Cyber security - the holistic perspective - saving lives, human trafficking and critical ethics

Information assurance, Cyber security, SIEM, firewall, ids, ips, network security, endpoint security -- all terms that mean nothing without ethics. I was given a new term yesterday, "patient data safety". I want to thank Dr Mansur Hasib for the last term.

In all cases the data and systems are not ours. It disturbs me how fast and loose information in disseminated today. I find it ironic to be told about "top secret" information on the Internet. It also disturbs me how few people understand the true nature of cyber security.

One basic foundational necessity is ethical cyber security (data safety) professionals. You may hear of help desks who are requested to reset passwords by and for famous people. The staff then talk about what they did and who they did it for. That should never happen. Password reset requests should never become information for prurient gossip.

Ethical behavior will sometimes mean we have enemies. We don't choose to make enemies. They choose it by walking down the value-challenged path. I was just reading a quote by Winston Churchill

"You have enemies? --- Good! That means you have stood up for something, someone in your life!

~~ Sir Winston Churchill ~~"

Sir Winston Churchill was highly ridiculed for thinking Hitler would want to dominate the world. This was the same time Neville Chamberlain declared we have "peace in our time." Winston Churchill created many enemies by taking the stance he did. Unfortunately Churchill was right.

Please listen to my youtube presentation on cyber security and ethics. Feel free to share it. https://www.youtube.com/watch?v=dDA9AkaUsbg

The over-arching perspective of cyber security is -- why are we doing this? I like the term from Dr Hasib, "patient data safety". I would broaden it to all fields as, "personal data-related physical safety". We save lives!

Please look at the real picture above and sear it deep in your soul why we do what we do. Human trafficking is real! The connection between cyber security and human trafficking is direct! I am not just talking about junk on the Internet. I am talking about funding, infrastructure and all other unseen elements that enable human trafficking. Human traffickers sell pictures, but they also sell credit card data, perform ransomware attacks, and more. This funding helps them pay for food, lights, transportation, communication and other basic elements critical to their criminal enterprise.

I make this point to show that there is a solid connection between us performing our duties with competent care and human trafficking. We may not stop human trafficking, but we certainly play a role in slowing it. The more we care about ethically performing our duties to the best of our abilities the more we hinder human traffickers from getting fungible resources.

I hope (and my goal is) that this life-saving perspective gets into every cyber security training program. I have found the perspective connecting human trafficking and cyber security to be sadly missing in the industry. My perspective has caused me to tell people who ask how to get into the industry because we make ‘good money’, “don’t waste my time. Because we will have to pick up the pieces after you.” My feeling is that we are an international family of cyber security professionals. I feel that a weakness anywhere (any location, any company) creates a weaker defensive front everywhere.

In addition to us slowing human traffickers we save other lives, thus far, by infrastructure protection. On that note we help delay attacks but can’t stop any determined attacker. All internet-attached structures, items, and infrastructure are hacked. It is my hope that one day we have regulations on what infrastructure-related systems can be attached to the Internet. Things such as: vote tabulating machines, sewage treatment, DOD-sensitive data, and other critical infrastructure should – at the very least – be air-gapped from the Internet. 

In the end we are all about people and people safety. While the Internet has been great for convenience, it has created some gaping holes. Human trafficking is enabled, infrastructure is weakened, data is breached, proper usage standards are ill-defined. Cyber has created some huge benefits for society.

I just hope this article is a reality check on how far those benefits of using Internet and cyber security can or should go. I hope it helps define unifying purpose for our cyber security industry beyond just methodologies and tools.