The Trinity Underpinning Globalism

In cybersecurity there is a well accepted three-way trade-off between usability, functionality, and security. The more easily usable a product is, the less powerful or secure it typically is; the great the functionality, the less simplistic or secure; and the tighter the security, the less accessible or feature-filled.

Brilliantly designed products seek to mitigate these trade-offs, but at the end of the day, for a computer network to be maximally useful it must be connected to the outside world, and that access inherently opens up a vector of attack. There is no such thing as perfect security in a connected world.

For a long-time we have considered globalisation a positive-sum development. But it is ignorant to believe that globalisation has not opened the door to new risks and vulnerabilities - whether it is terrorists crossing borders, weapons being exported, or access to finance and energy being themselves weaponised.

There are benefits to be gained from trade, but also risks inherent, too. In the same way politicians might be generally pro-immigration whilst still believing in some border controls, economists ought to forgive political leaders who are generally pro-free trade, but still believe in retaining a national ability to produce. The "national security" argument against free-trade is real. Those who hoped and argued that globalisation would bring world peace may now have to reconcile the reality that its great achievement so far has been in opening up new vectors of (non-violent) attack. Globalism has not rid the world of conflict, but it has encouraged a transition in warfare from the physical domain into new realms.

Although economists accept that individual players within an economies may disproportionately win and lose from free-trade (for instance consumers benefiting from cheaper prices at the expense of manufacturers), free-trade has generally been thought to generate gains for all nations that engage in it - and economic gains it does produce. But free-trade over a period of years may reduce a nation's security, robbing it of an ability to survive independently when faced with conditions of forced autarky (i.e. in the face of sanctions). Free-trade and the export of manufacturing may lead to comparative gains economically speaking, but if a nation loses its ability to sustain itself, produce its own goods, and hold its own under moments of intense pressure and times of crisis, is it really "richer?" The reality is clear: globalisation opens the door to economic development, but it also opens nation-states up to exposure of a new kind. Few things are absolutes: 100-percent good or 100-percent bad.

Economic threats and sanctions only matter to foreign leaders who are domestically sensitive to such threats. Democracies are affected to a much greater than autocracies, therefore. Foreign leaders such as Vladimir Putin are, for the most part, not sensitive - as they are able to offload blame, offload pain, and even consolidate power in the face of an obvious enemy.

Those who doubt the efficacy of Russia's ability to conduct information operation campaigns may point to widespread public knowledge of its programmes as evidence that it simply cannot be as effective or clever as it might like to think it is. But in the same way the US military makes no effort to hide its might or size, it may be appropriate to think of Russian “leaks” and revelations in similar terms.

There is little doubt that Russia is engaged in a massive influence campaign targeted not just at its own populace, or citizens of those nations it considers to be in its sphere of influence, but now at the international community at large. Take for example self-proclaimed US-focused "leaks" outfit, DCLeaks, owned and operated from Russia. Assess the hack on the DNC and DNCC with the presumed goal of electing President Trump. Consider also the "Shadow Brokers", who posted a cache of top-secret NSA cyber-exploits online, free for all to access (the black market value of this code easily runs into tens or hundreds of thousands of dollars, possibly millions). A serious escalation in the attribution game, Edward Snowden has suggested that the leak is a warning that the hacker, presumed to be Russian, can prove US responsibility for any hacks that may have originated from the malware server on which the code was hosted. This may potentially implicate the US in the hacking not just of 'conventional' or 'assumed' targets (think terror groups and bad-guys from movies), but other nation states, including allies, with whom the diplomatic fallout could be severe. Snowden's theory suggests that the attacker is signalling to America that they should think twice before ascribing attribution for any cyberattacks (such as the aforementioned attacks on the DNC and DNCC, perhaps the most blatant examples of foreign interference in the US elections so far).

For its insensitivity to many things, autocracy may disproportionately benefit from global free-trade, and democracies hell-bent on using free-trade as a democratising force abroad must realise that they expose themselves to threats from those less idealistic than themselves.

Globalism is incontrovertibly a force for good, but that is not to say it cannot be used against those who promote it. There is an entire extensive Wikipedia page devoted to inventors killed by their own inventions (with some 25 depressing entries at the time of writing).

We must promote free-trade and globalism whilst keeping in mind the inherent trade-offs at its heart: the price of refocusing economic effort to improve efficiency is the dearth of self-sufficiency. Supply chains become liability chains and interdependence leads to hostage taking. Not all states are equally exposed, and this asymmetry renders mutually assured destruction moot. Advanced developed nations with their 'smart' power grids and Internet of Things devices are vulnerable in ways that less economically developed threat actors simply are not. One thing is certain, however: nobody attacks critical infrastructure that they themselves rely on. It is for this reason that global security is enhanced with Russia inside organisations like SWIFT. Locking the nation out of international financial markets makes those markets vulnerable to attacks that threat-actors would likely not otherwise contemplate.

Those who gain the most stand to lose the most. The point, of course, is not to avoid development in the first place, but to be mindful of the full gamut of effects that globalisation carries (and not just the inequality of the development it produces). Unthinkingly singing globalisation's praises, dismissing those who raise objections as unthinking or uneducated, is a recipe for disaster. Game theory models are only as good as the context they are placed in.

It is time we wake up to the reality that security is more than a boundary issue. Stopping bad things getting in simply may not be possible any more. National boundaries post-globalism are porous ones, and adapting to the reality that adversaries may operate inside our societies means not just countering their actions, but putting forward our own strong narratives and ideology. Security, usability and functionality represent a triadic trade-off in cybersecurity, in a globalised world, and in life.

Update 2016-09-19

Ian Stewart, Chief Economist at Deloitte, made his weekly note this morning about this very issue. Well worth a read.