There’s a problem at the core of the digital revolution: getting our heads around the nature of the challenge. The term ‘cyber’, in particular, has become associated with the dark side of security and technology. And solutions—aimed at keeping us safe—have typically focused on finding either a technological ‘fix’ or a new pattern of government regulation to minimise those dangers.
But cyberspace isn’t invariably dark. The Oxford dictionary defines cyber (an adjective, not a noun) as ‘relating to or characteristic of the culture of computers, information technology, and virtual reality’. That definition isn’t meant to offer the reader false comfort. Indeed, it suggests that the challenges of cyberspace are broader and deeper than we often think.
In Darwin’s dangerous idea, American philosopher Daniel Dennett describes evolution as a universal acid. A universal acid ‘is a liquid so corrosive it will eat through anything’. Dennett argues that Darwin’s idea—evolution by natural selection—is so powerful that it eats through just about every traditional concept and ‘leaves in its wake a revolutionised world-view’.
Cyber has a similar effect: it goes beyond the technology ‘stack’ that extends from web applications all the way down to applications, operating systems and networks. Because cyber is an inherently human and social activity, its effects can be felt in all aspects of our lives.
We can describe society using Stewart Brand’s concept of pace layering. Activities are stacked in layers, with slower layers supporting faster layers. Fashion and art, for instance, are supported by commerce, which in turn is supported by infrastructure, governance, culture and nature. As Brand states:
Fast learns, slow remembers. Fast proposes, slow disposes. Fast is discontinuous, slow is continuous. Fast and small instructs slow and big by accrued innovation and by occasional revolution. Slow and big controls small and fast by constraint and constancy. Fast gets all our attention, slow has all the power.
Adapting Brand’s model to the cyber world, the relevant layers can be parsed as follows, from fast to slow:
- interaction— the interface layer: machine to machine, social media, human daily chat
- commerce—the application layer: business to business, our workaday world
- politics— the operating system of society: interactions between nation states
- infrastructure—effectively the network layer: energy, communications, space
- governance—the system administration layer: institutions, the social contract
- culture—the system purpose layer: the differing sets of values and ideologies underpinning the global system
- civilisation—the human state on the planet.
That cyber is a universal acid becomes apparent in the corrosive effects of malware, system flaws and vulnerabilities, and data breaches on the level of trust within the different layers of the cyber world. Cyber challenges aren’t confined to the upper, faster layers—the corrosive effects spiral down into the deeper, slower layers, the layers with ‘all the power’. Add to the mix such vulnerabilities and weaknesses when applied to autonomous systems, and the potential for deep wounds to the system of the world become apparent.
However confronting, this framing does help us think about how we might resolve cyber problems within a system-of-systems setting—and potentially more successfully than we have managed thus far.
For example, applying the same approaches to fast-changing behaviours and to slow-moving layers will cause shear and break the overall system. Similarly, slow-moving interventions—such as legislation—will be overtaken by fast technological change, if the law-making process isn’t already overloaded with faster changing expectations. And the demands of human needs—personal liberties and security, economic activity and national security needs—all continue to occur with their own natural rhythms.
Cyber as a universal acid disrupts the balance between fast and slow: there will be corrosion within layers and bleeding between layers. Commerce and the realisation of economic outcomes becomes less assured, affecting politics and the exercise of power and influence. In turn, less attention is paid to sustaining and improving infrastructure, on which faster layers depend, increasing their vulnerability to attack. Trust—which must be earned and continually refreshed—in our institutions diminishes, eroding the social contract between government and society.
In short, to address cyber issues, we need fewer blunt instruments such as legislative, system-wide interventions that aren’t sensitive to the differing temporal behaviours within systems. Instead, we need more adaptive, targeted instruments attuned to the disparate and changing nature of the system. For example, ‘speed bumps’ used to moderate high-frequency trading—a fast-moving behaviour—could also be used to mitigate high-speed infections of networks. Interventions would also depend on the business model: potentially short-lived start-ups have fewer resources and less value than established platforms (including infrastructure on which others build). And we need to pay attention to strengthening, not merely protecting, the separate layers—including the deep layer of values and culture—so that we build resilience in individuals, organisations and society.