institutions of the state, of society and the economy,
and those who offer them sage counsel. The
technocratic elite of computing, and of cyber security.
temporary, and we have been served our notice by Generation Y. These
Millennials are impatient for control. We have a finite and diminishing
period in which to contribute to the solution of the problems of our time
and so control our legacy. Our context was forged during the Cold War.
The world we made, the time and space we lived in, and the ways in which
we sought to make sense of it all, were given their shape and form by a
context. A context within which we were simultaneously subjects and
objects; we made it as much as it made us.
the Information Age. Now, belatedly, we catch our first true glimpse of
the gaping chasm separating us from the Millennials. We are easy prey to
the collective paralysis of future shock. The symmetry, clarity, predictability
and certainties of the Cold War appear comforting. A world of clear and
certain binary choices; of absolutes of right and wrong. Of survival or total
destruction. Bunkers of the mind are as real as those of steel and concrete.
The one the tomb of the intellect as the other was the tomb of hope.
The UK and US governments constituted the dominant protagonists in
the NATO alliance, the anchor points of the economically and culturally
dominant Atlantic axis, and the powerhouses of the post war development
of computers. Across the span of the Cold War, US and UK government
spending in general, and defence and intelligence spending in particular,
dominated and shaped computing. The computers of the Cold War were
an intrinsic and indispensable part of the existential struggle that defined
the twentieth century. These governments spent according to their
established patterns, within the dominant macro-economic structures of
the age, and according to the imperatives of the Cold War.
chain for computers was vertically integrated. Narrow, short, and almost
entirely knowable. Little of the work went beyond the commercial
boundaries of the principal players and when it did, it did not stray far.
The entire supply chain, should, and could, be mapped. From research and
development, through to specification, implementation, testing, integration,
operation and disposal; the system life cycle was predictable. The supply
chain a part of the deterministic system as a whole. The idea of a complex
matrix of volatile, recursive and nested sub contracts and outsourced
obligations, if it occurred at all, would have been a nightmare of apocalyptic
proportions.
complex of the Cold War has gone. Outsourcing, globalisation, just in
time disciplines, the emergence of what were once developing economies
as principal actors in shifting patterns of geo-political power, have all
converged to produce a supply context of bewildering complexity.
The supply cartography of our context is essentially unknowable, partly
because of its intrinsic and accumulated complexity, and partly because
of its volatility. Whereas the commercial relationships of the vertically
integrated constructs of the Cold War prized stability and longevity, those
of the Information Age thrive on velocity. In the Machine Age we etched
enamel adverts with retail prices emblazoned in ceramic permanence.
Now, our advertising hoardings are computer monitors; facets of the cyber
phenomenon. Our Millennial staff, entangled in patterns of loyalty utterly
different to ours.
Cyber is about far more than computers and computer networks,
however vast, far reaching and powerful they are. It is about far more
than the Internet; whether of information or of things. It is about far more
even than the laggardly realisation that the great interconnectedness of
everything encompasses ICS and SCADA systems and, therefore, the
totality of the critical infrastructure of every nation on earth. Humanity is
existentially reliant upon cyber.
swathes of economic activity; whilst creating entirely new ones. Our lack
of understanding of the cyber supply chain is already scaring us and yet
we only have a few years until computers will be manufactured in homes
around the globe as easily as we now print off airline boarding passes. We
have only begun to experience the first tingling of what will become abject
terror at the prospect of the impact on structures of warranty, indemnity
and liability of a supply chain where spare and replacement parts for
critical systems are locally fabricated using binaries downloaded from the
Internet and so utterly devoid of provenance or attestations of fitness for
purpose.
chain. The first, and most acute, is that we see the supply chain itself as a
source of vulnerability and risk to the operation of the critical computer
systems themselves. The whispered fear is that of malware lodged deep
in silicon by a powerful nation state adversary. A legion of cyber sleepers
invisibly infiltrated in to every one of the computing devices upon which
we know we depend. The hidden menace. Living undetectably amongst
us, silently awaiting remote activation. Alien invaders capable of bringing
about our total destruction.
of the intention of hostile actors such as criminals and intelligence agencies.
Here the recent thefts from the Port of Antwerp stand as the exemplar.
The third is the damage sustained if the supply chain itself ceased to
operate and the supply of computing technology was threatened.
vulnerability of the supply chain to infiltration by counterfeits and forgeries
of the products of established and trusted brands. This will mature rapidly
to reciprocate and magnify the first and foremost of our concerns.
response to a sense of impending crisis. We must now pause and ask