By discursive, we mean one of many streams. Think domains. Each unto itself, and connected. Externalities persist, as do technical, and policy, and yes even cultural effects. On the technical side, the always already inherent insecurity of the base architecture. The continuation of a now decades long lurch of an architecture, a standardization, not built for the internet. Memory, statefulness, BGP, queuing, so many islands. And of course, industry, governments, individuals, and liability. Law, international doctrine, lack of harmonization, politicization, all contribute significantly, connectedly and disparately.
Cyber strategy then, even at the organizational level, is inherently heuristic. Yet, it requires, and is a quantitative science. In this manner, both rigorous attention to technical detail, and decision-making ability, and sciences, are required for excellence in the discipline. In this manner, a cybersecurity practitioner is a humanist. Aristotle said that the best rhetorician was the one who could speak extemporaneously to defeat an opponent in any situation. Security operates in the same manner, response is crucial, investment should be made at the point of response. Of course, as we note above, this is not at the expense of the peripheries of response. Not at the expense of defense, porosity is also a weakness, decreasing surface area is always important, but response is inevitable, irrespective of other factors. Response at the moment of breach, of discovery, is tantamount. Valuation, good will, these decline rapidly.
There is, at the time of discovery, also the question of disclosure. This too, is heuristic. However, familiarity with decision-making considerations around this stream, will again be the crux of response. If it takes you longer than a few minutes past the point of discovery to have a response crafted that is flawlessly aligned with your organization’s requirements, you are ill-prepared. And here at this point, from the frontiers of the internet, to the accuracy of one’s address book, can be the final impact of a CISO. Organizational design, implementation, are the crux as well.
There are parallels between language, thought, and the cyber domain. We exist as language. Our deployment, personality, words, gestures. We describe the world we experience through words alone. And words are metaphors, always metaphors, always contextualized. Security operates in the same way, as language is at its physical base electro-chemical impulses being transmitted, written, overwritten, and even at times overcoded, across the domains of the conscious and unconscious minds. We must work hard to unpack these packets. As human-computer interaction invariably presences, brings closer cybernetics, as quantum computing unpacks notions of place and space. Human notions of distance, are changing already with this new domain, this will likely increase in speed as well. When the printing press was invented it changed the ontology of Western Civilization, information proliferated, the bible was translated, the monolithic hierarchy of being was disrupted, feudalism fell to a middle-class and burgeoning city centers, information trade posts. And now we shift from print to electronic medium. Disruptions abound, creative destruction, and intellectual property flows like water, the life source and wellspring of this disruption, its own creation, water always finds a way. Water is the 1 and the Zero.
The realization of metaphor then, is the crucible of applied security, theoretical. It too is another stream amongst streams of understanding, amongst streams of domains. This discursivity undermines and underpins security. It of course, has necessitated it, has instantiated it, and so we must bring our responses close to it. Interstices abound in security, they are the manna of the adversary. To what extent the adversary is the exploiter of the flaw, is a question of response – one that prefigures, and responds to the incident. This does not, however, nor by any means, by these means, exult experience. It perhaps raises individuality, but monolithic renderings are ultimately untenable, so there is flux, tension between discursive streams. Quantify, qualify, endlessly reify.