Forty years ago I was part of a team at MITRE with the audacious dream that we might mathematically prove a complex algorithm was secure.
We couldn’t.
The complexities were overwhelming. And, as we continue to discover, information security is an exceedingly complex problem.
More AI isn’t going to give us a cybersecure global village. Algorithms will always be necessary but they will never be sufficient.
If we’re to effectively meet our information security and privacy challenges, it will take more than algorithms. It will take community.
I just read a very thoughtful essay by my friend Greg Satell, Why Purpose Matters, that speaks to our need to build community as we meet our information security and privacy challenges.
Satell makes the vital but very under-appreciated point that what he calls the Silicon Valley myth — that the rational logic of code can be applied to any problem — is false.
This paradigm-breaking conclusion follows, as Satell points out, from Kurt Godel’s Incompleteness Theorem. Alan Turing proves an analogous theorem in his 1936 paper On Computable Numbers, With an Application to the Entscheidungsproblem.
Godel and Turing both establish by rational logic that not all sufficiently complex problems can be solved by rational logic.
Community brings us two gifts that algorithms don’t.
First … along with community comes conversation. And with conversation comes the exchange of ideas. And as Matt Ridley so entertainingly describes in his 2010 TED talk When ideas have sex “throughout history, the engine of human progress has been the meeting and mating of ideas to make new ideas. ‘It’s not important how clever individuals are,’ he says; ‘what really matters is how smart the collective brain is.'”
Second … as Satell points out, working together for a common purpose gives ownership, it uplifts us, and fortifies our spirit. Working together … talking together … collaborating together … struggling together … building community together … co-creating solutions as we make magic happen …. it is through community that we manage our cybersecurity and privacy challenges.
There is only one way to build community. Hint: It’s not a Turing machine style algorithm, if an algorithm at all.
How we build community hearkens back to some of our earliest days as a species and is as recent as tomorrow: Leadership. That one word says it all.
Those of us who get cybersecurity and privacy in any of its myriad complexities have the opportunity to lead.
Fifteen years ago, I explored leadership and culture in a paper I titled Beyond Information Security Awareness Training: It’s Time to Change the Culture. The paper provided a set of ideas the top information security manager (the CISO) could use to help evolve (what we would now call) a cyber-resilient culture.
This is the opportunity we all have … to lead … to help the organizations with which we engage become cyber-resilient and our people become CyberGuardians.
Without leadership there is nothing. Even when formulas have changed the world, it’s only because humans made it happen. Newton’s law of gravity existed for 14 billion years before Isaac Newton changed the world we live in.
It’s up to us — those of us who understand how challenging information security and privacy are — to help the people who don’t. We need to provide them education. We need to support them. And we need to be their advocate.
And — given how scarce our resources are — we have to do it as a community … not wasting energy reinventing wheels but taking advantage of the increasing return opportunities of collaboration, cooperation, and co-creation.
So let’s build community. Let’s be leaders. Let’s work together to make protecting our collective information and privacy our shared mission. Let’s be leaders, building community at work and in our homes … everywhere there’s a person sitting at a computer.
It takes a village to secure the village! TM
– Stan
