Читать книгу The Digital Big Bang - Phil Quade - Страница 62

The impressive performance of technology in massively improving processing power, bandwidth, and user experience across the past 50 years of the silicon revolution is widely understood as an iconic representation of the times (sometimes referenced as Moore's law for hardware, but there have also been exponential improvements in software, visualization, and the collaboration that collectively aids in pushing cyberspace capacity to new heights). Less well appreciated is the fact that changes in features, capabilities, and behaviors are driven as much or more from the bottom up as from the top down by a virtual army of entrepreneurs. The result of this and unsynchronized changes in user behaviors and software (which often lag behind or precede changes in hardware) make it almost impossible to define and impose a comprehensive and enduring description of how things behave, let alone work, in cyberspace. This can rightly be considered a feature for those who await the next marvel from their favorite technology providers, but this same attribute makes the prospect of defending the wealth and treasure held within cyberspace, and the critical systems and processes dependent on the resilience and integrity of cyberspace, a virtual tail chase. Every change to technology, software, or user behavior portends a possible tear in the fabric of security overlaying the whole. The reality of this inexorable and unsynchronized change offers a fundamental choice as to whether security will be considered as a primary or a secondary feature in the continued transformation of cyberspace. This author suggests that it must be the former and that the security implied by the services of confidentiality, integrity, and availability must be thoroughly considered when any technology, service, or capability is being designed or introduced. Moreover, security must consider all of the contributing factors, encompassing all five layers of the model. Issues of policy, law, and ethics attach to the people and geography layers, which cannot be separately defined from the middle three (technology-only) layers.

But although the challenge of securing cyberspace may be a bridge too far, it is a domain of extraordinary interest that can and must be made defensible and, in turn, actually defended and supported through the employment of means and methods both in and outside of cyberspace itself. Useful analogs may be found in other complex manmade systems, such as those employed by the aviation industry, which has, over time, introduced a system of both technology innovation and governance that fosters continued transformation and capacity generation while imposing a requirement that the security implications of each new addition be considered and thoroughly engineered up front and by design, rather than after the fact. Cyberspace would do well to emulate this approach, though the immediate problems will be that domains do not govern themselves and that the present roles and responsibilities for driving and implementing security solutions remain fractured across organizations and sectors.

As stunning as the changes wrought by cyberspace have been to date, trends suggest an even greater transformation ahead. The pace will only increase anywhere and, increasingly, everywhere on the planet. And while the cyberspace domain can and must continue to be an engine of innovation and a means of global collaboration in support of private or public interests, the opportunities afforded by these trends must be accompanied by the exercise of responsibility across engineering, operations, and governance in fair measure to the value that is derived from, stored in, and leveraged from cyberspace.