At the Royal Court Theatre last night, the audience and I were left with
the impression that internet security is a luxury that all too few of us will
ever be able to afford.
Why?
Because we were seeing a magnificent play which charted, in the broadest
of terms, the rise of the hacktivist group Anonymous, and the fall of members
of a related group called LulzSec.
If you want to appreciate how a small group of exceptionally talented
individuals can cause havoc, when they try, or shed much-needed light on secrets
that large institutions have tried so hard to conceal, then this is the play
for you.
As Dominic Cavendish put it: “at
last, we have a play fit for the bewildering online times in which we live. Tim
Price’s Teh Internet is Serious Business (the misspelling is knowing, btw, as
is much else) takes us inside the strange world of the hacker, at once solitary
and part of a sort of surrogate family.”
And as John Nathan remarked: “crucially the show reveals how our lives,
institutions, values and laws are at the mercy of a group of talented but
unruly teens - sometimes for good, at others, for ill.”
It made me realise how much we rely on those who provide us with our own
on-line security products to go that extra mile to keep up with the very latest
advances in digital protection. It made me appreciate how much so many
organisations have relied on software developers who, because of the speed with
which they have been required to deliver products, have not been able to fully
assess all potential vulnerabilities.
And it made me think even more carefully about the motivations of those
who attempt to test to the very limits the security controls that currently
exist. These people will not necessarily do it with evil intent. They may not
even appreciate the gravity of what they are doing – until the digital locks
have been broken and much-valued secrets are secret no more.
I’m planning to attend a meeting of Parliament’s Intelligence and
Security Committee next week, to offer my views on the appropriate balance
between our individual right to privacy and our collective right to security. I
do hope that many of the Committee members manage to pop over to the Royal
Court to soak up some of the exuberance, anarchy and occasional naivety of some
of those who have such strong hactivist skills. The play is running until 25 October, so there is time, if any are so minded.
If they do see it, then they may realise that its not only the intelligence Agencies’ use
of intrusive surveillance capabilities, and the adequacy of the existing
legislative framework that governs this issue, that requires a review. What’s also
required is a more fundamental review into the consequences of a truly
interconnected world.
If I’ve learnt anything from last night, it’s the need for organisations to consider
building even more physically separate systems, rather than relying on security
to be provided primarily by means of specially designed software. Certainly, they need consider the merits of creating air gaps within their
own IT systems. Does every large organisation need to rely on a single set of
connected servers? Cyber attacks are here to stay.
Sources:
.
Posts
