Digital Transactions Authoritative, insightful and timely information for payments professionals
Encryption that is mathematically secure is readily available, but not used. Many Microsoft Windows vulnerabilities are known, but not publicly exposed. Digital payment without the Internet is possible, but not pursued.
These pathways to cyberspace are left untreaded because a quarter-trillion-dollar industry (2023 projection) is thriving on cyber war (see my book, The Unending Cyber War), and because the National Security Agency and its global counterparts need this war to achieve their ends. These agencies may be hoping they’re smarter than their adversaries and can secure a strategic edge, but this is a shortsighted approach and we are all paying the price for it.
Cybersecurity angst is good for business. An unrelenting news feed detailing data breaches and cyber calamities is like shelling an enemy before charging right in. The present state of affairs is retail security. Patch here, patch there, add another fence around your data. Fine tune the firewall, pay more people to watch more data, to validate more software, to write more policies, to flood the media (this magazine included) with fresh tools and apps, algorithms, and procedures—hundreds of billions of dollars worth.
In fact, the actual price is double that. Various estimates suggest that the “burden-of-use” cost of security technology actually equals its direct cost. I personally suspect it to be higher. Worries about security absorb firms’ attention, hinder them from free-flowing action, and burden them with cumbersome code compliance, obscure policies, and excruciating protocols—all of which have to be accommodated, studied, and practiced. Soon thereafter, the same people have to learn a new tool and a new procedure. Yet, the massive time and attention claimed by this security angst is never properly accounted for.
Cyber insecurity is mushrooming, despite security expenses going through the roof. How come? It’s because cyber security exploiters, abusers, and fraudsters are proliferating even faster. Along with this trend, the commercial side of hacking has matured into a state of remarkable efficiency. With so many breaches, hackers found it increasingly difficult to monetize their harvest, but now the victim himself pays because hackers fine-tune the ransom demand to make it more attractive to pay up than to resort to any alternative. Some ransomware criminals even open friendly “customer service” Web sites that gently advise paying victims how to get their data back. The response: more apps, more narrow tools, live monitoring.
On the national stage, the chaos and vulnerabilities are seen as opportunities. The big dogs, like the NSA, believe that they have more brainpower, more funds, and better tools to turn this chaos to their advantage. The little guys reason that they cannot match the U.S. Navy or the U.S. Air Force, but they have a reasonable chance to find an Alan Turing-quality mind in their small country who can outsmart the U.S. Goliath. So they, too, revel in the security chaos and root for the cyber war to continue.
Cyber peace remains a naive dream, a utopia. Not because it is not doable, but because the powers that be don’t want peace on Earth.
Still, the progress of powerful technology can be brought to a slow crawl, but it cannot be stopped. One by one, the dwellers of cyberspace will deploy unbreakable cryptography. They will use 5G to deploy quantum randomness to thwart identity theft, suppress payment fraud, and dry out fake news. And recovery technology will take the sting out of data breaches. All will be operating with a shared data environment, which will retain its integrity for all.
Cyber peace will be long in coming. It crawls. But it is unstoppable.
