Everyone should be truly outraged. Juniper Networks SVP for its security division Nawaf Bitar wanted to drive that point to the minds of the attendees when he delivered the keynote address at the ongoing RSA Conference in San Francisco.
The RSA Conference is an annual gathering of IT security experts and professionals from all over the globe. It is where they learn from each other and discuss pressing matters on the field of IT security. During his speech, Bitar drew a picture of a world where privacy is no longer respected, intellectual properties stolen, and attacks to grab information are getting more and more sophisticated.
"The attack on our information is outrageous but you know what? I dont think we give a damn,"Bitar opened his talk titled "The Next World War Will be Fought in Silicon Valley."
He listed people who were truly outraged from Tibetan activists sacrificing their lives for freedom, Nelson Mandela, to a man blocking the path of tanks in China.
"Liking a cause on Facebook is not outrage. Re-tweeting a link is not outrage. Posting a bad review is not outrage. Not showing up at a conference is not outrage," he said while flashing a slide showing headlines that talk of RSA speakers boycotting the conference because of the latter's cooperation with the NSA.
Bitar threw a big punch on what he calls "first world outrage," a pseudo protest that really does not transform to real actions.
After pointing out old news items about the facilities of the National Security Agency that can be used for spying on everyone and other misfortunes of the society, he pointed out the complacency of people.
"You in this room have the prowess in capital to demand better yet we stand by watching our privacy erode, our information stolen, and our livelihoods threatened. We're complacent. Standing by and watching a crime without trying to stop that crime can itself be a crime. I believe we will only be moved to action, when our real, not our stated values are attack..," Bitar said.
Bitar enumerated two things that will make people act on such attacks - family and money.
Lessons for cybersecurity professionals based on history
To emphasize his point, he told three stories that can be models for change.
First, he talked about the maternal deaths in the 19th century. He related the deaths at the best hospitals in Vienna and how smaller clinics run by midwives had lower mortality rates. He shared how Dr. Ignaz Semmelweis introduced how doctors should practice proper hygiene through hand washing before interacting with patients. The change lowered mortality rates but Semmelweis was ridiculed for his methods until doctors in England validated his theories. Bitar used this to compare current security issues to fear of changes and the unknown.
"We continue to cling to old ideas even in the face of obvious deficiencies and limitations. Innovation is often met with harsh skepticism," Bitar said.
Second, he talked about unintended consequences. Bitar told the story behind the War of the Golden Stool in 1900. A British official desecrated a holy symbol of the Ashanti, people from the Gold Coast or what is known today as Ghana, that triggered the uprising. The British lost that war and thousands died because of an insult to a stool.
"After 9/11, the government built a surveillance network to stop terrorist attacks. The goal was noble but the consequence is an information collection system, the likes of which the world has never seen. Fast forward to today and we have direct evidence of the depth and breadth of information collection," he said.
He pointed out how everyone should be concerned on the changing threat landscape with the attacks on nuclear sites, power grids, and companies launched by different individuals, organizations, and other nations and the increasing sophistication of these attacks.
Bitar's last story was about the occupation of the prison island of Alcatraz by a group of Native Americans in 1969 and about author and tax resister Henry David Thoreau. He used this to demonstrate how one should take action against injustice.
Active defense
Bitar closed his talks by talking about a possible solution amid all the cyber attacks today.
"When will we say enough is enough? Our information is being stolen. While we may not know the unintended consequences...we know there will be consequences. As corporations, as individuals, and citizens, we should be truly outraged, not first world outraged," Bitar said.
He emphasized that fighting back does not mean going on the offensive with a clear allusion to how white hat experts use their skills compared to black hat computer experts.
"We cannot go on the offensive and hack back, we would lose the moral high ground but we can no longer remain passive. It's time for a new type of defense. A type of active defense that disrupts the economics of hacking and challenges convention. A type of defense that interferes with the attackers. It's time for all of us to turn the tables on the attackers or we can do nothing...wait for the next world war to begin in Silicon Valley," he added.