Doing battle against the bad guys
“The bad guys are winning,” Tom Burt, Microsoft’s corporate vice president who leads its Customer Security & Trust team, told Kathimerini in a recent interview. This is only natural. In cybersecurity or corruption, the bad guys always win the first round. There are two reasons for this:
First, the bad guys get to act first. A disease has to break out before you can develop a cure for it. A threat appears first, then the shields against it. Corruption precedes the fight against it. No person, no organization, no state can prepare itself for every eventuality. And, even if they could, it would cost too much. In a world of finite resources, our houses are not built in a way that takes into account the – real – risk of a meteorite strike. We all prioritize our needs according to the chances of something happening.
Romantic observers often dream of a super-weapon, a super-institution, or a super-medicine that could put our worries to sleep; a Jesus Christ of sorts who conquers and scatters all evil. Too bad no such thing exists, not in cybersecurity, nor in politics, nor in everyday life. Things move gradually. First, a new disease is discovered. Then there is an effort to contain it. Through trial and error, experts come up with the optimal remedy. Until the next disease breaks out.
The romantic approach to problem solving has its downsides. It leads some people to fatalism and resignation. It cultivates a belief that no efforts are being made to address problems. But this is wrong. Efforts are constantly being made, whether it’s cybersecurity, or the institutions, or life itself. It’s just that as soon as something does happen, a new challenge crops up. History is nicely summed up in R.J. Yeatman’s witty observation in his humorous book on British history: “Every time the English tried to solve the Irish Question, the Irish changed the question.”
Here is the second advantage enjoyed by the bad guys. Their only way to survive is by being inventive. They examine the solutions given by the good guys and think of ways to bypass them. When Islamist militants failed to bring down the World Trade Center by setting off a car bomb in an underground garage, they thought of airplanes. The attack on the Twin Towers may have been anticipated in Tom Clancy’s novels, but the scenario was beyond the imagination of the typical security manager. And even if a maverick intelligence professional had warned about such a risk, no state authority would be able to impose the draconian airport measures of today if 9/11 had not taken place.
The bad guys are by nature aggressive and inventive, and this is why they win at first. The good guys, on the other hand, are defensive and all they can do is respond to the challenges posed by the former.
A final observation: In a democracy the good guys are restrained by checks and balances. According to another (not-so) romantic theory, “the state can do anything, provided it wants to.” This, however, is the premise of totalitarianism. In an Orwellian-style panopticon state where people are being monitored around the clock, the bad guys would most probably not be able to strike first. However, evil would already be dominant anyway.