When the internet was first conceived, in a Cold War-era project by the Department of Defense, the sharing of computer information was handled the old-fashioned way: point-to-point, and only among a small, tight-knit group of security-cleared government employees if the information was sensitive. It was simple and effective but, unfortunately, not very scalable. And with such a closed and closely controlled circle of users, data protection was not very granular. It is an oversight that has had implications that shape our world to this day.
That’s because that original, small communications project is now a central component to nearly every facet of modern life. From our most personal and basic daily interactions to the most sensitive and mission-critical government and business information, digital connectivity drives and defines daily life as we know it. Every day, public and private cybersecurity experts must contend with the blindspots and vulnerabilities that remain forged into the core of the internet.
For those security experts fighting this battle of data protection, there is a quote by renowned astrophysicist Neil deGrasse Tyson that seems particularly relevant: “The good thing about science is that it is true whether you believe it or not. That’s why it works.”
As CISOs and their teams fight to secure data, it is easy to get distracted by everything from internal business pressures and budgets to external trends and marketing. These all shape the ways we fight to protect networks.
But like Tyson notes about science, the nice thing about cybersecurity is that the fundamentals never change, and they work regardless of whatever shiny object is currently attracting the most attention. (And in an age of artificial intelligence, machine learning, 5G networks, cloud computing, the edge and internet of things, there are a lot of shiny objects both demanding attention and driving complexities.) No matter how extraordinary the innovation, the primary forces that shape effective security remain constant.
That is why it is time to view cybersecurity as a science and not simply theoretically or metaphorically. As our digital and physical worlds are more intensely interconnected than ever before, the science of cybersecurity is as critical and impactful as any of the physical world. Fortunately, in both principle and practice alike, cybersecurity aligns seamlessly with our understanding of what traditionally defines a science.
At the most basic definition, science is the systematic study of the structure and behavior of the natural world. It addresses the fundamental forces of nature and finds ways to harness these forces for the betterment and greater understanding of life on earth. Cybersecurity, when viewed as a science, does the same: It identifies primary forces of digital connection and harnesses them to create a safer, more secure world.
In the science of cybersecurity, the two most fundamental forces are speed and connectivity. They are the matter and energy of our cyber-physical world. Just as any scientific effort that fails to adhere to fundamentals like gravity and nuclear force is doomed to fail, the same is true of cybersecurity that doesn’t address and harness the forces of speed and connectivity. (For proof, note that every successful cyberattack hinges on deploying these forces more effectively than the tools that tried to stop it.)
While all effective cybersecurity must have both of these elements in place, all good strategies start with speed. We need to harness it to detect and mitigate attacks in real-time, to drive processing capacities to find the needles in increasingly vast digital haystacks that are today’s networks, and to create the headroom that makes space for future solutions.
As the velocity of information has increased over the years, we have seen that security without speed is a losing proposition. In fact, there is now little practical difference between slow security and no security. Because any data protection that does not enable a network to operate at the speed of business just gets turned off, leaving it not just underprotected but completely unprotected. That’s why, in the actual business of cybersecurity, safeguarding networks at business speeds must come first.
Think about how a company might react to the following pitch: “I’m in the cybersecurity business and my business fundamentally slows you down.” It’s a ridiculous proposition, but sadly, based on accuracy. That’s why those in cybersecurity must recognize speed as an absolute fundamental.
But speed alone is not sufficient to drive effective information protection. Cybersecurity must also harness the other primary element of digital technology: connectivity.
The internet was designed to foster rich, resilient connection. It is a powerful testament to the power of collaboration. But it’s also created a new type and level of risk. Attackers quickly realized that belief in connection could easily be exploited for nefarious purposes.
Today the complexity of that connectivity is almost unfathomable, with 29 billion connected devices predicted by 2022, and as many as 18 billion comprising the increasingly vast internet of things. Any one of these represents a potential vulnerability that can be exploited to reach more valuable and destructive targets. Because cybercriminals thrive primarily through the exploitation of connectivity, cybersecurity strategy must use it to thwart them.
Just like in the physical sciences, the principles of speed and connectivity can be as simple as Newton’s laws in theory and as complex as the most sophisticated astrophysics in practice. But just because something is simple doesn’t mean it is easy. Treating cybersecurity with the rigor and discipline of a science allows us the perspectives and methodologies to navigate the increasing complexity of a digital world, providing a way to assess strategy and tactics alike before charging blindly forward.
Because just as science is not changed by whether we believe in it or not, the fundamentals of cybersecurity are not altered by budgets, marketing or lack of organizational understanding.
No matter how complex the tool, tactic or solution, effective information protection always comes down to how effectively we are able to harness the forces of speed and connectivity. That’s why it works.