Back to main site

Tel: 01347 812150

Author Archives: Colin Williams

About Colin Williams

Colin regularly speaks, consults and writes on matters to do with Information Assurance, cyber security, business development and enterprise level software procurement, to public sector audiences and clients at home and abroad. Current areas of focus include the development of an interdisciplinary approach to Information Assurance and cyber protection; the creation and development of new forms of collaborating between Government, industry and academia; and the development of new economic and business models for IT, Information Assurance and cyber protection in the context of twenty-first century computing. In addition, Colin is working on the development of an historiographical narrative for contemporary computing, crafted through the instrumentality of an interdisciplinary approach. Colin holds a BA and an MA in history from The University of York, England and is a Fellow of the Institute of Directors. He is a member of the Information Assurance Advisory Council Community of Interest. SBL Public Sector Business Development Director and CyberTalk Editor

Of Bytes & Bunkers

Of Bytes And Bunkers

We are the experts.  The controlling minds of the institutions of the state, of society and the economy; and those who offer them sage counsel.  The technocratic elite of computing, and of cyber security. 


We are Generation X.  Our grasp of the levers of power and influence is temporary, and we have been served our notice by Generation Y.  These Millennials are impatient for control.  We have a finite and diminishing period in which to contribute to the solution of the problems of our time and so control our legacy.  Our context was forged during the Cold War.  The world we made, the time and space we lived in, and the ways in which we sought to make sense of it all were given their shape and form by a context.  A context within which we were simultaneously subjects and objects; we made it as much as it made us.


We are beginning to apprehend the enormity of the transformations of the Information Age.  Now, belatedly, we catch our first true glimpse of the gaping chasm separating us from the Millennials. We are easy prey to the collective paralysis of future shock.  The symmetry, clarity, predictability and certainties of the Cold War appear comforting.  A world of clear and certain binary choices; of absolutes of right and wrong.  Of survival or total destruction.  Bunkers of the mind are as real as those of steel and concrete.  The one the tomb of the intellect as the other was the tomb of hope.


The UK and US governments constituted the dominant protagonists in the NATO alliance, the anchor points of the economically and culturally dominant Atlantic axis, and the powerhouses of the post war development of computers.  Across the span of the Cold War, US and UK government spending in general, and defence and intelligence spending in particular, dominated and shaped computing.  The computers of the Cold War were an intrinsic and indispensable part of the existential struggle that defined the twentieth century.  These governments spent according to their established patterns, within the dominant macro-economic structures of the age, and according to the imperatives of the Cold War.


The business of computing followed the pattern of the age.  The supply chain for computers was vertically integrated.  Narrow, short and almost entirely knowable.  Little of the work went beyond the commercial boundaries of the principal players and when it did, it did not stray far.  The entire supply chain, should, and could, be mapped.  From research and development, through to specification, implementation, testing, integration, operation and disposal; the system life cycle was predictable.  The supply chain a part of the deterministic system as a whole.  The idea of a complex matrix of volatile, recursive and nested sub contracts and outsourced obligations, if it occurred at all, would have been a nightmare of apocalyptic proportions.
Of Bytes And BunkersThe vertical integration of the sort common across the military industrial complex of the Cold War has gone.  Outsourcing, globalisation, just in time disciplines, the emergence of what were once developing economies as principal actors in shifting patterns of geo-political power; have all converged to produce a supply context of bewildering complexity.  The supply cartography of our context is essentially unknowable, partly because of its intrinsic and accumulated complexity, and partly because of its volatility.  Whereas the commercial relationships of the vertically integrated constructs of the Cold War prized stability and longevity, those of the Information Age thrive on velocity.  In the Machine Age we etched company names in stone, inscribed job titles in brass plates and kiln fired enamel adverts with retail prices emblazoned in ceramic permanence.  Now, our advertising hoardings are computer monitors; facets of the cyber phenomenon.  Our Millennial staff, entangled in patterns of loyalty utterly different to ours.           


Cyber is about far more than computers and computer networks, however vast, far reaching and powerful they are.  It is about far more than the Internet; whether of information or of things.  It is about far more even than the laggardly realisation that the great interconnectedness of everything encompasses ICS and SCADA systems and, therefore, the totality of the critical infrastructure of every nation on earth.  Humanity is existentially reliant upon cyber.


Micro fabrication will, within decades, destroy, disrupt and recreate entire swathes of economic activity; whilst creating entirely new ones.  Our lack of understanding of the cyber supply chain is already scaring us and yet we only have a few years until computers will be manufactured in homes around the globe as easily as we now print off airline boarding passes.  We have only begun to experience the first tingling of what will become abject terror at the prospect of the impact on structures of warranty, indemnity and liability of a supply chain where spare and replacement parts for critical systems are locally fabricated using binaries downloaded from the Internet and so utterly devoid of provenance or attestations of fitness for purpose.


There are three established streams of our concern about the supply chain.  The first, and most acute, is that we see the supply chain itself as a source of vulnerability and risk to the operation of the critical computer systems themselves.  The whispered fear is that of malware lodged deep in silicon by a powerful nation state adversary.  A legion of cyber sleepers invisibly infiltrated in to every one of the computing devices upon which we know we depend. The hidden menace. Living undetectably amongst us, silently awaiting remote activation.  Alien invaders capable of bringing about our total destruction. 


The second is that we see the supply chain as a vector for the execution of the intention of hostile actors such as criminals and intelligence agencies.  Here the recent thefts from the Port of Antwerp stand as the exemplar.  The third is the damage sustained if the supply chain itself ceased to operate and the supply of computing technology was threatened.


In addition, there is now an emerging stream of concern about the vulnerability of the supply chain to infiltration by counterfeits and forgeries of the products of established and trusted brands.  This will mature rapidly to reciprocate and magnify the first and foremost of our concerns.


Our anxiety is amplifying, edging us closer to a ‘something must be done’ response to a sense of impending crisis.  We must now pause and ask ourselves this; to what extent is this sense of crisis borne out by evidence and analysis?  Or, from a different direction; to what extent is our sense of crisis the result of a panic reaction to a new context that we neither understand nor control?  To what extent are we victims of future shock?  Are we holding ourselves prisoner in Cold War bunkers of the mind?
There is no doubting either the complexity of our supply chains or the fact of the existence of manifest vulnerabilities.  Computers are artefacts of profound and increasing supply chain complexity.  Supply chains are atomised, fragmented, volatile, unpredictable and unknowable.  Key components are, and will continue to be, designed and manufactured across the globe.  And so in areas where those with hostile intentions towards liberal democracy can operate with greater tolerance and latitude than would be possible in the established heartlands of these democracies.  The location of assembly of the components in to a finished market ready device, is in terms of the assurance of the supply chain, irrelevant.  Assurance models predicated on the susceptibility of devices, let alone systems, to code or component level recursive analysis are, at best, redundant.


Assertions of the abstract fact of the existence of vulnerability devoid of context, data, or substantive rational argument, are as useless in generating meaningful utility as they are attractive to those with something to sell.  Even in the most benign of circumstances they are an insufficient basis for action.  In times of limited resources they can easily become the cause of costly and unproductive failures.  When the subject of concern is itself a societally critical phenomenon then the raising of defences that will inevitably reduce the beneficial effects of the thing being protected should not be lightly undertaken.  To destroy a thing in order to protect a thing is an unacceptable price to pay when we depend upon that which we defend for our very existence.


Of Bytes And BunkersAs I write this, the British Prime Minister, David Cameron, has just returned from leading a delegation of senior business leaders on a trade mission to China.  He returned for the debate in Parliament on his coalition government’s Autumn Statement.  Whilst in China, the Prime Minister faced down criticisms that he was sacrificing a commitment to human rights, asserting that he was “unapologetic” about his emphasis on the economy.  Britain, he observed, is a “trading nation[1]”, and as such, whilst “some in Europe and elsewhere see the world changing and want to shut China off behind a bamboo curtain of trade barriers.  Britain wants to tear those trade barriers down[2]”.  During his trip, the Prime Minister pressed the Chinese authorities openly for a “proper cyber dialogue” whilst at the same time choosing to highlight that “we need … to up our investment in cyber security and cyber defence” because “there is an enormous amount of work to be done[3]”.  The “Global Times”, a nationalist leaning tabloid owned by the Communist party ran an editorial arguing that “the Cameron administration should acknowledge that the UK is not a big power in the eyes of the Chinese.  It is just an old European country apt for travels and study[4]”.


These stories encapsulate much of the difficult realities of our age.  David Cameron travels toChina to bid for business.  China needs access to the economies of Europe and America if it is to continue to grow just as it holds the old world in aloof contempt.  David Cameron returns to the UK for a debate on a bill that legislates for further austerity in order to counter the effects of a financial crisis precipitated by a failure of the US and UK banking systems.  The financial crisis itself revealing that a longer term strategic shift in the axis of geo-political and macro-economic power had been underway for many decades; masked latterly by a credit fuelled boom in consumer spending.  Chinese concerns continue to invest heavily in overseas infrastructure of every sort; including the next generation of the UK’s nuclear power stations and the new high speed train system.  The Internet would simply not exist without equipment of Chinese manufacture.


China and the world of which it is a part are locked together in indivisible interdependency.  The rise of a middle class has been both predicate and consequence of the Chinese economic miracle.  The Chinese middle class enjoy less direct political and societal power and influence than their equivalents in the liberal democratic heartlands.  The key to the continued, relative, dormancy of the Chinese middle class is sustained and substantial economic growth.  Affluence a necessary palliative to the frustrations of political impotence and essential to the deflection of the middle class from the leadership of populist protests.  History teaches that an alienated and disenfranchised middle class make formidable leaders of those similarly alienated and disenfranchised elsewhere across society and that the exercise of such leadership is far more likely during periods of extended economic contraction.  The political leadership of China has no rational interest in crippling or even seriously degrading the economies of the world upon which it depends for its very survival.


There is no doubt that bad things are happening and no doubt that they will continue to happen.  Individuals, companies, social constructs and nations compete; using any and all means at their disposal.  We need to gather more evidence than we currently possess about the nature of these bad things as they are manifest in the cyber domain.  We must quantify and analyse data exfiltration rather than simply assert its, undoubted, existence.  We must contextualise our analysis and root it in the reality of the world as it is, rather than the world we once knew.  We must learn a far more nuanced way of thinking and a far more agile and responsive way of acting.  We must relinquish the use of two dimensional categories such as ‘User’, and ‘State’, and ‘Non State’.  They conceal more than they reveal; expose more than they protect.


In a minute number of cases it will be necessary to entirely internalise the cyber supply chain.  To design and manufacture the silicon wafers themselves and assemble the finished computing devices under the tightest controls possible.  To render every aspect of the process the subject of full disclosure and trusted hands.  The costs of this, in every sense, will be astronomical; unsustainable beyond the tiny portion of the overall requirement for which they will be essential.  System capability will be degraded, agility will be compromised, and any notion of a financially prudent return on investment will be laughable.  Such efforts, necessary though they will be, must be confined to the absolute minimum.  Any attempt to generalise such extreme remedial counter measures as a response to the great supply chain fear would represent an attempt at economic autarky.  History repeatedly teaches that attempts to pursue such a strategy as anything other than a narrow and exceptional response to extreme conditions is doomed to fail, often precipitating crisis worse than that which it sought to avoid.  Lessons that Kim Jong-un would do well to re-visit as he continues the practice of the Juche ideas he inherited from his father.


We must relinquish the legacy of the deterministic systems thinking that won us the Cold War and embrace instead the more subtle and less certain arts of the management of complex systems through the observation of effects and the generation of perpetual feedback cycles.  We must actively enable the core structures of our systems to depend upon continuous modification of their own states.  At the root of our fears about the vulnerabilities of the supply chain specifically, and of cyber more generally, is the apprehension that our adversaries have proven better able to exploit the true form of cyber than we have, and even less comfortably, the darker fear that the deep cause of our failure to counter the success of our adversaries is us.


The systems of the cyber domain are unimaginably complex and inextricably interconnected.  Every nation, every society, every institution of the state, every individual, our entire global civilization, depends upon this new phenomenon.  Thus arise a paradox deep at the heart of our primal fears about the security of the cyber supply chain.  Given precisely this complexity, and interconnectedness, and existential dependence; then, if the core silicon is infected, the execution of the attack will destroy those who perpetrated the atrocity just as surely as it destroys those against whom it was aimed.  Because of the atomised, fragmented and volatile nature of the modern supply chain, it is in principal possible to plant a latent attack capability at such a low level within systems that detection is indeed impossible.  However, the execution of such an attack is, literally, a zero sum game.  Or perhaps more accurately; an extinction level event.


The chaos of our cyber systems is a function of their complexity.  Both complexity and chaos are at the heart of the transformative and empowering qualities of the cyber phenomenon.   We must emerge from our deep state of shock and denial and use the very power we have come to fear.  Cyber is not amenable to command and control.  Rather it must be existed within; its effect observed and unceasingly managed.  Cyber is a transformation in human affairs of at least equal significance to that of the Neolithic Revolution, the Reformation, the Enlightenment and the Industrial Revolution; combined.  To the extent that the computer systems upon and within which cyber exists were once ours; they are no longer so.  Cyber belongs to society.  Cyber is society.  Our job is now to enable and empower the evolution of society through the development of a safer human experience of cyber.


Victory in the Cold War was a beginning; not an end.


Author: Colin Williams


[1] Quoted in the “Financial Times”, December 4th 2013, UK edition, p.3.

[2] Quoted in the “Financial Times”, December 3rd 2013, UK edition, p.2.

[3] Quoted in the “Financial Times”, December 4th 2013, UK edition, p.3.

[4] Quoted in the “Financial Times”, December 4th 2013, UK edition, p.3.

The Army of Redress Marches Again


In the early decades of a new century an established, once expensive and privileged technocratic elite found its prestige and power, if not its very means of existence, challenged by the introduction of a radical new technology that it neither understood nor controlled.  This new technology placed the power to produce directly into the hands of the hitherto unskilled.  It democratised a crucial area of economic activity, at the same time as it lowered the costs of production, at the same time as it increased productivity.  The claims to social status and the command of elevated economic privilege enjoyed by the old elite were predicated entirely on their closely guarded mastery of complex and sophisticated technology.  To use the established technology required great skill and expertise, not so the new.  The new technology enabled the unskilled to generate greater effect in less time than the skilled.


Mastery of the skill of using the old technology itself became a practice to be defended; regardless of the wider benefits to be obtained from the new, and regardless of the necessity of generating the desired effect that was supposed to have been the object of the exercise in the first place.  The old elite focused on a doomed attempt at the defence of an obsolete means of generating effect as an end in itself, rather than embrace a new and improved means of creating the effect.  They defended the way that a thing had previously been done rather than accept change.

Inexorably, inevitably, the disruptive and transformative effects of the new wave of technology destroyed the old elite who perished despite desperate, fierce and well-organised resistance.  The new technology was enthusiastically embraced by the controlling minds of the institutions of the nation, of business and of wider society who were in desperate need of innovative and enabling responses to profound and rapid transformations to macro-economic and social conditions.  These transformations were themselves wrought within a context shaped by expensive overseas wars fought against an opponent with a diametrically oppositional worldview held with a sense of revolutionary zeal and according to which human society required a radical reformation.  A context further shaped by rising food and raw material prices, spiraling national deficits, wholesale revisions to the system of taxation and a sustained period of accelerated technological innovation across the broad canvas of human affairs.  Those who mounted a futile attempt to resist the spread of the new technology, who attempted to defend their own status and to preserve obsolete machines and systems, did so at the expense of those who saw great benefit in a world reshaped by the new technology, and so were ultimately outlawed.  Some were executed whilst others were transported.


This one time technocratic elite, these defenders of an established pattern of thinking and behaving, the self-appointed guardians of the true and proper social and economic relationships between technology and humans saw themselves as the defenders of values and practices worth defending because they were good.  These were people who felt compelled to the use of force and violence by circumstances beyond their control; they were, in their eyes, legitimised in their organised and premeditated violation of the social contract because they were seeking to right a great wrong.  They were not merely defending themselves and their families from penury and starvation; they were prosecuting a moral cause.


Accordingly, these people called themselves the Army of Redress.  They crafted an archetype to stand as their leader.  A fictive construct who was as immune to capture by any of the thousands of soldiers sent to deal with the Army of Redress, as he was resistant to static definition.    They became the soldiers of General Ludd, the subjects of King Ned.   To the establishment of the day they were dangerous and violent criminals whose acts of wanton sedition were outlawed by the Frame Breaking Act of February 1812.


We have been taught to know these people as Luddites.  Their context was that of the early Industrial Revolution and the Napoleonic Wars.


Luddites have not been judged kindly by historians.  Eric Hobsbawm’s view stands as representative of the historical commonplace.  In The Age of Revolution, the first of his three-part history of the nineteenth century, Hobsbawm characterises Luddites as “simple minded labourers” who “reacted to the new system by smashing the machines they thought responsible for their troubles”.  This sense of the Luddites as mindless and unthinking enemies of technology has grown, developed, and amplified throughout our culture, and it now saturates the narrative of the human relationships with technology in general and computers in particular.


Head_ImageLuddite has become a synonym for those opposed, or unable, to accept the relentless advance of ever more sophisticated technology, and in particular computers, into every facet of every dimension of human existence.  Luddite has a deeply pejorative associative pattern of meanings.  To be a Luddite is to be one of Hobsbawm’s simple minds.  It is to be a victim of future shock, to be incapable of playing a full and meaningful part in the techno-glory of modern society.  It is to be primitive, backward, incapacitated by ignorance and an obstacle to progress; an enemy of the greater good.  Luddite has become a narrative trope, a package of integrated self-referential explicit and implicit meanings, deployed extensively in the established and emerging discourse around the nature and shape of the socio technical phenomenon we are increasingly referring to as the cyber domain.  Discursive energy, with narrative payload, is deployed in the exercise of power every bit as much as kinetic energy.  This indeed is the essence of soft power.


Luddite has also, inevitably and as a direct function of its use as a trope by the self-appointed technocratic elite of contemporary enterprise and formal computing, become a contested term within an oppositional discourse in which to espouse Luddism and to be a Luddite is to defend the human against the machine.  It is to promote the virtues of a sustainable and simple life over those of the complex and destructive matrix of modernity.  It is to be in favour; of the artisan over the industrial, the bucolic over the bureaucratic, the rural over the urban, the pastoral over the post-modern.  However, the oppositional form propagates the common sense of the trope just as it contests it.  In each of the contesting discourses, the technocratic elite are on the side of computers; the others oppose and fear them.


Located within the technocratic elite of enterprise and formal computing, We the community of Information Assurance professionals and cyber security experts, deploy the trope of Luddism as readily and unthinkingly as we deploy that of the User.  Indeed, for Us, the two tropes are closely intertwined with each other and integral to a discourse in which We possess a unique, if not secret, knowledge about how computers should work and a privileged status that enables Us to dictate how They, the Users, should interact with Our systems.  In Our discourse, the Users are subjects to the objects of Our systems and, at best, stupid if not the manifest enemy; the insider threat.  Moreover, They are ignorant of the benefits of Our technology.  They neither understand nor embrace technology, change and innovation as We do.  Driven by fear, uncertainty and doubt, they seek to defend the established pattern.  They place shortsighted self-interest above the objective necessity and manifest benefits of Progress.  Any attempt They make to resist or subvert the rules of Our systems proves to Us that They are unfit to be trusted with the control of Our systems; that They do not understand security; that they have no comprehension of the dangers that lurk in every nook and cranny and under every bed in the cyber domain.  We have deployed the trope of the User as the Other; We are defined as not Them and We control and define Them on Their behalf.


The Users however, experience a daily duality.  In the enterprise, IT is expensive, cumbersome, inhibitive, old and inefficient.  Systems designed on Their behalf render Them as subjects; and as subjects render Them subservient to rules and procedures that actively impede the achievement of Their core objectives.  As rational actors, the Users are compelled to break the rules of the system; over time rule breaking becomes not merely excusable, it becomes a rewarded and therefore a repeated behavior.  The experience of formal, enterprise IT, is in essence, appalling.  The User is told that the price and the costs (in every sense) of this experience are the inevitable, necessary and desirable consequences of a managed service and of the absolute imperatives for security.  This is how IT should be done; according to Us, We are experts and We know how to do things properly.  The consequence of Our wisdom is that in the enterprise formal computing delivers a now ancient computer, subject to zealous application of the rules of least privilege and stable state, running an unpatched, obsolete and unsupported Internet browser on top of an equally unpatched, obsolete and unsupported operating system, all in return for an annual charge per desktop of several thousands of pounds.


Informal IT is the IT of the home and of the mobile experience.  It is cheap, easy to use, powerful and liberating.  Here, They are in charge and They have embraced Their technology with a velocity and vigour that has petrified Us.  They live in a world We do not understand.  A world in which technology has become democratised.  A world in which mastery over the means of generating effect has become abstracted into insignificance compared to the generation of the effect itself.  Not for nothing does Samsung use the strap line “designed for humans” to promote the Galaxy S3.  They, the Users, have powered Apple, Android and Samsung to positions of market dominance and have, on the way, eclipsed the once uncontested economic might of Microsoft.  In an article on the 8th February 2013, the Financial Times estimated that the combined values of cash and marketable securities for Apple, Microsoft and Google were, respectively; $137.1 bn, $63.8 bn and $48.1 bn.  Samsung for their part obtained estimated revenue from the sales of smartphones and tablets in 2012 of $60 bn, an estimated increase of 100% on their 2011 sales.  Samsung shipped an estimated 400 million ‘phones in 2012.  Neither Apple nor Google nor Samsung depend upon the enterprise formal computing market.  They are the D in BYOD.  They are reshaping the world of IT in their own image because of the loving and eager embrace of Them, the User.


From within this experiential dialectic it is probable that an entirely new form of computing will, over time, emerge.


The following exemplar serves to illustrate the wider consequences of the now catastrophe of formal IT.  Since 1945, the turnout for UK general elections has been in steady decline and with it the legitimacy of the democratic mandate.  We have a paper-based voting system that is intrinsically and structurally insecure and, as recent prosecutions have evidenced, vulnerable to fraud.  Recent events in North Africa have shown that nascent democracies can, and will continue, to return results that grant democratic legitimacy to those with worldviews hostile to the liberal democratic underpinnings of the nation state.  Sooner rather than later emerging democracies will deploy the cyber domain as integral tools of the democratic process.  This will result in voting systems demonstrably and indisputably more secure than their analogue antecedents.  The claims to legitimacy and the strength of the mandate of the digital democracies will be further amplified by turnout rates that we have long ceased to even aspire to.  Regimes hostile to our way of life will be elected through democratic process manifestly more secure and more representative than ours have been for decades.


Replacing our archaic paper-based voting system with a fully digitised democracy would go a long way to countering our growing democratic deficit and the need to do so has become urgent.  The renegotiation of the Social Contract is already underway and the lead is being taken by Anonymous as they petition the US government to recognise DDoS as a legally permissible expression of the democratic right of protest in the cyber domain.  We have been tragically silent in Our response to this.  The cyber warriors of our future must be as adept at scripting narratives and counter narratives as they currently are at scripting code.  Proving that we are fit and competent to safeguard the human experience of the cyber domain means proving in practice that we can solve the problems of enabling digitised democracy.  If we fail, others will take our place.


House_ImageHitherto, the most strident voices against the introduction of digital democracy, the strongest opponents of online voting have been Us; the community of security experts.  Every attempt at innovation in this area has been met with a flurry of dire warnings and predictions of catastrophe from the assembled host of those with the expert and secret knowledge.  These same voices opposed the introduction of digitally signed and encrypted patient records in the NHS thus condemning the system to continued use of insecure and inefficient paper-based systems.  These same voices drove a culture within which police forces failed to share intelligence.


Our modes of thinking about and practicing security have become an active impediment to our ability to exploit the power of the cyber domain, at the same time as they have become an asset to the power of our adversaries to do likewise.  Moreover, We, not Them, have become the single most significant cause of adverse outcomes because we continue to insist on a systemic construct in which human behavior is marginalised and abstracted; a construct in which the human is subject and not object.  If we continue to design and implement systems knowing that rational human actors must break Our rules in order to accomplish Their equally rational and correct goals, then We, not They, bear the burden of responsibility for what then follows.  The fact that Users write passwords down is now Our fault, not Theirs.


One of the most important questions that now confronts Us is simply this: who are the real Luddites of the cyber domain?  Is it Us or is it Them?  As We fight the onslaught of BYOD, as We castigate the ignorance of the wetware, as We glory and revel in spreading fear, uncertainty and doubt, as We celebrate the power of the adversary, as We shelter behind digital Maginot Lines and hunker down in Cold War bunkers, as We defend the (long gone) world We once thought We understood and could control, as We daily witness Our elite status ebb away from Us and as We stare petrified, immobilsed and uncomprehending at the complexity and sophistication of a technological wonder We helped to create, do We not march to the comforting echoes of General Ludd’s drums?


The Army of Redress is indeed on the march again; and this time it’s Us.


Its time to rethink our kettles


“The nation that makes a great distinction between its scholars and its warriors will have its thinking done by cowards and its fighting done by fools”




(…whoever, it’s a great quote and too good to waste…)


For centuries humans boiled water in pots, and then kettles, heated from below by direct flames from fossil fuel fires. Accordingly, it made complete sense to place the handle on top of the vessel. Although this brought the hand close to the steam, it nonetheless placed the hand at the furthest point possible away from the fire. First a stick, and then a cloth, and then a curved kettle spout, could combat steam better than flame.


The first electric kettles were introduced around the start of the 1890’s. The technology of these innovative products expressed the wonders of the Industrial Revolution; the design illustrated the innate propensity of the human intellect to a certain kind of inertia. The handle stayed on top. Thus far, the earliest example I can find of an electric jug kettle is a Speedie Art Deco ceramic electric jug kettle, c. 1930.


The core of our thinking about computers, networks and security stems entirely from the Cold War and the mainframe. This world has gone and yet the handle has remained on top of the kettle. It is imperative that we start the process of a rigorous, thorough and self-critical re-examination of our own first principles. Why are definition and preservation of stable states and the rule of least privilege good security attributes? What is the empirical basis for the efficacy or otherwise of conventional perimeter defences?


We hear calls for a science of cyber security and whilst these are welcome and whilst such science is clearly necessary, we must devote serious attention to understanding what kind of science it is that we think we are asking for. Do we want the inductivism of Hume or the critical rationalism of Popper? If we do not understand the question, is the call for a science of cyber perhaps a little premature?


CyberTalk is intended to be a vehicle for the development and communication of fresh thinking about the protection and safety of the human experience of the cyber domain. It is our hope that its pages, in the corporeal and cyber domains, will be home to a series of vigorous and constructive debates. And, that these debates will enable us to take full advantage of the vast potential of the cyber domain to enable the instrumentation of human will and unleash the, as yet, untapped potential of human creativity and ingenuity. In due course, it is planned that CyberTalk will work as part of a symbiotic pair alongside a new international, multi-disciplinary and peer reviewed academic journal devoted to works of scholarship and research about the protection and safety of the human experience of the cyber domain. Ideas will be transferred between these two companion publications and insights from the very frontiers of intellectual endeavour will be made accessible to practitioners, executives and leaders across all sectors.


CyberTalk and the scholarly journal will together make a material and instrumental contribution to the development of a truly multi-disciplinary approach to our understanding of the cyber domain and they will help facilitate a much needed and sustained improvement to the safety and prosperity of society in the new domain.


CyberTalk will be one drum amongst many beating not to the echoes of history but forging the new rhythms of the Information Age.


Subscribe to our emails


SBL are a sponsor at InfoSec Manchester. Check out their post:
RT @SophosPartners: Yippee! @SBL_UK have become our first partners to complete the new Sophos Central Architect Training! 🥇 Well done, Mark…
Our Managed Security Services give you the ultimate protection for your critical data, operations, intellectual pro…
RT @nat_murray: There's a subtle change going on in the way attacks are being crafted, with cyber-criminals increasingly favouring covert o…
@kev_johnson Stop, you're making us all sad already...