Preventing Cognitive Malware - Exploiting the Human Mind
Thanks to Mike-G and The Edge for taking the time to chat with me about a topic that we think may be of paramount importance.
This is a revised and shortened version, split into three parts to make it easier to consume.
#mentalmalware #cognitivemalware #dontletyourmindgethacked#mentalsoftwarepatch #cognitiveupgrade
Social media and the plethora of available communication technologies have transformed the way we interact, allowing for messages to reach broader audiences, faster and with more precision than ever. Implications of this are profound and awesome positive. Do we fully understand the implications or how they influence our lives though?
As I have traveled studying how information systems are exploited and protected, it occurred to me that we may invest disproportionately in protecting the information systems we own, without adequately protecting the information systems that own us... that is the hardware and software frameworks that comprise the human mind.
Malware is fundamentally software that exploits vulnerability in information systems to produce undesirable outcomes without the consent of the custodian of said systems.
As we look around us, we see divisiveness and contention rising as sparks of anger ignite the ubiquitous fuel of fear, engulfing the world in conflict. We give way to "us" and "them" as social structures decompose into self-perpetuating chaos. How did we get here?
Perhaps, our own information systems are more vulnerable than we think. What if the ideas we value; the notions that serve as the foundations of our world views and the cognitive constructs that give rise to our most compelling behavior are exploitable in the same way our laptop computers can be infected with a virus?
One may imagine the human mind as a biological computer running cognitive software that exists as the aggregate of our inherited and evolved conversations. Some portions of this software have evolved deliberately - that book we elected to read or the university we chose to attend. Other cognitive software - the majority one may conclude - is inherited, in much the same way as many modern software programs carry millions or billions of lines of code that nobody really even fully understands... least of all the user.
In information systems, this is the phenomenon that gives rise to exploitation. This blend of discrete and inherited cognitive software that we all operate on in our daily lives includes fundamental inherited vulnerabilities, not unlike the variety of computing devices we use every day.
Fear of being hurt, concern about being weak or shame about being somehow inferior could be analogous to an exploitable vulnerability in an information system. Exploitation can lead to an amygdala hijack, providing remote [cognitive] code execution to a malicious third party.
What if an idea, structured into carefully structured sentences was crafted to specifically exploit a known vulnerability present in a specific socioeconomic subgroup? We all fear something... we all want to protect something. Each and every one of us carry a cumulative cognitive baggage based upon undesirable experiences combined with stories constructed based upon the experiences of others as part of our cognitive software at any given time.
While our cognitive software is unique to us in some ways and we pride ourselves in the individual nature of what we think, the vulnerabilities can be grouped, mapped and categorized in much the same way a CVE represents something that can be exploited in computer software.
If there is a large demographic group that feels insecure about the future and possibly fears their livelihood, what type of cognitive payload would one construct to exploit this vulnerability to gain power? What about people who are afraid they are losing the freedom to speak out or assemble? Is it conceivable that accidentally, deliberately [or both] those with access to communication channels with sufficient reach are bot herding humans?
And, what is one of the most critical elements of any sort of large scale operation leveraging malicious software to achieve specific objectives? Command and control (cnc) communication, using attacker controlled messages to establish persistence.
Similar to cnc, social media forms a positive feedback loop that tends to reinforce existing biases. As such, social media becomes the cnc network supporting the persistence of cognitive malware.
What do we do about this? Is it possible for us to raise awareness of vulnerabilities we have? Can we devise patches to upgrade our cognitive software, eliminating a particular vulnerability?
Join us in the discussion starting with the podcast series and then expand the dialog to identify conative vulnerabilities, raise overall awareness and start the global conversation around how we can all upgrade the linguistic software that we all run.
https://www.youtube.com/watch?v=Q19IhvnVPmw&feature=share
Q: "What do we do about this?" Lots! Too much to type here. Q: "Is it possible for us to raise awareness of vulnerabilities we have?" YES! Acquired Cognitive Immunity, Mental Self-Defenses... Q: "Can we devise patches to upgrade our cognitive software, eliminating a particular vulnerability?" Of course! Being made aware of, literacy, and trained in manipulative rhetoric, argument structure (esp. fallacies), faulty heuristics, cognitive biases (esp. intrinsic biases), cognitive distortions, epistemic virtues and vices, faulty groupthink and intuition tendencies...
Hey, I know that guy on YouTube. Nice work!
CISO at Grand Canyon Education, Inc.
8 年Three shorter segments... the abbreviated version: https://www.youtube.com/watch?v=6UHU8gAg0Ns https://www.youtube.com/watch?v=F3IBU5tCH78 https://www.youtube.com/watch?v=0VkAe-jeEVg