Finding The Hidden InfoSec Story

Farming in Cyberspace

Photo Credit: tricky (rick harrison) via Compfight cc
Photo Credit: tricky (rick harrison) via Compfight cc

When all said and done, Farming is a process by which we manage a particular set of resources in a controlled manner in order to exploit them sustainably and effectively.   We protect these resources from threats by providing a safe environment and by eliminating other threats, we may shape and develop them through selective breeding, feeding and management, and we manage them in such a way as to be able to harvest the products in a sustainable manner, ensuring that we retain some stock for the future.

A key issue, often forgotten in today’s world of press and sound bytes, is that farming is hard work and takes up a great deal of resources and energy.  Unless the result of this management results in tangible net benefits (for example, increased production, sustainability, reliability, quality or efficiency) there is no value in doing it.

Farming occurs in a context:  In modern Farming, there are many other influences in addition to the purely productive one.  In the UK, Government intervention has been a constant factor for many centuries, but particularly through the last century, where various forms of intervention have largely shaped the farmed environment that we have today.  As a farmer operating in this context, it is interesting to note that intervention is rarely consistent.  My farm records over the last 60 years show a swing in government focus from increased production, through reduced production to environmental stewardship and back to increased production.

The market is another factor; in addition to producing what the government wants, we have to produce a product that the consumer will buy.  Though the consumer can often be conditioned – such as by the use of specific lighting on meat counters in supermarkets to encourage consumers to expect bright meat rather than the darker conditioned meat that is so much more tender (this  reduces supermarket stock holding), the consumer needs to be persuaded to consume what farmers produce.

Farming is not even a discretely human occupation, many species of ant, for example, actively manage populations of aphids for honeydew production, often actively transporting them to better foraging areas, defending them against threats, harvesting honeydew and in some cases, in the autumn, culling all but a seed population for next year so as to reduce management overheads during the winter.

The Information environment is no different.  Whether as individual fraudsters, criminal organisations, legitimate business or governments, human society has farmed and managed information from a range of sources for millennia.  Examples such as The Magna Carta, Herod’s census in Judea, the ancient library of Alexandria or any one of the huge range of intelligence networks evident through history are examples information farming activity.

In the past, however, information gathering and management were generally a resource intensive process, involving human networks, physical libraries and intelligence networks.  The advent of the digital information space, that area that has become known as cyberspace, has introduced a new dynamic and information context.   Information availability has dramatically increased as the dependence on physical management tools has decreased.

What Clauswitz saw as  friction, the physical impact of operations, has changed.  This is exacerbated by dramatically increased granularity of information, resulting in reduced visibility – it is harder to actually see our information, and the measures that  protect it.  This loss of visibility is compounded by the massively increased volumes of data that are produced and are stored and that may be available to those who have legitimate or illegitimate access.

Digital information has become a critical resource, whether for governments, criminal organisations, legitimate organisations and private individuals.  Processing and storage power of technology has brought information farming within reach of anyone with the wit and will to have a go.

In some cases this is entirely beneficial; anyone registering the death of a relative will have been impressed by the way in which a single report is cascaded through the relevant departments (admittedly with varying degrees of success!).  Marketing databases power business generation, and loyalty schemes enable retailers to target customers more effectively (no, loyalty schemes are not just in the customer’s interest!).

Moving into the shadows, we have seen the advent of bot herders; criminals who manage vast communities of compromised computers and hire them out to anyone who will pay the price.  We see information gathering malware, we see whistle blowers and strategic leaks.  We have recently seen active public debate about government’s role in the collection and management of information.  All of these functions are effectively farming information assets – including, in some cases, us.  That may not always be a good thing.

What we often fail to see is what is going on under the cover.  It is generally accepted that most organisations (if not all) must expect to have their information compromised at some stage.  The emphasis is not on if, but when.    This can be enabling rather than disabling.  If we know we are vulnerable, then we can take measures to increase our protection; affording particularly sensitive assets more protection.  After all, we are used to keeping our chequebooks safe, checking bank statements and ensuring we know who to ring in an emergency, aren’t we?

We are all farmers of information to some extent, but we must be aware that we may also be being farmed by someone else.  So long as we keep this in mind, we can stay alert for the signs of unacceptable activities.

Information is a resource that can be collected, managed and deployed for a range of purposes.  Whether for good or evil depends on the context.  What is clear, is that we must be aware that it is going on, and take active responsibility for our role in the process, both as farmers and the farmed.

Author: Tom Fairfax

Share This Post On