We have science fiction author William Gibson to thank for the term “cybersecurity,” and he’s not happy about it.
“All I knew about the word ‘cyberspace’ when I coined it, was that it seemed like an effective buzzword. It seemed evocative and essentially meaningless. It was suggestive of something, but had no real semantic meaning, even for me, as I saw it emerge on the page,” Gibson says with some chagrin in the 2000 documentary “No Maps for These Territories.”
Meaningless as it may have been, the “effective buzzword” turned out to be an understatement as the term – and all the other terms that would be derived from it – came to dominate pop culture references to the explosion of connectivity the Internet offered.
“Cybersecurity” is among the most common of the terms derived from it, and it would become imbued with a meaning all its own, while still evoking images of the lawless frontiers of Gibson’s Matrix …
“A graphic representation of data abstracted from the banks of every computer in the human system…”
Gibson foreshadowed the rise of the Internet and accurately predicted that in a world where all that information was accessible online, crime would inevitably follow.
After Cybercrime Came Cybersecurity: White Hats of the New Frontier
Today, everything from bank heists to child abuse to slavery to terrorism occur via cyberspace. And entirely new types of crimes are emerging unique to the realm of cyberspace– crimes like denial of service (DoS) attacks.
In the near future, hostile takeover of drones, industrial robots, and other mechanical devices in the real world may also become a frightening reality as networks expand and criminals and terrorists adapt.
Cybersecurity is the specialty field of information technology (IT) that has emerged in an effort to curb, prosecute, and defend against such crimes.
The skill set required to succeed in cybersecurity is an unusual brew:
- The ability to understand programming logic and systems behavior and extrapolate unexpected conditions from those givens
- Empathy and social skills to understand the predilections of common users
- Old fashioned street smarts of a beat cop anticipating criminal tendencies
Today, cybersecurity professionals work to guard information systems against both crime and mischief, designing and securing both software and hardware for standalone and interconnected systems to ensure their integrity and continuity.
On the new frontier, cybersecurity analysts, engineers, auditors, and administrators represent the town marshal and fire brigade. This metaphor has long since leaked over into common usage with ethical computer security specialists commonly known as “white hats” in IT vernacular.
How Cybersecurity Professionals are Policing the Information Highway
Rather than putting up barbed wire fences, white hat cybersecurity professionals install firewalls; instead of dusting for fingerprints, they pore through log files looking for attack signatures matching known hacking tools.
On any given day, a cybersecurity expert somewhere is:
- Reviewing recovered virus code for tics that might reveal the author
- Looking over server farms, checking for ways that hackers could gain physical access to machines hosting the contents of a million Internet websites
- Searching the airwaves around offices, seeking unauthorized wireless signals or inadvertently open security camera broadcasts
- Probing business processes for gaps where intentional subversion or accidental omission could shut down entire systems or delete swaths of data without backups
- Imagining the million ways a user could lose a critical thumb drive, pick a bad password, or open the wrong email, and devising protections for those eventualities
Promoting Security in a Neighborhood Built Without Locking Doors
Cyberspace has proven difficult to secure because the methods by which it can be exploited aren’t very intuitive to most users, and even to many IT professionals. The Internet was borne out of the small community of academia, and like many small towns, there was no reason to lock the doors. Consequently, many of the doors were built without locks at all. Fact is, an inherently insecure infrastructure undergirds the modern Internet, creating constant challenges for cybersecurity teams.
If that weren’t bad enough, programs (the code behind everything that happens on a computer) are complex structures—thousands and millions of lines of code—that behave in ways that cannot be completely and accurately predicted. When two or more programs interact (as they do every time a web browser connects to a web server), the uncertainty climbs. This means they will have bugs, and bugs will lead to security holes.
TMI – Even When We Don’t Mean To
Social aspects of online interactions also provide us with a false sense of security and make us feel like we can let our guard down on the Internet in ways we never would in the real world. The reality is that it’s not always clear to us in what ways seemingly trivial pieces of information that we release separately and innocently may be combined later to do damage.
This can result in a phenomena known as “doxing,” in which hackers ferret out personal details from multiple sources to identify a supposedly anonymous online user in the real world, often connecting them with addresses and phone numbers.
When Cybercrime Spills Out of the Internet and Into the Real World
Increasingly, cybersecurity is really just “security” and vice versa. As more and more products we use everyday come equipped with processors and networking capability (the so-called “Internet of Things”), the essential safety that things like fences, locked doors, and safes once gave us must now be offered through hardened, secure information systems.
Still, many of those systems remain vulnerable in the real world. We don’t always think about it, but direct access to machines allows virtually all electronic safeguards to be bypassed. No password, no matter how complex, can secure a device against keylogger hardware. The easiest way in is always through the front door.
The role of today’s cybersecurity specialists spans both physical and electronic access to information systems. They are responsible for designing secure hardware and software systems, as well as the processes for using them. Since the most insecure link in almost every system is the operator, education and training are a big part of what cybsecurity professionals in every field do.
Cybersecurity professionals also play an important part in picking up the pieces and figuring out what went wrong when security fails. Digital forensics help determine where and how a breach occurred, and can provide valuable evidence for tracing, catching, and punishing the perpetrators of cybercrime.
Complexity and Ubiquity Lead to Enormous Demand for Cybersecurity Professionals
The proliferation of networked devices in daily life is extending the vulnerability of cybercrime into new and untested realms. Not only do people conduct more of their business online than ever (approaching 90 percent of the population of the United States), but “online” is coming into places that people still think of as being safely “offline.”
In 2014, Xbox One owners were astonished to find that their machines were remotely activated during a commercial playing on their televisions– a commercial for Xbox One. The actor in the ad gave the command, which then turned the device on in living rooms across the country.
Nothing malicious occurred, but a potential avenue for attack was revealed. In a similar incident that took place during Super Bowl XXXVIIII when the Amazon Echo was activated for hundreds of home users upon hearing Alex Baldwin’s voice in ad for the product.
Too often, convenience comes first for programmers, consumers, and device manufacturers. Cybersecurity professionals are left to clean up the unintended consequences.
There are a lot of consequences out there to be cleaned up.
According to a January 2016 article in Forbes magazine, there will be more than million cybersecurity job openings in 2016. More than 200,000 of those jobs remained unfilled, with job postings up nearly 75 percent over five years. The industry itself is projected to grow from $75 billion in 2015 to $170 billion by 2020.