While in-the-loop intelligence and defense insiders have been preaching about the dangers of cyberwar for more than a decade (think Richard Clarke) most of the world is just starting to catch up.
And they are scared.
Because even though it’s great to think about cyberwar when you might be on the winning side (Stuxnet? What’s a Stuxnet?), it’s terrifying when you might be on the losing side (which is maybe why Iran has reportedly taken some of its oil terminals from the internet in the wake of a possible cyberattack). And the problem is that no one seems to know if they are winning or losing.
A major reason for this is that cyberattack, cyberwar, cybercrime—cybereverything—have taken on the character of a modern day Frankenstein monster. This thing called the internet has gotten out of hand, and just like Peter Boyle in Young Frankenstein, once it's done tap dancing we want to hunt it down with pitchforks.
Many forget that the complete title of Mary Shelley’s classic is Frankenstein; or, The Modern Prometheus, or the reason that Shelley referenced the classic Greek myth (similarly, many don’t know why this is the title of Ridley Scott’s new movie; so read on and you will instantly be the smartest person in your next water cooler chat/bar trivia contest/dinner party conversation).
The gist for all of you who didn’t get a copy of a book on Greek myths from your parents growing up: Prometheus, a too-clever human tricks the gods and steals fire from them, and for this is punished by being chained to a rock where a giant bird visits him every day and plucks out his liver. Moral of the story: even if something is useful or really cool (for some the jury remains out on which of these best describes fire), there are some things that the gods are going to punish humans for having.
Like Facebook.
So what are we supposed do now that everyone has caught up the folks that were howling in the wilderness about the cyber threat, when we have become so dependent on the internet to maintain our infrastructure, create jobs, fight wars, and play Words With Friends? How can we keep the benefits of technology without risking the wrath of the gods? Or in less poetic terms, where should we direct our resources to build cyberdefenses and protect ourselves against cyberattack?
The answer of the day seems to be to make bigger and better Frankenstein monsters. In other words, to treat this as a technical problem that demands technical solutions and to take the human out of the loop. This is the answer that is and is going to be the favorite of many IT departments, software manufacturers, defense contractors, think tank wonks, and defense types. Each have their own reasons, and many of these—though not all—are well meaning. And we certainly do need to spend some resources on technology.
But where we need to start spending resources is on people.
We need to educate. This means efforts by industry to educate consumers about web tracking and targeted advertising. This means efforts by employers to educate employees about using computer systems safely at work and at home. This means efforts by schools at all levels to educate students on what is safe, and what isn’t, on the internet.
We need to make computer users more aware of cyber threats and also demystify them. Because as much as many tech professionals would like to remove the human from the system, the fact is that everything in our world is pushing more and more people onto the web more and more of the time.
If we continue to live in a world where the most common password on computer systems is “password” then we have indeed created a Frankenstein monster, or in the context of the Prometheus myth, we have found a power which we will be punished for playing with. The difference between these stories and the reality of cyberwar is that we may still have the ability to learn to stop our own destruction, if only we learn to do so.
Richard Wheeler is a Truman Security Fellow. He is a designer, a writer, and an analyst. He likes maps. He likes pictures. He likes to figure out how things work.
