In new research published in the journal Technology and Culture, Rebecca Slayton, professor of science and technology studies at Cornell University, uses the field of incident response to shed light on how experts – and nations – can more effectively combat cyberwarfare when they foster trust and transcend politics.
“People often think of infrastructure as a set of technologies just sitting there, but in fact they’re living technologies – socio-technical systems that are constantly being maintained by people, and trust is central to that,” Slayton said.
Most experts agree that state-sponsored hackers in Russia are trying to use the internet to infiltrate the US electrical grid and sabotage elections, yet internet security teams in the US and Europe actively seek to cooperate with their Russian counterparts, focusing on the issues where they can establish mutual trust.
“Even though they recognize that there are actors in the shadows in those countries whom they don’t trust, they have a shared goal of keeping the infrastructure running,” Slayton said.
The field of incident response began after the internet was struck by “an attack from within” in November 1988. A self-replicating program – a “worm” – infected thousands of connected computers, causing them to stop processing and communicating normally.
Although computer scientists realized that the connected nature of the internet required international cooperation, global participation in these efforts was initially limited. But that began to change in the early 1990s, with the formation of the Forum of Incident Response and Security Teams (FIRST), which remains the leading global organization of security experts.
“Teams in the US and in Europe very much want to cooperate with teams in Russia, and they see that as a way of having influence they might otherwise not have in that space,” Slayton said.
Previous research on the history of computer and network security focused largely on development of new technology, rather than repair or maintenance. However, Slayton wrote in the new paper “Trusting Infrastructure: The Emergence of Computer Security and Incident Response, 1989-2005,” that without the efforts of incident responders, the internet as we know it wouldn’t exist.
“It’s one thing to come up with a new algorithm or a new technique for, say, intrusion detection, but actually making it work and operate requires people to implement and maintain it on an ongoing basis,” Slayton said. “It’s nice to think some innovative technology will fix everything. But in practice, people have to keep things up to date, particularly when you’re dealing with an intelligent adversary. You have to stay ahead of that.”
The research was supported by the National Science Foundation.
