Robert Ghanea-Hercock is a Chief Research Scientist in the British Telecommunications Security Research Practice.
"What we have in the cyber domain is [a] game... where there are far more avenues for attack than there are ways to defend..." "Cyberspace is driven by the actions of the individual members of human society; it is a powerful medium for social change precisely because it empowers individuals..."
In the twenty-first century we face unprecedented challenges in securing the information assets and intellectual property of our public and private organizations. Yet only a few years ago, the cyber war was often derided and declared a mere nuisance to business as usual. Painful experiences over the past two years, such as the Sony and RSA attacks, have now dispelled this naive stance.1 The truth of cyber security, how- ever, is both overt and subtle. It is overt in the sense that the arena is now clearly driven by a mix of political expression, such as the Anonymous social hactivism movement, and economic incentives for criminal gangs to state-sponsored industrial espionage. The subtle facet of cyber security, however, is why it remains a difficult problem. Specifically, the mix of technical, policy, and social dimensions have combined to create and complicate a coevolving, complex adaptive system (CAS). This is the essence of the cyber prob- lem. More importantly, once we accept this is the case, it perforce reshapes our entire policy and technical approach to the problem. Ultimately, we cannot solve a CAS; at best we can merely shape and influence its evolution. The article will first overview what we mean by a CAS in the computer domain, and then will review the characteristics of the tech- nical, social, and legal cyber security themes. (purchase article...)