A few weeks ago I posted a little something about a movie that, though cheezy, wound up being a bit prophetic in regards to information security and the Internet. Since then I have been wondering what the future holds for all of us.
My mind often focusses on a quote, one that I cannot seem to find a reference for, that says something to the effect of "our military is always prepared to fight the previous war." Essentially saying that looking forward, especially if we have always been on the winning end of a conflict is difficult for us Americans.
But this has always been our flaw. Think of all the conflicts that America has had a hard time dealing with, Vietnam and Afghanistan are two that come to mind. In both instances our typical approach to warfare didn't/doesn't work. Hindsight being 20/20 most everyone can point flaws in the approach to the Vietnam conflict. While many are wondering if our troops can ever succeed in Afghanistan.
So what does this have to do with Information Security? Everything! While aircraft, ships, tanks and troops will always be a necessity the next war will start in cyberspace. Degrading your opponent's ability to fight will give you the advantage when troops eventually hit the ground.
So how do we currently fight our enemies? Without going into too much detail, our country has decided to engage in cyber warfare the same way it chooses to engage in any other sort of conflict. You have units, those units are responsible for certain tasks. Attack orders can be issued, followed, then verified upon completion. Very structured, very rigid, very broken...
Our enemies in the next war will launch their attacks against our cyber strongholds from small cells across the globe using our own resources against us. Our monolithic cyber commands will fail within minutes. The infrastructure of the United States will be left in shambles, our economy decimated, and our ability to recover severely hampered.
I don't see any way around this with our current approach. Our country simply puts too much stock into the tools we use to defend our networks, there simply isn't enough human intelligence going into the active defense of those networks. Consider this, if you had a billion computer bot-net attack our nation's cyber command right now could it withstand the assault? Not likely, in effect the only defense in such an attack would be for a person to reconfigure a router or flip a switch to reboot a server or two. Too little too late....
Need a better metaphor think Battlestar Gallactica and how it denied the enemy the ability to infiltrate their systems by having people perform tasks that would otherwise be automated. So what then, am I saying we need? We need high speed neural interfaces that allow people like you and me to integrate with our defense networks. That integration, if correctly implemented, could provide us with the edge we need.
Think about it... every day our minds absorb countless amounts of data and process the information looking for anomolies, seeing patterns, and adapting to changing environments. In essence, we need a neural interface type system because we simply do not have the knowledge to develop an AI capable of rivaling the human brain and likely never will (not anytime soon anyway). Giving a person the ability to detect an attack, initiate a response, establish a defense, and identify patterns on the fly within milliseconds could turn the tide of war in our favor when the time comes.
So is this science fiction or can anyone else see this as the direction we are heading in? In 5, 10, 20, or 50 years from now when this becomes reality just remember who said it first!
