R.E.S.P.E.C.T.
They’re not cybersecurity experts, but they did stay at a Holiday Inn Express last night.
Because we have no common body of knowledge from which to explore and learn from prior art, you can predict like the seasons when another cohort of professionals from other disciplines will attempt to tell us what is good for us, despite not understanding the fundamentals of information technology, or how the Internet works. Whether the idea is deterrence or arms control or any other pressing global security issue of the past 100 years, they’re free with their analogies and advice because their approaches are perfectly suited to deal with threats that are realized hourly, every day, worldwide, for the past several decades.
That’s a joke.
To be fair, their ability to fit so much tripe, trope, hyperbole, and nonsense into a single opening sentence much less an entire op-ed is a skill that has to be acknowledged. Of all the topics I have a passing familiarity with, it would probably take months before I could replicate such a feat. Of course, I would be soundly pummeled about the head and shoulders for doing so because people who actually know what they were talking about would not hesitate to point out what a bumbling neophyte I was.
Yet for some reason, when it comes to things-cyber, people from other fields feel like they can just man ‘splain their way into the discussion and expect their ideas to be treated with respect because of their credentials in an entirely different discipline. This is false authority syndrome at its worst, and for some reason we just sit there and take it.
Maybe it’s a status thing? Thinking heavy thoughts about this space is a relatively new endeavor compared to the broader study of things martial or international. We want to be effective, but we haven’t figured out how to do so without simultaneously being walked on like a hallway runner.
Maybe it’s a nerd thing? Legions of subject matter experts could point out the shortcomings of these ill-conceived ideas but are too busy actually working problems to care what people who only say polite things politely to other polite people at polite gatherings (which strangely rarely if ever invite technical experts) are saying?
Whatever the reasons may be, it is high time we started pushing back.
The resistance should start by asking every expert in political science, international relations, public policy, or other disciplines to explain exactly how their methodologies will work against cyberspace problems. Not hand-wavy answers extrapolated from the most tenuous similarities: with precision. How exactly are regimes that works for bugs, gas, or isotopes going to work for code? Go ahead, we’ll wait.
Likewise, we need to force digital dilettantes to acknowledge the corrupting power of code and its impact on behavior. It took an age before all the countries in the UN working group on cybersecurity to agree that countries should behave themselves online. A declaration that has, is, and will continue to be violated continuously by the intelligence and security organs of those same signatories. Agreeing to truly meaningful norms means agreeing to give up one of the most powerful intelligence capabilities and “weapons” platforms ever invented. No nation will agree to that with a straight face, and no nation who signs such an agreement believes any of the others will adhere to its terms. Acknowledgement of this reality delineates those serious about contributing from those advocating busy work.
Every piece of work from a professional from another field that does not have a co-author who is an expert in this field should be looked at with a jaundiced eye, and the editorial judgement of the outlet viewed askance. Electricians don’t get published in JAMA – unless of course they’re working with an MD writing about how they built a better medical mousetrap. Disseminating uncritically the work of “eminents” and “formers” gives credibility to ideas that have long since been dissected, discredited, or otherwise shown to be unworkable. Save those precious column inches for the credible and novel.
Lest frustration get the better of me, let me make it clear that the world would be a worse place without the dedication and diligence of prior generations of national and international security professionals. But just as security policy required a whole new set of expertise and thinking on August 6th, 1945, so too are we more likely to find solutions to the problems we face from people who understand the technology and the issues in context.