top of page
  • Writer's picturemalwrr

Beyond Good, Evil and Cyber Security

For a start, let’s question the basic assumptions the philosophers make.

“Who says there is an opposition between Truth and Falsity?
Or between different values like good and evil. Just because some thing is not true or good doesn’t necessarily mean it’s not valuable”

– Friedrich Nietzsche

“Since human beings need constant falsification of the world in order to live as human beings”. Such falsifications are essential as we do not have any texts for the world, no way of knowing or accessing the truth of things. All we have are various interpretations that gives us different perspectives.

Let’s take a moment to examine George Carlin’s famous Saving the Planet stand-up routine:

“We’re so self-important. Everybody’s going to save something now. Save the trees, save the bees, save the whales, save those snails. And the greatest arrogance of all: save the planet. Save the planet(?), we don’t even know how to take care of ourselves yet. I’m tired of this sh*t. I’m tired of f*ing Earth Day. I’m tired of these self-righteous environmentalists, these white, bourgeois liberals who think the only thing wrong with this country is that there aren’t enough bicycle paths.” “The planet has been through a lot worse than us. Been through earthquakes, volcanoes, plate tectonics, continental drift, solar flares, sun spots, magnetic storms, the magnetic reversal of the poles, hundreds of thousands of years of bombardment by comets and asteroids and meteors, worldwide floods, tidal waves, worldwide fires, erosion, cosmic rays, recurring ice ages … And we think some plastic bags and some aluminum cans are going to make a difference? The planet isn’t going anywhere. WE are!” “The planet will be here for a long, long, LONG time after we’re gone, and it will heal itself, it will cleanse itself, ’cause that’s what it does. It’s a self-correcting system. The air and the water will recover, the earth will be renewed. And if it’s true that plastic is not degradable, well, the planet will simply incorporate plastic into a new paradigm: the earth plus plastic. The earth doesn’t share our prejudice toward plastic. Plastic came out of the earth. The earth probably sees plastic as just another one of its children. Could be the only reason the earth allowed us to be spawned from it in the first place. It wanted plastic for itself. Didn’t know how to make it. Needed us. Could be the answer to our age-old egocentric philosophical question, “Why are we here?” PLASTIC …”

– George Carlin

What we are trying to justify is that the perspectives play a major role in the order of time. Today’s facts could become tomorrow’s fiction and the only constant is change. Now with this piece out of the way we can get to the main topic at hand: Cyber Security.

Like any invention, necessity is the mother of all. Our necessities are primarily profit and not self-sustainability. Retrospectively - as a species, we like to exploit a resource, an entity, or a process for profit. And we’d like to also apply the philosophy - The path of least resistance (is irresistible) to getting that outcome or profit.

With these observations, one can explain that most of the cyber crime or to be specific - any financially motivated crime’s anticipated outcome is profit. On the other hand, having a Cyber Security Team or a Security Operation Centre trying to prevent these “cyber criminals” also have a primary objective to enable the business (and thereby profit). A Cyber Security Professional has an obligation to serve in the best interest of the business (profit) rather than doing what is simply “good” or “Just”. Isn’t it funny that when a cybercriminal is brought to light and if they agree or not – we all know that the primary motive is always profit? But when a Cyber Security Professional introduces his living as “we fight cyber criminals”, I would argue that they are delusional. They forget that their primary focus is to secure the profits of an entity.

Offensive or Defensive capabilities, one doesn’t (need to) exist without the other. We can explain it using real world perceptions like the Counter-Terrorism ethics, Surveillance Capitalism, etc. We could also apply the 2nd law of thermodynamics to this delicate balance of the worlds and justify that if we’ll need a positive output (profit), then it comes at a cost (loss).

An ad-hoc or reactive approach to information security has now become a standard and requires less budget. The Reactive cyber security team focuses on THREATS alone. It’s like a nation with nuclear power, Deterrence is the goal here. This is a necessity and has some definite boundaries.

A proactive approach to cyber security means huge budgets (to do it right), understanding the mindset of a cybercriminal and then building a strategy around that. This is where I would say the RED/BLUE and eventually PURPLE teams come in. These proactive cybersecurity teams focus on OPPORTUNITIES. They find a threat and an opportunity along with it to show value. It’s like a developed nation with nuclear power (of course) proactively involving in multiple major conflicts (let’s not name any) – Incentives and Promotion is the goal here. This is not necessarily a necessity or quantifiable as it is ultimately opportunistic.

Don’t hate the players, hate the game!

And it’s about time that we understand that the game is not the fight against good or evil.

“Who gets to keep the profits?” is the name of the game.

On the other hand, let’s say we stop wanting profits. Not wanting a positive output (profit) is like a dying star, A self-satisfactory organism slowly travelling towards its annihilation as there are no or less incentives for continuum. Another end of a 4-million-year evolution branch.

So, like any organism, we need to carry on, pass along even at a cost (mortality) and thus the balance is realized.

-------------------- end of a rambling ---------------------

If you enjoyed this content, please do leave a like ❤️ and use the comments field to share your thoughts, any relevant information that can help other readers or your findings!
29 views0 comments


bottom of page