels and that national security is dependent on safeguards for nuclear weapons, today we understand that, in our hyperconnected world, there is no global security without understanding and mastering the science of cybersecurity.
But the real historical analogy of cybersecurity, the story of the digital big bang, starts much earlier. Let's rewind nearly 14 billion years to the Big Bang, the beginning of the universe as we understand it today.
"The good thing about science is that it is true whether you believe it or not. That's why it works."
-Neil deGrasse Tyson
THE COSMIC BIG BANG: THE BIRTH OF THE PHYSICAL UNIVERSE AND THE HUMAN SOCIETY THAT EMERGED
At the beginning of time as we know it, around 14 billion years ago, energy and matter were born in a moment of unfathomable brilliance. Those core building blocks combined into atoms, followed by even more complex assemblies (molecules) just a few hundred thousand years later.
Billions of years later, after countless stars were born and died out, our solar system was formed from the remnants of furnaces of those long-dead stars. Physicists and chemists study the big bang's fundamental elements and their interactions in part to explain what things are made of and how they behave.
Some of those complex configurations coalesced into what we call life. We study life and how it evolved from its most primitive state to discover where we come from and to help us thrive within our given universe, not fighting mother nature.
The human life that eventually emerged from among this plethora of creatures eventually formed complex rules and societies that evolved in a broad set of stages or ages. Yuval Noah Harari in Sapiens cited them as follows:
- The Cognitive Revolution (c. 70,000 BCE, when Homo sapiens evolved imagination)
- The Agricultural Revolution (c. 10,000 BCE, the development of agriculture)
- The unification of humankind (the gradual consolidation of human political organizations toward one global empire)
- The Scientific Revolution (c. 1500 CE, the emergence of objective science)
In each of these ages, humans made relatively large leaps forward in understanding their environment and, at times, directly shaping it.
THE DIGITAL BIG BANG: THE BIRTH OF THE DIGITAL UNIVERSE
If we take on the mindset of a cybersecurity historian, we can look at the big picture in the same way and attempt to understand what is driving it forward. Consider these observations:
- While it took billions of years for the physical world we know to create and sustain human life, it took just 50 years from the beginnings of the Internet as ARPAnet in 1969, for the explosive forces of digital speed and connectivity to transform human society.
- Ninety percent of all the data in the world ever created was generated in the last two years. Bang!
- The Internet itself-a vast and hyperconnected data transmission system-now creates 2.5 quintillion bits of data per day. I don't even have a fathomable analogy to characterize how much that is-but it's 18 zeros.
Digital technology has come to enmesh and propel nearly every aspect of modern life, from the operational infrastructure that keeps our cities and towns powered and functioning, to the now almost entirely digitally driven systems of global finance, security, and energy production. The rapid transference of digital information is how we connect, communicate, and-in many ways-sustain human life, order, and a tentative semblance of peace on Earth.
Our opportunity is to describe how the digital big bang progressed over time, understand its significance, and do something smart and productive about it.
THE SCIENTIFIC REVOLUTION
After the cosmic big bang, billions of years passed before humans came along and eventually started trying to make sense of the whole thing.
In human history, the most recent and most significant age is the Scientific Revolution, not so much because of what it achieved, but because of what it left behind. It was in the Scientific Revolution that we finally admitted that we didn't know everything. The admission of ignorance advanced the pursuit of knowledge and reason. It allowed us to define the modern laws of physics and chemistry; to explain, in a data-driven way, how nature's fundamental elements interact; and to discover the perils? of ignoring those laws. It incentivized us to fill in gaps in our data collection that we didn't feel obliged to before.
For example, the maps of the world from 750 years ago had elaborate drawings of mid-ocean whirlpools and sea monsters-here be dragons-mid-continent mountain ranges, and other physical phenomena. Faulty thinking, and the desire to warn of the dangers of sea exploration, led mapmakers to fill in what they did not know.
In contrast, the maps of the Scientific Age were drawn with large blank areas, showing where we had no data. It was not until we admitted that we in fact had very little idea what was beyond the horizon, or mid-ocean or continent, that we began exploring those areas and filling in the missing pieces that led to a much better understanding of our world.
The pull of curiosity about basic principles reduced the fear of the unknown and prompted the physical world's golden age of scientific education.
Now we must make the same leap in cybersecurity. We need to stop quaking at the cyber threats-real and imagined-and get down to the business of defining how to navigate and master those threats.
THE BANG BEGINS
A masterpiece of international collaboration, the Internet has its roots in the desire to share computing and information resources and the US Department of Defense's goal of establishing connectivity via computers in the event of a nuclear attack that destroyed telephone systems.
On October 29, 1969, the first message was sent over what would eventually become the Internet. Meant to be the word "login," the letters "L" and "O" were sent from researchers at UCLA to a team at Stanford. Then the system crashed. (We'll pause while you chuckle about that first crash.)
When it was...