This year at the RSA Conference, it’s hard to shake off the fact that all this digital fiddling somehow got mixed up in a real war. I imagine this sort of fantasy where techno purveyors never really thought the cool stuff they were doing would get used as a pretext for bombing, but here we are. It feels more real.
Not real in a good sense – real in the sense that we’d better get the tech right so people can avoid dying. If the communications get shut down when we order a food delivery, probably no one gets hurt, but kill a cell tower for evacuating people fleeing from bombs ... and people die. That kind of infrastructure is the kind of thing we need to protect now, it just keeps getting more real.
Here at ESET, we’ve done a fair amount of protecting physical infrastructure from cyberthreats, but that’s recently ramped up to “11” with the global border-hopping incursions by angry people with weapons.
Kinetic vs. cyber
But kinetic warfare doesn’t quite know how to use cyberwarfare, or understand its capabilities. When you press a button in kinetic warfare, the missile launches, and seconds later something explodes – you can confirm that it works.
When launching a targeted phishing attack, for example, months of planning may be required, and the yield is nowhere close to 100%. You might not even be able to tell if you hit the target, or you might hit the wrong target. Even if you are successful, it’s hard to plan the timing in a way that kinetic warriors will know when your digital target is down so they can roll in.
Defending digital targets is something we understand, though; we know how to do that. So that’s what we’re doing. But it makes war conversations, um, weird. The expectations on both sides are opaque at best. This results in more impacts.
Meanwhile, we see foreign adversaries perfecting their craft. What started as a clunky, stop-and-go fit of spurts has congealed into some kind of continuous integration and delivery infrastructure, taking cues directly from Silicon Valley vendors found in swarms around RSA; we taught the bad guys how to do this.
Your swarm of consciousness vomited wholesale onto Twitter and amplified by a hollow echo chamber of techies has inadvertently helped shape foreign influence operations. By watching the trajectory of resonating topics (or not), foreign adversaries can spin up their own echo chamber to amplify bogus narratives. That’s not new, but they’re getting a lot better at it.
If you’re being invaded, selfies with things bombed in the background are a great way to gain global attention outsized relative to the actual event. Statistics of millions dead have less impact in the social media sphere than one wounded girl running from people with guns. And some people who respond are moved enough to send money to help defend yourself with real kinetic weapons.
Again, I don’t think technologists really ever believed this would happen in real life, or we didn’t really spend the time to battle-harden tech so it wouldn’t fold in the deluge. For example, when there’s an emergency, everyone grabs their phones, immediately overwhelming local cell tower capacity.
But here we are. We need to think about the seriousness that tech will play and build accordingly; we need to ramp up for success. That’s kind of what the RSA Conference focuses on, growing up and being digital adults.