We modeled the Cybersecurity Canon after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that. Please write a review and nominate your favorite.
The Cybersecurity Canon is a real thing for our community. We have designed it so that you can directly participate in the process. Please do so!
Book Review by Canon Committee Member, Dr. Mansur Hasib, CISSP, PMP, CPHIMS: The Seventh Sense: Power, Fortune, and Survival in the Age of Networks (2016) by Joshua Cooper Ramo, Little, Brown, and Company: New York.
Our hyperconnected world, comprised of myriad networks – both machine and human – has brought us to the precipice of a fundamental revolution and redefinition of the human experience and our socio-political and military world order. This is what author Joshua Cooper Ramo wants us to grasp in the book The Seventh Sense: Power, Fortune, and Survival in the Age of Networks.
The Industrial Revolution was a similar event. The advent of the personal computer, which replaced the typewriter, and the subsequent era of enterprise networks were others. Then came the internet era. Now we exist in a mesh of networks, which feature both concentration and distribution, and remarkable levels of persistence and resilience. The old definitions and practices of information security and governance, cybersecurity, and business strategy, developed in the era of the past no longer work.
Failure of executives to grasp this pivotal change, and their concomitant failure to tailor organizational and business strategy to the new reality, is the primary cause of organizational malaise and the massive cybersecurity breaches we have experienced. The author calls for a new breed of digital-native executive leaders who will inherit the problems and need to develop lasting solutions for the future.
We have experienced such revolutions in the past. Each time a new world order was created, decision-making and practices of the old world order ceased to function. Organizations and leaders who practiced outdated thinking were quickly wiped out or reduced to irrelevance. Each new world order also realigned the centers of power.
British imperial power and the subjugation of wide swaths of the world were fueled by superior technology, naval power, and education. Then, when the rest of the world began to innovate for a new era, there was a fundamental realignment of power. Today terrorism, war, cybersecurity, privacy of data, and even human relationships are being redefined by the network.
As the author states, “…networking something fundamentally changes its function.” Executives need to recognize that – yet they are not doing so because they lack the appreciation and understanding of the new networked world order and are still making decisions using models of the past, and both making decisions and developing strategy with the thinking of a bygone era.
I have noticed political and business executives making seriously flawed decisions using models of the past. I have observed them being completely baffled by the hyperconnected new world. The book The Seventh Sense: Power, Fortune, and Survival in the Age of Networks (2016) by Joshua Cooper Ramo helped me understand why. The author helps us understand why we critically need cybersecurity leadership and digital strategy of a new kind.
The book has three parts, which I have broken down for you herein.
Part One explains the nature of the current age. This section explains why hyperconnectivity and the networking of everything, including human relationships, through networks and digital connections needs to be viewed differently. This is similar to recognizing that the world of analog systems and analog networks is gone. Analog thinking is anachronous in a digital world. Similarly, failure to recognize the new hyperconnected era, and failing to adapt to the exigencies of this new world order, can result in existential threats to leaders, organizations, and nations.
Part Two discusses what the author calls “The Seventh Sense,” which is a new way to view everything. Connectivity, as the author states, changes the very nature of everything. Thus, a networked heart monitor or pacemaker cannot be regarded as just a heart monitor or a pacemaker anymore. Similarly, terrorism, crime, pornography, bullying, forensics, and warfare conducted through the digital signals of a global network cannot be dealt with using the knowledge and models of the past. Executives need to think differently.
Humans have developed an intuition for dealing with events and circumstances of the past; some have called this the sixth sense. The author calls upon everyone – especially executives in charge of making consequential decisions – to develop a seventh sense to make strategic decisions relevant for a digitally hyperconnected new world. Business organizations, countries, and societies that fail to adapt to this new world are in real danger of becoming irrelevant.
There are numerous examples of previously powerful business organizations, nations, and societies that dominated in an older world order, but were rendered irrelevant and powerless in a new world – simply because they failed to anticipate, recognize, and adapt as the world around them changed. The author shares examples of such companies as Google and Uber that not only anticipated, embraced, and shaped the new world but were able to find gaps and unfulfilled opportunities, which allowed them to redefine the new world order in a way that benefited them. In doing so, they also became existential threats to organizations that were still living in the old world order.
The author shares how strategic leaders like Steve Jobs were able to imagine the future of smartphones, music consumption, and even movie production in a hyperconnected digital world, while many other contemporary leaders were still dabbling in an analog world. Leaders need to be able to recognize when the playing field has changed. Leaders cannot afford to play chess on a two-dimensional board when the board itself has morphed into multiple dimensions.
They cannot denigrate the new dimensions either – but must embrace them. I still remember the time in the late 1980s and early 1990s when we were building email systems and enterprise networks to replace the mainframes; people in the mainframe world called these systems a passing fad. Today, these very email systems and enterprise networks have become obsolete as new forms of human communications and hyperconnected business networks have become the new normal.
Yet, many enterprise technology organizations and executives have not adapted to the new world and are still focused on perimeter security in a world where there is no perimeter. They wish to control endpoints in a world where these endpoints do not belong to them. These executives are still discussing and demanding security as a static desired state when there is no such thing as absolute security anymore.
Cybersecurity is certainly not synonymous with security. Rather cybersecurity is a process of dynamic, continuous innovation and dynamic, continuous risk management – full of opportunities as well as pitfalls.
Part Three discusses how the power structure is being redefined in this new world. The author details several historical shifts in global power. Control of rivers, water supplies, and other land-based routes determined power during an era. At some point, it was replaced by control of the global waterways. Global naval superiority determined the British dominance of the globe. This was replaced by the rise of American global power through an unprecedented rate of innovation, which led to global domination in air power, military might, and economic strength. Sheer technological and financial superiority powered by an unprecedented pace of innovation unleashed by capitalism replaced all other forms of power.
Today, global power centers are in the process of realignment. A lot of power now resides in knowledge and information, as well as the control and sharing of such knowledge and information. Power will also be determined by the ability to understand and control the protocols and networks used for transmission. In a hyperconnected world, especially with unimaginable amounts of information being fed into the network, false information with rapid dissemination mechanisms can have dramatic consequences. Therefore, Facebook and Twitter have far more consequential relevance in this new world than traditional communication media, such as newspapers and TV.
In such a world, personal and corporate brands, and messaging, can shape people’s beliefs about reality. Once an affiliation with a brand is established, that brand can shape reality through messaging disseminated rapidly using new forms of communications. Failure of leaders to appreciate and harness the power of new forms of communications and develop the strategies, rules, regulations, and even laws that cater to the modern era can have massive implications in determining the winners and losers in the new world order.
The need for executives to think differently and have a digital strategy is acute. Author Joshua Cooper Ramo provides an easy to understand explanation of the new world, along with an analysis of the major epochal shifts we have seen in the past several hundred years.
Personal computers and the network were invented in the United States. In the past, as nations fought for domination of the land, water, air, and space dimensions – since the cost barrier for domination of these dimensions were extremely steep – the economic might of the United States allowed it to quickly overwhelm other nations in these dimensions.
However, global hyperconnectivity has created a completely new dimension, and the cost barrier for entry into this dimension is very low. In addition, the United States has done very little to restrict global open access into its systems. Readily available, low-cost access to technology has democratized the power of communications, influence, and even warfare into the hands of individuals. Therefore, a small band of malicious actors can cause massive damage on a global scale. Most often, their acts are not even regarded as acts of war. While international treaties related to conventional or even nuclear and chemical weapons exist, such treaties related to cyberweapons are non-existent.
In the past, in order to influence political outcomes in foreign countries or expand global power, nations had to fight wars, conduct espionage, and even resort to assassinations. Now, such actions can take a different form. Character assassinations through negative ads (frequently with no basis in fact), and false stories as well as pictures and videos are just as effective as actual assassinations – sometimes more so.
Information war and cyberwarfare are also incredibly cheap. Since laws and international agreements in these new areas are non-existent, foreign nations can influence political outcomes in countries as powerful as the United States or France without even being accused of warfare or crime. They do not have to use bombs to blow up communication systems, roads, or bridges; they can target networks controlling information media, or the networks controlling the national critical infrastructure, and exact far more consequential damage without the expense, stigma, or loss of lives created by conventional warfare.
Large swaths of people and even politicians and governments do not even view such actions as acts of war. Clouded by the thinking of the past, they use mild terms, such as “meddling” or “interference.” Even the active participation of a political campaign to support or benefit from foreign acts of cyberwarfare is viewed mildly and accepted by many as “opposition research.” If the same actions had taken place in a different dimension, such as a land attack, a sea attack, or an air attack, the language used would have been completely different.
Information-based decision-making at both the personal and organizational level is no longer possible using decision-making models of the past. Most of these models are not capable of differentiating between true and fake information. Decisions based on fake information will be seriously flawed.
Whether we call it The Seventh Sense or a new industrial revolution, or a completely new epoch, the old world is gone – and will never return. Executives who recognize, embrace, adapt, and rapidly develop a strategy to address this new world will leap ahead in the future power structure of this new world order. Joshua Cooper Ramo’s book The Seventh Sense: Power, Fortune, and Survival in the Age of Networks is a Cybersecurity Canon nominee for providing us a succinct and convincing analysis of a new world order that we all must understand in order to survive and thrive in it.
[Palo Alto Networks Research Center]