HOUSE_OVERSIGHT_018337.jpg

important idea of the scientist Dan Geer to the ever more fraught relations.1*” Perhaps the US and China could work together to buy up and then publish all the zero days as they emerged, | thought.!48 Instead of the dangerous code falling into the hands of cybercriminals, Mafiosi and terrorists, the two countries could lead an effort to jointly buy any new exploit for five times what anyone else would pay - and then immediately publish what they had bought and the necessary patch. This would make the network safer for everyone. I should have known better. The US and China and other nations were (and are) buying world-class zero days. But they were never going to publish them. They were buying them fo use. Sometimes against each other. Sometimes, unnervingly, against their own citizens. And they needed to keep on buying and developing and hiding such tools on an exhausting, never-ending security treadmill because, unlike traditional weapons, which could be stockpiled to use whenever they were needed in the future, the holes of the most valuable zero-days might be patched at any moment, making a once devastating bit of malware instantly useless. And, as the systems matured and accelerated, this meant that they had to run ever faster to keep up. Which further reduced their incentive to “buy and publish” what they did have. Little surprise then that all around the IT universe in recent years, the incidence of reporting dangerous bugs has been declining, even as we know the number of known security holes is certainly growing. 149 Grab the five nearest electronic devices near you and you can be pretty sure each is vulnerable; which of course means you are vulnerable too. Not merely to the loss of your secrets, but also to perversion and control. This is the cold truth: that old hacker ethos, the one spread out so warmly on Amsterdam grass 20 years ago, the be liberal in what you accept frontier society instinct, is dead. Weird machines and normal machines, weird networks and normal ones, people made weird by technological manipulation and those who have note - they will all, inevitably, live side by side. The more essential machines become to our connected lives, the more avidly weird and hacked the networks will become. The incentive to whistle up control of the systems, and control of those of enmeshed in them, is the only thing that seems to grow faster than the system itself. Ds This vulnerability of connected systems is an important mile marker in our route towards understanding some principles of power in a connected age. “Read over and over again the campaigns of Alexander, Hannibal, Caesar, Gustavus, Turenne, Eugene and Frederick,” Napoleon wrote once. “Make them your models. This is the 147 | was thinking: Dan Geer, “Cybersecurity as Realpolitik”, speech delivered at BlackHat, August 6,2014 148 Perhaps: Joshua Cooper Ramo “Talking Cyberthreat with China”, International Herald Tribune, July 10, 2013 149 Little surprise: Linder Gayten Back to Basics p. 58 105 HOUSE_OVERSIGHT_018337