Originally published on Tripwire, August 13, 2017
Previously, I proposed that security and economy are inextricably linked and that such a link has the potential to increase both national and personal prosperity. If you are a student of history, I do not believe you will have any difficulty accepting this hypothesis, particularly when you put aside any consideration of cultural and societal issues or constructs.
A sovereign entity can potentially achieve national prosperity through security and economy, but that construct may not be tenable over time. Therefore, how prosperity is achieved is where it gets tricky. Why? Because people see the world in different ways and people want to live their lives differently.
Some Wounds Cannot Be Easily Healed
My hypothesis is relatively straight forward: all technological solutions to a cybersecurity problem that do not center on the human dimension or consider human decision-making are bound to fail. The hypothesis is set by this idea: human needs and wants, not technology, define interests, and many of these interests are in conflict or are even irreconcilable.
To illustrate a potential irreconcilable decision, I point to a quote from Shimon Peres: “If a problem has no solution, it may not be a problem, but a fact, not to be solved, but to be coped with over time.”
I believe you can make a strong case that the “cyber problem” is in fact not a problem, but – as Shimon Peres says – a fact not to be solved but to be coped with over time. Why so?
When we take into account the human dimension of the cyber “problem,” we very quickly reach possible irreconcilable positions. To negate the human dimension, people actually need to buy into technologism, which asserts that technology is capable of shaping or improve human society.
Therefore, let us characterize the “cyber problem” in a way Shimon Peres may have if we are to use his quote: the human-technology cyber conflict cannot be solved, but instead is a fact not to be solved but to be coped with over time.
It is for this exact reason why I have been saying for years: if your cybersecurity solutions are eliminating or discounting the human dimension, you may just as well be spending your time on ideas that are incredibly expensive, get you strange looks, and could just be making the situation worse.
So, we now have some indication that the cybersecurity problem is not a problem but a “cybersecurity fact” that we need to deal with. In other words, it is a management problem that is influenced by interests and decided by humans.