{"id":70490,"date":"2022-02-16T06:00:31","date_gmt":"2022-02-15T19:00:31","guid":{"rendered":"https:\/\/www.aspistrategist.ru\/?p=70490"},"modified":"2022-02-15T16:50:55","modified_gmt":"2022-02-15T05:50:55","slug":"the-dangers-of-a-zero-trust-digital-world","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/","title":{"rendered":"The dangers of a \u2018zero trust\u2019 digital world"},"content":{"rendered":"<figure><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-70493 size-full\" src=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg\" alt=\"\" width=\"634\" height=\"450\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg 634w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776-205x146.jpg 205w\" sizes=\"(max-width: 634px) 100vw, 634px\" \/><\/figure>\n<p>In the early days of cybersecurity, organisations adopted the model of Berlin during the Cold War: a wall high enough to prevent unwanted border crossings and a Checkpoint Charlie to regulate the rest.<\/p>\n<p>But the physical world doesn\u2019t map easily onto the digital. Perimeter-based approaches fail in an ever-shifting network of highly interconnected systems, where even physical disconnection does not suffice for separation, given wi-fi, Bluetooth and other electromagnetic phenomena. And because software is ever changing\u2014that\u2019s one of its strengths\u2014digital systems are never complete or fully known. That means static structures and single solutions, such as walls and checkpoints, generally fail to prevent evolving threats.<\/p>\n<p>So, cybersecurity thinking has adapted to the reality of constantly shifting, often unknowable systems, replete with continual interactions and adjustments between users, technology, data and the environment. Since 2010, the favoured approach to this perpetual state of insecurity\u2014<a href=\"https:\/\/media.paloaltonetworks.com\/documents\/Forrester-No-More-Chewy-Centers.pdf\" target=\"_blank\" rel=\"noopener\">to harden the \u2018chewy centre\u2019 of information systems<\/a>\u2014is \u2018zero trust\u2019.<\/p>\n<p>Zero trust acknowledges that malware and intruders may penetrate barriers and checkpoints. Every packet of data moving into, out of and within organisational systems is regarded with suspicion. Nor is it just about the technology. Core to its premise is that users cannot be trusted. User access is hard; once granted, it\u2019s limited typically to \u2018least privileged\u2019 role-based permissions, and user behaviour is monitored to identify aberrant patterns.<\/p>\n<p>Zero trust is neither a cheap nor a quick fix. The considerable setup, operational and compliance costs are most often justified by the prospective or realised costs of a breach, data loss or ransomware attack.<\/p>\n<p>In zero-trust environments, nothing is trusted. In the words of <a href=\"https:\/\/ieeexplore.ieee.org\/document\/9206246\" target=\"_blank\" rel=\"noopener\">one cybersecurity executive<\/a>, \u2018Trust is a vulnerability and, like all vulnerabilities, should be eliminated.\u2019 The premise of zero trust, after all, is not limited by boundaries or platforms, but seeps, stepwise, to include partners, supply chains and regulatory systems.<\/p>\n<p>As governments struggle to meet the challenges of fast-changing technological disruption, a growing plethora of threats to stability and an increasingly precarious geopolitical environment, all exacerbated by an ongoing pandemic, there\u2019s a temptation to latch onto concepts that promise control and certainty. Security and safety often trump other arguments in policy debates, especially as politics becomes partisan. As such, the ideas that motivate zero-trust approaches, facilitated by digital technology, appeal more and more.<\/p>\n<p>But that path leads ever down into darkness. Considerable dangers exist in extending approaches that may suit digital needs within contained environments to the broader spheres of social, political and economic life.<\/p>\n<p>There\u2019s the question of fit. Digital systems are particularly parsimonious. That may sound odd, given the apparent tangle of modern technological systems and their ubiquity. But as the American political scientist <a href=\"https:\/\/mitpress.mit.edu\/books\/sciences-artificial\" target=\"_blank\" rel=\"noopener\">Herbert A. Simon<\/a> demonstrated, it\u2019s impossible for an artificial system to replicate the real world; they are always incomplete representations.<\/p>\n<p>Moreover, digital systems are fundamentally unlike social systems. Not only do they lack the richness, multiplicity and ambiguity that characterise human relations, but <a href=\"https:\/\/arxiv.org\/abs\/cond-mat\/0305612\" target=\"_blank\" rel=\"noopener\">their underlying network structure and behaviours differ<\/a>. Applying misaligned and overly rigid order through a zero-trust approach to social systems would force disassociation within those systems: <a href=\"http:\/\/www.sustasis.net\/ACINAT.html\" target=\"_blank\" rel=\"noopener\">\u2018they will cut our life within to pieces\u2019<\/a>.<\/p>\n<p>Then there\u2019s the question of cost. Beyond establishing the necessary surveillance infrastructure, the costs include the burden on and erosion of human relationships, culture and practice. It\u2019s not simply the extra time and effort needed to negotiate internal rules and boundaries imposed by others; the lack of privacy inevitably generates self-censorship, an unwillingness to participate or debate, and an avoidance of risky ideas or ventures. A zero-trust culture valorises control\u2014at the cost of efficiency, effectiveness, innovation, creativity and contestability.<\/p>\n<p>There\u2019s also the question of power. Technological design and operation comprise a series of choices\u2014purpose, costs, compromises and privileges. Those making design and operational decisions, typically hidden from scrutiny, exert a tremendous amount of power through access control, surveillance and defining acceptable behaviour. Rights once assumed\u2014privacy, freedom of expression, intellectual property, increasingly identity and avenues for redress\u2014are eroded or lost.<\/p>\n<p>Zero trust embeds and deepens an imbalance of power in favour of the few over the many. Zero-trust systems are not democratic systems: they are inherently authoritarian, even totalitarian, in nature.<\/p>\n<p>And there\u2019s the rub: our society is fundamentally based on trust. To imagine a zero-trust social order, think not Cold War West Berlin, but a supercharged Stasi-run East Germany, where every individual, device and interaction is continuously tracked, interrogated and measured against a profile set by a data-enabled intelligence apparatus.<\/p>\n<p>There are strong national security reasons for containing the damage that untrustworthy technologies can wreak on our society. But there are stronger reasons to ensure that security doesn\u2019t come at the cost of weakening societal fabric, crippling innovative or productive capacity, or damming the wellsprings of democracy.<\/p>\n<p>Zero trust is the latest effort to tame the inherently wicked problem of cybersecurity; there will be others. Nobler concepts are needed by the public, policymakers and even security experts to ensure a healthy, resilient civil society. It\u2019s now, as authoritarian states engage in <a href=\"https:\/\/www.npr.org\/2022\/02\/06\/1078432575\/beijing-and-moscow-unite-in-efforts-to-redefine-democracy-itself\" target=\"_blank\" rel=\"noopener\">wordplay<\/a>, <a href=\"https:\/\/cepa.org\/jabbed-in-the-back-mapping-russian-and-chinese-information-operations-during-covid-19\/\" target=\"_blank\" rel=\"noopener\">disinformation<\/a> and <a href=\"https:\/\/www.aspistrategist.ru\/chinas-global-hybrid-war\/\" target=\"_blank\" rel=\"noopener\">lawfare<\/a>, that trust matters most.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In the early days of cybersecurity, organisations adopted the model of Berlin during the Cold War: a wall high enough to prevent unwanted border crossings and a Checkpoint Charlie to regulate the rest. But the &#8230;<\/p>\n","protected":false},"author":861,"featured_media":70493,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,2138,332],"class_list":["post-70490","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cybersecurity","tag-technology"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The dangers of a \u2018zero trust\u2019 digital world | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The dangers of a \u2018zero trust\u2019 digital world | The Strategist\" \/>\n<meta property=\"og:description\" content=\"In the early days of cybersecurity, organisations adopted the model of Berlin during the Cold War: a wall high enough to prevent unwanted border crossings and a Checkpoint Charlie to regulate the rest. But the ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-15T19:00:31+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-02-15T05:50:55+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"634\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Lesley Seebeck\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Lesley Seebeck\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg\",\"width\":634,\"height\":450},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/\",\"name\":\"The dangers of a \u2018zero trust\u2019 digital world | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#primaryimage\"},\"datePublished\":\"2022-02-15T19:00:31+00:00\",\"dateModified\":\"2022-02-15T05:50:55+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/234257d47cdae20040ac334973efd4d4\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The dangers of a \u2018zero trust\u2019 digital world\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/234257d47cdae20040ac334973efd4d4\",\"name\":\"Lesley Seebeck\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/f091ef55cb0dfe06e4e0cb2511a3fb7b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/f091ef55cb0dfe06e4e0cb2511a3fb7b?s=96&d=mm&r=g\",\"caption\":\"Lesley Seebeck\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/lesley-seebeck\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The dangers of a \u2018zero trust\u2019 digital world | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/","og_locale":"en_US","og_type":"article","og_title":"The dangers of a \u2018zero trust\u2019 digital world | The Strategist","og_description":"In the early days of cybersecurity, organisations adopted the model of Berlin during the Cold War: a wall high enough to prevent unwanted border crossings and a Checkpoint Charlie to regulate the rest. But the ...","og_url":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2022-02-15T19:00:31+00:00","article_modified_time":"2022-02-15T05:50:55+00:00","og_image":[{"width":634,"height":450,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg","type":"image\/jpeg"}],"author":"Lesley Seebeck","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Lesley Seebeck","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2022\/02\/48073243082_2b79fe7a8d_c-e1644904174776.jpg","width":634,"height":450},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/","url":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/","name":"The dangers of a \u2018zero trust\u2019 digital world | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#primaryimage"},"datePublished":"2022-02-15T19:00:31+00:00","dateModified":"2022-02-15T05:50:55+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/234257d47cdae20040ac334973efd4d4"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/the-dangers-of-a-zero-trust-digital-world\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"The dangers of a \u2018zero trust\u2019 digital world"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/234257d47cdae20040ac334973efd4d4","name":"Lesley Seebeck","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f091ef55cb0dfe06e4e0cb2511a3fb7b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f091ef55cb0dfe06e4e0cb2511a3fb7b?s=96&d=mm&r=g","caption":"Lesley Seebeck"},"url":"https:\/\/www.aspistrategist.ru\/author\/lesley-seebeck\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/70490"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/861"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=70490"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/70490\/revisions"}],"predecessor-version":[{"id":70494,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/70490\/revisions\/70494"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/70493"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=70490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=70490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=70490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}