Blog post Security is a Dynamic Process by Rob van Kranenburg

Security is a dynamic process. In a way it cannot exist as there is no secure default position. Things shift all the time. Insecurities is not a bug, but a feature. In internet terms the protocol itself – tcp-ip – was built like a virus. It simply says pass on the packet and is not asking where are you from or where are you going? It just connects. Real life also distributes insecurity, you are never really secure, or safe as anything can happen, and when it does, we often call it a ’freak’ accident, as if it was not supposed to happen but somehow magically did.

Any security investigation never becomes, as Boris Eikhenbaum said, “a trip to a known destination with a ticket purchased well in advance.”[i][1]

The story of the Fukeshu is the story of the mask.[2]

These Ronin, samurai without masters, got permission to travel, collect alms and play the flute. In return they briefed the Shogun as they overheard conversations. They claimed to be from China as a sect, papers got burned they said. For slightly less than a decade they stayed in lodgings next to a Temple. People thought they belonged to it. What you see is what you get: a mask. But behind the mask lies another and another and another, and in the end, we find people making up a story.

As you are trying to penetrate each and every mask you fail to realize that its very origin is a falsification.

The German philosopher Carl Schmitt defined the ‘Absolute Feind’ as ‘die eigene Frage als Gestalt’. Our absolute enemy then is the very situation we try to achieve: a cybernetic Matrix. We know that we cannot continue decision making as we do in a connected world, yet to keep a structural view on society we cannot but pursue a course that will leave us exposed as humans (privacy) and as political systems (security). Carl Schmitt then defines the ‘Wirkliche Feind’ as the actual issues that we can concretely tackle.

We must remember that solving them or not makes no real difference as we always solve the concrete instantiations of the old (current) system, thus any action is ineffective without a holistic perspective. But these actions must be seen to be carried out as stakeholders in society – citizens, industry, politicians, believe that solving these is what constitutes potential success in transitioning.

The difference between these perceived solutions to real problems and the awareness that the entire system may be compromised can be described in terms of hegemony. Gramsci’s notion of hegemony means that in between forced consent and active dissent we find passive consent, that cultural change precedes political change, and that changes must connect to an audience that is ready to respond. As Gramsci notes, “the supremacy of a social group manifests itself in two ways, as ‘domination’ and as ‘intellectual and moral leadership’. A social group dominates antagonistic groups, which it tends to ‘liquidate’, or to subjugate perhaps even by armed force; it leads kindred and allied groups. A social group can, and indeed must, already exercise ‘leadership’ [hegemony] before winning governmental power.

The same reasoning applies to the technical domain, cultural changes precede technological understanding. First a mental image of what is possible, of what is desirable must form before it can take root in the imaginary of the technical.

So what does that mean for cybersecurity? It means that the various scorecards available, of Software Component Analysis and Cybersecurity Risk must be matched by a holistic view on all verticals and dynamic perspective acknowledging that the threat can be external, internal or in the very system design.

Quotes:

[1] Quotes are from Yuri Tynianov, Permanent Evolution: Collected Essays on Literature, Theory and Film

Translated and Edited by Ainsley Morse and Philip Redko

[1] http://org.noemalab.eu/sections/ideas/ideas_articles/kranenburg_rules_of_inno_2.html

The adequate temporary definition of the Absolute and real enemy (Schmitt) (a condition of resources and capabilities)

Introducing Oscar

Beyls, Peter

Skip other details (including permanent urls, DOI, citation information)

Volume 1988, 1988

Permalink: http://hdl.handle.net/2027/spo.bbp2372.1988.024

[1] B. M. Eikhenbaum, Lev Tolstoi: Issledovaniia. Stat’i. (St. Petersburg: Fakul’tet filologii i iskusstv Sankt-Peterburgskogo Gosudarstvennogo Universiteta, 2009), 149. The text is dated July 14, 1928.

Rob van Kranenburg (CIO) Chief Innovation Officer of asvin

Founder of IoT Council, the most prominent independent IoT thinktank
and Creator of the yearly IoT Day

Rob is globally considered one of the most influential thought-leaders in IoT, renowned for his keynote talks on various topics in the industry. Rob paves the way for more robust, secure devices within the IoT and IIoT ecosystems and is in the Top 100 #IOT Influencers list and the Top 10 of IIoT Influencers to watch in 2022. Additionally, in 2019 he was listed by Telensa as one of the 100 most important influencers for the Smart City.