Hacking the Notion of Cyber Security
Cyber security might have become a widespread term in public debate, government security arrangements as well as funding bodies’ strategical directions but it has longer historical and cultural roots.
The recent organisation of security and defence around the at times ephemeral seeming threats of “the cyber” is pitched as a necessary move to combat the security issues from other national bodies, and importantly from a range of non-governmental threats. Indeed, in the post 9/11 world, threats are often intentionally pitched as such ephemeral forces that cannot be identified by a clear name; from criminal organisations after monetary profit to organised attempts to inflict damage on national and corporate infrastructures to the at times puzzling inclusion of network politics and activists as cyber threats, cyber security seems to be a field that is happy to include a lot. Of course, as security companies like F-Secure know well, there is a lot happening on the dark side of network culture (as we slightly poetically named it in our 2009 volume The Spam Book ). Some of the most famous cases have indeed been attacks against for instance Iranian nuclear plants, like the infamous Stuxnet worm. Since then, speculations concerning Israel and US involvement have been voiced — also referring to the “Operation Olympic Games”.
The problematic aspect of the notion of cyber security has to do with its broadness. Are we suddenly including all sorts of critical digital voices as part of “threats”? How does one classify such net organisations/phenomenona as Anonymous or even Wikileaks? Is anything that is deemed slightly “uncomfortable” a good target for preemptive cyber security forces? Does the organisation of such a notion – both institutionally and discursively – have a complex and refined enough sense of network culture to understand that cyber security should be something that is serving democratic society, not the other way round? The recent years of reducing of rights in public space and in online interactions are something that need to be concerned about too. This agenda should then include the troubling copyright and corporate regimes of the Internet — perhaps those are actually cyber threats and themselves attacks of sorts?
In my Digital Contagions – A Media Archaeology of Computer Viruses , which was the first systematic critical theory and media studies take on this particular form of a “general accident” of network culture I tried to look for some of the conditions of existence for the ways in which we perform and talk about “security”. Security happens increasingly on invisible levels where control is not only about phenomenological bodies in architectural space — humans in cities for instance – but about software objects in electronic architectures. In the 1970s an understanding of computer crime might have still have included a physical intrusion to a computer centre and for instance smashing a computer with an axe, but gradually since the 1980s this changed towards a more software and network focused understanding. It was not only then about the spaces in which computers were, but the spaces in computers and networks that were seen as critical infrastructures.
Computer threats become a widespread topic through incidents such as the 1988 Morris worm that made headline news. Suddenly TV stations were inviting Pentagon generals and computer scientists on television to discuss this new sort of a threat. It seemed to fit in nicely with the 1980s emerging cyberpunk scene in which fiction work pitched the idea of viral threats, hackers and the emerging network culture. The 1990s saw the emergence of the more widespread commercial security industry which has ever since been a crucial part of this post Cold War security regime. Indeed, we need to understand the online threats in relation to wider global articulations of defence and security, as well as the commercialisation of such risks as a business model.
Despite what some might claim, there is no safety from cyber-attacks. This was already discussed by such pioneers as Fred Cohen in early 1980s. Cohen’s scholarly thesis, supervised by Len Adleman who became then famous as part of the research into DNA computing, was that if you want connectivity, you cannot ever be 100% secure. That is the lesson and price of network society, and the inherent need for risk tolerance, so to speak. For sure, there is a long media history of measures for secure communications — often entangled with privacy and military regimes. Cryptography is not a recent invention but a sophisticated form of media communications dating back centuries and to various pre-nationstate regimes.
In short, we also need a media historical and media archaeological understanding of contemporary security regimes — that also critically evaluate what is it that we understand as threats, and how the material, mediatic infrastructures play their part in defining what counts as part of our evaluations and logistics of security — it is not only about humans anyway, but increasingly non-human agencies.
The writer is Reader in Media & Design at Winchester School of Art and has written extensively about network culture and security, including books such as Digital Contagions (2007) and The Spam Book: On Viruses, Porn and Other Anomalous Objects from the Dark Side of Digital Culture (2009, with Tony Sampson).