Illuminating Signposts and Guidelines for a More Secure Internet



Last month Farsight Security CEO Dr. Paul Vixie addressed the UK Cyber 9/12 Strategy Challenge attendees via keynote as well as by letter. The UK Cyber 9/12 Strategy Challenge is designed to identify and foster the next generation of policy and strategy leaders for the cybersecurity challenges of the future. Hosted by the Atlantic Council’s Cyber Statecraft Initiative, the Cyber 9/12 Strategy Challenge is a global cyberpolicy and strategy competition. We are re-publishing Dr. Vixie's inspirational letter below.

You're here because you want to live and work at the intersection of modern digital technology and the global digital economy, and it's my honour to meet you in this virtual way and to speed you on your journey. I'm going to share with you the signposts and guidelines I've developed for my own life and career, which I hope will save you some effort in developing your own.

Everything was safer before we had an Internet. This isn't so much the Internet's fault as it is our fault – the world rarely builds anything better than it has to be, and before everything was connected and thus reachable by everybody everywhere, security wasn't all that important. Unfortunately, we didn't panic when the Internet came along, we didn't say “wait, wait, let's make this stuff safe before we subject it to attacks around the clock from around the world.” This was the fuel for our modern digital world: ruled by the strongest, let everybody beware.

Much was understood by many before we digitized everything and connected it to a worldwide global network. Most devices were mostly mechanical or at least non-reprogrammable, and could be studied to find out how they worked or why they failed. The sea change from then to now was the magnitude of complexity of even the most trivial of today's devices. Complexity leads to abstraction and layering, in which a design team's supply chain is a series of tubes and black boxes created by other design teams from other places and other times. Little today is understood by most, and nothing is understood in its entirety. This was the catalyst for our modern digital world: unstable and mysterious.

Human nature has not improved to help us live in these times. Most of us are still lazy and prone to self-deception, building nothing better than it has to be, avoiding uncomfortable realizations, taking the easy way out. For most of us, this means surrendering our lived privacy and autonomy to devices and unreal persons (corporations) we only barely comprehend; for some of us, this means perverting and abusing modern technologies to extract or convert or steal value we cannot create, to plunder and pillage the value created by others so that they have to work for our purposes and regardless of their will. This was the lit match for our modern digital world that continuously detonates norms such as the practical effects once brought by the rule of law.

It is vital for humanity's future that every generation say of something tolerated by their forebears, “that's enough, we'll have no more of it.” For us, this must begin with intolerance for self-deception, both of our own and as we encounter it. We've got to recognize and choose to cope with the fragility and weakness of the global economy, we've got to call complexity a risk and build simpler and better technologies rather than merely adding more layers and more complexity to solve today's problems at the expense of making tomorrow's problems less tractable. We've got to reestablish the norms of privacy, autonomy, freedom, and, yes, justice in the lives of all now living and many yet unborn.

We won't get this done with the help of science and technology alone. A true renaissance woman (or man) has one foot in the past and one in the future and yet acts in the present, and must be at least a well-studied amateur in the so-called humanities such as history, philosophy, economics, psychology, art, and communications. These mix surprisingly well with the disciplines of physics, math, engineering, including computer hardware and software, systems, and distributed systems, which map to the challenges most digital technologists will encounter. Digital security as a field will stressfully demand every one of those skills.

And that, in my view, is why you're here. I'd say good luck, if I thought this competition's outcome was in some way non-deterministic. Rational self-confidence is called for – remember how you got here! – and, no matter what the outcome, make sure that outcome improves you.

Dr. Paul Vixie is the Chairman, CEO and Cofounder of Farsight Security, Inc..