How nice it is when experts are not only smart, but also empathetic! In these weeks in the early summer of 2023, when AI is suddenly on everyone’s lips and dollar signs are in everyone’s eyes, Rob adds a lost commodity to the shopping basket of vanities: trust. And with it a skill that may seem economically inappropriate to many, but would be needed by all. In the new episode of his Resources, Rob shows why trust and personal friendships are becoming increasingly important in the age of AI.

To justify this admittedly steep thesis, Rob van Kranenburg provides a little derivation: When the internet came of age and was hurled out of well-meaning reverie into economic reality, many of the early players rubbed their eyes. They realised that IT, communication, society and commerce are inextricably linked and that rules are needed for every interaction. Interestingly, this change in awareness was most evident in the example of cyber security: it was suddenly political. If it was initially accepted that the TCP/IP protocol, which overlaid the information sphere, was based on a routing method that favoured speed over security when passing information packets, suddenly regulation was required.

Because with TCP/IP, every endpoint became potentially vulnerable and mission-critical. And as the information sphere spread from computers to the Internet of Things and thus to essential services such as energy, connectivity or industrial supply, the situation became more acute. It became clear that the authorities had to intervene to protect the model of democracy itself. The institutions of democracy do not work if they are freely accessible to all. Actors need to qualify. And they need temporary autonomous zones where decision-making can be negotiated and positions bluntly stated in a relatively closed environment. Without such zones, trust cannot be built between participants in decision-making processes.

At the communicative level, this means that participants meet according to the Chatham House Rules. They originate from the Royal Institute of International Affairs in London, also known as “Chatham House”, and regulate the disclosure of the contents of confidential conversations to third parties. The rules serve to ensure the anonymity of interlocutors. When conversations or conferences take place under this rule, participants are allowed to share the content but are prohibited from revealing the identities of participants, speakers or interlocutors. They were introduced to allow “free discussion” and to ensure that all participants are allowed to express their opinions without possible consequences for themselves or their company.

And this is where trust and friendship finally come into play. They were explicitly practised at the recent “Cyber Agora Conference” organised by Microsoft, an inclusive multi-stakeholder initiative for a digital Europe. Trust and the relationships based on it were not only the method but also the topic and outcome of the discussions there.

The most important insight of the conference: cyber security has never been as political as it is today. And it has never described fields of action so clearly. This results in three situational options that are more tense, topical and urgent than ever before:

  • the relationship and balance between private and public actors
  • the distinction between friend and foe
  • the distinction between fact and fiction.

Each of these points represents a complex situation that is dynamic, constantly changing and cannot be resolved in a general way. A separate assessment must be made for each practical and real event. How politics, separation of powers and democracy survive an increasingly digitalised world depends on the approach taken and the resolutions, agreements or outcomes reached.

  • the relationship and balance between private and public actors

The first question we need to ask is: How is it feasible that private and public cybersecurity and cyberwarfare capabilities are equal in 2023? Before the internet, communication capabilities were in the hands of the (national) public sector, and private actors provided material such as ammunition, weapons and transport, but strategic information and tactical intelligence were entirely in the hands of public actors. The first private actors on the Internet gained enormous insights into its functioning as it increasingly encompassed all public agencies and responsibilities. Of course, they have different goals. Corporations seek to optimise profits, listen and care about their shareholders. Governments care about their citizens and the general interest of optimising the quality of life. This makes their relationship with each other always complex and tense.

Since the internet emerged in the 1980s, there have been many wars and cyberwarfare operations, and there have been many covert public and private collaborations. But if there is one thing we have learned from this year’s Cyber Agora, it is this: That the war in Ukraine has drastically changed the relationship between governments, citizens and businesses. Here is an excerpt from a publication by the Centre for grand strategy at Kings College, London:

“Private sector engagement in cyberspace has also been crucial since the invasion. Just hours before the invasion began, Microsoft’s Threat Intelligence Centre discovered the Trojan wiper malware ‘Foxblade’, which targeted Ukraine’s infrastructure. Microsoft immediately updated its virus detection system and notified the Ukrainian authorities. Microsoft then contacted Anne Neuberger, the White House Deputy National Security Advisor for Cyber and Emerging Technologies, who arranged for Microsoft to share information about the malicious code with other countries, particularly Poland and the Baltic states, to prevent its spread. Microsoft’s intervention and coordination with state actors was the first public indication of how important the private sector would become in cyber defence and resilience during the invasion. The influence of the private sector during the invasion can also be seen in Amazon Web Services, which worked closely with the Ukrainian government to provide it with “access and resources to migrate to the cloud and secure critical information”. These two of many examples illustrate the ‘evolving and important role of the private sector in supporting governments’, as Microsoft notes.”

Source: “Space and Cyber Dimensions in Russia’s Invasion of Ukraine”, Julia Balm and Eva-Nour Repussard, https://www.kcl.ac.uk/warstudies/assets/war-in-ukraine-one-year-on.pdf

As Balm and Repoussard write, the direct engagement of the private sector has made a crucial difference to the war. On this, the “Washington Post” wrote

“Microsoft set up a secure 24-hour hotline so that its vice president for security, Tom Burt, could immediately call Ukraine’s top defenders when he discovered an attack in progress. Burt said the company typically notifies all targets of state-sponsored hacking attempts, but that the hotline and personal contact is “a kind of white-glove notification” for war-related attacks that has now been extended to NATO and some NATO governments.”

Source: “Impact of Ukraine-Russia war: Cybersecurity has improved for all Money flowing to major ransomware hackers is down while international cooperation is up,” Joseph Menn, February 25, 2023 at 6:00 a.m. EST,

https://www.washingtonpost.com/technology/2023/02/25/ukraine-war-cyber-security/

  • the distinction between friend and foe

According to the German constitutional and international law expert Carl Schmitt, who is as well-known as he is controversial because of his Nazi past, there is an important distinction between the real enemy and the absolute enemy. The latter is “one’s own question as gestalt”, which means that there is an ontological threat. The threat concerns the very building blocks that make up the political system. The real enemy is always concrete, situated and limited in time and space.

At least there are instruments to combat such incidents today. Admittedly, there are no immediate means against existential threats. And what we are experiencing today in Ukraine is a confluence of both threats. But there is close cooperation between private and public actors, and alliances are being formed and revived. And there is a technology whose producers and operators are presuming to have interpretive sovereignty over issues that were previously the preserve of the state. At stake is the struggle for the right to occupy the position that decides what is true and what is not, what is fact and what is fiction. It is no coincidence that this is happening at the very moment that this position is being technologically threatened by artificial intelligence. The ‘own question as gestalt’ has never been clearer. We ask ourselves who we are, and are now confronted with an intelligence that asks itself who we are.

  • the distinguishing factors between fact and fiction.

What is a determining factor when we can no longer distinguish what is real (created by humans at a particular time and place) and what is not real (created instantaneously by AI)? We have to assume that this situation has already occurred or is very close. Then we need to ask ourselves what is real, for whom and why; context will make all the difference in deciding what action to take based on the data.

Have we been in this situation before? Sure, several times. When we moved to oral history based on the character of the speaker. When we created books without schools, publishers, critics and newspapers. And when we created the concept of intelligence, we began to blur the lines between fact and fiction.

In times of fakenews, populism, dictatorships and war, there are more questions than answers, despite information technology and global networking. What is fact, what is fiction? What is real? What is not real? Real for whom and why, that is our new basis for a common situational awareness. This is where we need to start and be part of the solution, not part of the problem. At asvin, we make these questions and resulting insights productive and applicable through our broad-based risk-by-context approach: We find trusted parties in a supply chain through digital and non-digital means and allow them to selectively share information through peer-to-peer protocols. Trust and personal friendships have never been so crucial.