The Internet is more a story of chips and hardware than it is about social media, search engines and algorithms. Fundamental shifts in socio-technical landscapes of the Internet can be traced back to a few technologies that intersect both military and civilian domains, like how specific chips to utilize and amplify the microwave frequencies in 300 MHz-300 GHz band created the converged Internet of today. Arguably the most influential tipping point has been the development and proliferation of the Gallium Arsenide Microwave Monolithic Integrated Circuit (GaAs MMIC).1 Like most things associated with the foundational architecture of Internet, the history of GaAs MMIC is also rooted in the imperatives of defence doctrines and the Cold War race of countries to achieve mastery over strategic technologies.
The Cold War is filled with fascinating side stories of the constant battle for dominance between western engineers and their Soviet counterparts. One such story involved the tug-of-war to deliver the longest ranging multimode radars for Beyond Visual Range (BVR) aerial combat. The Soviets took an early lead in the 1960s by developing the massive RP-25 Smerch2 for the interceptor MiG-25 (NATO codename: Foxbat). The radar earned a well deserved reputation for 'burning' through any western electronic counter measures of the day. By early 1970s the American AN/AWG-9 radar, originally developed for the navalized F-111B, and the F-15A's APG-63 radar had neutralized the Soviet advantage. The Russians promptly snatched it back in the early 1980s with the N007 Zaslon developed specifically for the MiG-31 (Nato codename: Foxhound), a fighter-interceptor that has its own fascinating back story of intrigue, secrecy and defection.3
It is within this historical context that the development of the GaAs MMIC for the United States Department of Defence (DoD) has to be located. Gallium Arsenide, unlike silicon, is a difficult material to work with for the manufacture of integrated circuits and chips, but the Americans, and subsequently the Europeans, achieved a rare mastery over it. GaAs MMIC are particularly useful at ultra-high radio frequencies, fast electronic switching and weak signal amplification applications. They do all this while generating less noise than most other types of semiconductor components. Militarily, it gave the West a qualitative edge over its competitors by having almost a decade's lead over the technologies, like the Gallium Nitride (GaN) High Electron Mobility Transistor (HEMT) for X-band, associated with Active Electronically Scanned Array (AESA) radar.
But it was the imperatives of the civilian communications market that literally forced open the cloistered club of niche microwave technologies of GaAs MMIC and GaNchips. All modern communication is based on microwave technologies, and the post-1980s generational maturation of cellular phone technologies and the subsequent commonalities between cellular communication, Internet, especially wireless fidelity (Wi-Fi), and digital access devices necessitated the mass production of these chips. Ironically, the availability of Twitter and Facebook on mobile phones can directly be linked to this rivalry between the American and Soviet military establishments. As a side note, the Chinese and Indian scientific community also owe much of their success in developing civilian and defence communication capabilities to the 'democratization' of chips brought about by market forces.
Some of the most critical technical advances in integrated circuits may not have taken place at all had it not been for the Advanced Research Projects Agency Network (ARPANET), the world's first operational packet switching network and the progenitor of what is currently known as the Internet. The network was initially funded by the Advanced Research Projects Agency (ARPA, later DARPA)4 within the US Department of Defence (DoD) for use by its projects at universities and research laboratories. The packet switching of the ARPANET was based on designs by British scientists Donald Davies and Lawrence Roberts of the Lincoln Laboratory.5
Packet switching is the crux of all modern communications, with protocols and security systems having evolved around it. If not for the concept of packet switching, William Crowther, who is best known as the father of gaming and co-creator of the Colossal Cave Adventure, would not have been able to work on implementing a distributed distance vector routing system for ARPANET. Without routing, there would have been no protocols (IPv4 and IPv6) for Internet, no concept of data transmission (bits and bytes), interoperable standards, databases, encryption and security: in short the entire primary and support ecosystems of cyberspace.
The foundations of these ecosystems are literally made up of trillions of chips. It is easy to underestimate the power of a chip, but consider this: a birthday card that plays a tune when opened has a chip that has more computing power than all of the Allied and Axis powers had in 1945.6 An average smart phone has more computing muscle (a chip) in it than the NASA mission that put men on the moon in 1969; the power (a chip again) inside a Rs 15,000 play station is more than the 10 million dollar American supercomputer Cray XMP 24 of the 1990s that was used by the military establishment to design nuclear weapons.
To round off the story of the GaAs MMIC, the Global Positioning System (GPS),7 or any of its equivalents like the Russian Glosnass or the Chinese BeiDou, and the less-than-one-metre resolution satellite imagery commercially and freely available in Google applications would not have been possible without that particular chip. With chips getting faster, cheaper and smaller all the time, and getting embedded in the unlikeliest of inanimate and animate objects (from plastic cards, furniture, cars to birds, apes and human beings) lies the invisible circularity and interconnectedness of cyberspace. It is this same ecosystem that allows China to develop an open architecture JF-178 fighter plane in less than a decade with a million lines of code, transistors and chips freely available in the open market, just as it enables a Micromax to compete with proprietary systems like Apple and Samsung.
Yet the Internet cannot be defined as a singular entity. It is at best an amalgamation of historical and contemporary technological developments and equally, an ever-expanding and mutating landscape of articulations. Conventional frameworks of analyses focus exclusively on the articulatory frameworks, the social media for instance, and visible technological changes such as the convergence of computer and mobile phones.
In maintaining such a focus, the underlying, and by definition invisible, foundational interconnectedness of technologies, hardware and software, like the microwave frequencies, amplification algorithms and GaAs MMIC chips that link each visible technological development and mode of articulation, is either marginalized or completely ignored. Such frameworks create a self-perpetuating and reductive understanding of the Internet as a random and serendipitous territory of mutating articulatory coagulations. The underlying forces of production - real, concrete and physical - which should ideally and exclusively be defined as the cyberspace, a term that has ironically come to mean everything ephemeral, is either marginalized or amalgamated with the multiplicities of articulatory frameworks. The concept and praxis of cyber security is a particular victim of the specific narratives that emerge out of this reductive understanding.
There are three quixotic paradigms of cyber security. The first looks at cyber security as simply an issue of protection of specific digital devices against a malware or a virus. The second, which has two sides to it, either sees in cyber security a conspiratorial state-corporate elite meta-strategy, a sort of a hegemonic imperative of global market forces, to take control of society and polity, or conceives it as a necessary prerequisite of national security of an emerging techno-global order. The third, of social construction of digital technology, while rightly identifying the human foundations of technology and focusing on the socio-technical relational dynamics of daily life, ends up conceptualizing cyber security as an institutional domain/concern better addressed by the state and market. These paradigms are derived from a larger body of academic and non-academic writing on technology.
In writings dealing with the socio-technical landscapes of daily life, the relational dynamics between digital technology and its multitude of spaces are conceptualized within frameworks architected by three dominant perspectives. None of these perspectives deal with the concept and praxis of cyber security as an integral component of daily life. The first perspective of substitution of human territoriality and place-based dynamics of life by digital technologies is derived from the spatial and territorial metaphors9 used to visualize the abstract flow of electronic signals that are coded as information, representation and exchange.
The inherent technological determinism in the frameworks anchored to this perspective leads to narratives and discourses about the apparent inevitability10 of technology and progress. Conceptually, technology is seen to acquire an agency of its own that is independent of the social relationships of power of daily life.11 In such frameworks, digital technology is conceived and measured as a value neutral additive that has an impact where 'time becomes instantaneous and space becomes unnecessary'.12 Derived from these logical constructs of time-space compression is the narrative of transmission and transference of space where values, cultures, economies and entire human societies are seen to migrate into electronic spaces and seep into other lived spaces. As a corollary, security of the cyberspace is seen in personal territorial terms of 'hacking, computer protection, anti-virus software, bugs, fixes and patches.'
Nicholas Negroponte, Chairman Emeritus of the Massachusetts Institute of Technology (MIT) Media Lab, sums up the substitution and transference perspective best: 'Digital living will include less and less dependence upon being in a specific place at a specific time, and the transmission of place itself will start to become possible. If I could really look out the electronic window of my living room in Boston and see the Alps, hear the cowbells, and smell the (digital) manure in summer, in a way I am very much in Switzerland.'13
The second perspective of simultaneous processes of evolution informing the relational dynamics of digital technology, human territoriality and space recognizes that the social production of material and digital spaces are inextricably linked.14 The frameworks derived from this perspective suggest that these linked interactions are creating a complex set of articulation, engagement, contestation and negotiation that are constructing hybridized cultural representations which are co-located in material and digital spaces. The co-location enables the experiences of 'de-realization and de-localization' while allowing users to continue having 'physical and localized existences'.15
This perspective by questioning the universalizing logic of virtual reality extends its reach to create a framework for the conceptualization of real virtuality where processes of the material productions of space 'tap into digitally available resources of the world to enrich reality in real places'.16 This 'culture of real virtuality'17 is experienced through new and integrated digital systems that capture lived reality, virtualize them by embedding an ordered logic and communicate them, creating an experience that is simultaneously real and digital.
Such co-located processes embody 'complex global-local articulations between space of places and space of flows' and digital 'ordering of the urban'.18 At a fundamental level, then, global circulation of money, information, capital and services is seen to require relatively 'fixed' telecommunication infrastructure (e.g., undersea fibre optic cables) and movement of labour and commodities requires relatively 'fixed' transportation infrastructure (e.g., railroads, container services) to link dispersed areas of production, consumption and exchange. Space therefore becomes an entity that needs to be scripted in order to be commanded and controlled in an international scale. Such a perspective constructs the concerns of cyber security in terms of maintaining the 'continuity of information patterns', protection of 'economic systems of globalization' and the creation of an 'emergent scripted daily reality'.
One can actually trace the roots of this perspective to the cultural foundations of modernity that define modern capitalism. The inevitability of development is seen to be executed through the totalizing shifts of a secular technological utopia. Any social or environmental crisis of development, as a corollary of this discourse, is expected to be resolved by the application of technology. Explaining the self-perpetuating nature of the discourse of technological determinism, Hayles writes: 'In a world bespoiled by overdevelopment, overpopulation and time-release environmental poisons, it's comforting to think that physical forms can recover their pristine purity by being reconstituted as informational patterns in a multidimensional computer space.'19
The third perspective takes the concept of co-evolution and co-articulation further to conceive digital technologies and their intermingling with spaces as a relational social construction. Such relational perspectives are broadly located within the actor-network theories20 that emphasize how 'bits and pieces; bodies and machines, and buildings, as well as texts, are associated together in attempts to build order.'21 In this perspective, space, time and agency are never absolute. They are constantly defined and redefined through their relational dynamics. As a consequence, the frameworks that emerge from this perspective consider the virtual and lived space and spatiality created due to the intersecting mediation of digital technologies as 'fragmented, divided and contested'.
Such socio-technical relationships of power link 'local and nonlocal in intimate relational, reciprocal connections.'22 The relational conceptualization of space and time has, in the last decade and half or so, influenced critical thinking on the intermeshing of technology in social geography, urban studies and social anthropology. Such relational frameworks allow for the construction of 'multiple realities'23 and experiential diversity that can be simultaneously anchored to fixed material means and modes of spatial production and mobile nodes of narratives and discourses.
Such a perspective of 'multiple, fragmented and contested' socio-digital realities inadvertently marginalizes or ignores the concept of cyber security by co-locating it within the spaces of contestation. Cyber security, by extension, then becomes one more node of contestation. But cyber security by its very nature requires an integrated meta-narrative of commonality.
There is also another unintended, and arguably larger, reason for the marginalization of cyber security as a valid field of inquiry of social sciences. Theorizations of digital technology predominantly conceptualize it as a flat evolutionary landscape with a quantifiable and chartable linearity. Such unintended structuralism leads to a reductionist understanding of the unique trajectories of specific digital technologies. This results in digitalization inadvertently being configured as an overarching methodological and paradigmatic framework. In such frameworks the marginalized and simplified analytical focus on sociotechnical discontinuities and departures within the landscape of digital technologies leads to an a priori epistemological architecting of digital technology as a monolithic entity.
The landscape of technology is as much a site of articulation, engagement, contestation and negotiation as its social counterpart. When the intersectional relational dynamics between digital technologies and physical and imagined spaces is traced using the methodological framework of a flat pervasive digitalization, only the hybridized representations of the articulations emerging from experiential diversity of multiple realities are prominently captured. But the technological specificities of the construction of particular nodes of intersection and its resultant socio-technical engagement with space and territoriality are marginalized or ignored. Without understanding the unique techno-structural architecture of specific nodes of intersections, the spaces of flows would always get configured with inherent relational asymmetries. As a result, digital technology is often reductively imagined as the worldwide web and its access devices.
The narratives and discourses emanating from such an imagination position themselves within the framework of sense and meaning created by the hybridized representations of technologically mediated cultural practices. Such a strictly manicured understanding is based on an earlier generation of constructed electronic spaces that were anchored in a relationship of coded dependency on the fixedtelecommunications infrastructure for their means and modes of articulation, engagement and negotiation.
The mobility of such electronic spaces was measured through the transference of values, systems, and sometimes even the space itself, to another similarly constructed electronic realm. The mobility was ephemeral in nature, ceasing to exist once the coded structural logic of the dependency was changed. The relational dynamics between these electronic, physical and imagined spaces were configured in terms of virtualization of identities and communities, hybridization of representations derived from it and the impact of such cultural forms on the social landscape.
The relative fixity of a self-perpetuating and dependent set of physical interconnections between code and infrastructure and the limited technical capabilities of access devices architected a framework of constraints that modulated the intensity and power of the digitally mediated perceptual lenses. It was done through a system of exchange and transaction that was essentially based on verbal, written and audio-visual communication. Consequently, for instance, a Usenet evolved into a Facebook, but the essential communicative structure remained the same. A new generation of digital technologies - a suite - has emerged in the last decade that have nuanced and customized degrees of autonomy with the fixedtelecommunications infrastructure.
This staggered autonomy, sometimes bordering on independence, has been configured by five intersecting technologies: infrastructure agnostic coding, rich pixilation display systems, storage, satellite geo-positioning and information and autonomous networked portability. The new suite, while spatially locating itself above the worldwide web, integrates itself selectively with the Internet for transmission, storage and replication. Each specific digital technology of this suite, like the CAD-CAM software, is an independent node by itself, always connected to the larger ecosystem of cyberspace, but not necessarily to the Internet. It also interacts, intersects and integrates with other digital technologies creating relational dynamics that construct an emergent scripted logic that define a perceptual reality of the social landscape.
Architected through continuous, simultaneous and seemingly autonomous processes of visual distance and visual granularity, it captures specific aspects of a multivocal social reality, segregates them into discrete units and stores and strings them together in an emergent asocial configuration that redefines notions of space, spatiality and territoriality in singular terms.
Consequently, for instance, a physical land use map of a city mediated throughscripted layers of satellite images, street views and earth cams integrates a simultaneous distant, granular and segregated view. This reconstitutes the relational dynamics between physical and imagined spatiality and territoriality, creating an imaginary of an urbanity that is seen to be constituted by interchangeable and transformable Lego-like urban parts, an emergent artificial-asocial intelligence similar to the ones constructed by the electronic brains of networked military unmanned combat vehicles.
This scripted perceptual framework, over a period of time, informs the narratives, discourses and imaginaries of the institutions of state, market and civil society into one of configurable spaces. This leads to a set of articulations that augments processes of asocial spatiality, while creating new modes of social inclusion and exclusion. Existing asymmetries are also reconfigured, amplified and accentuated.
This emergent digitalization is fundamentally different from the earlier forms of digitalization in the manner in which it intersects and integrates with existing social relationships of power, shaping discourses that transcend institutional and non-institutional underpinnings. Such self-perpetuating autonomous discourses come together in a seemingly serendipitous manner creating an emergent intelligence24 that is as ephemeral as it is lasting, as also acutely highlighting a need to paradigmatically mainstream cyber security as a subject of social enquiry.
Several conspiracy theorists believe that the US and Israel formally attacked Iran in June 2010 through the Stuxnet computer worm. There might be some heft to their belief, but it is still circumstantial at best. But if anyone needs a specific marker to advocate a new paradigm for understanding ubiquitous digitalization and the emergent cyber security thereof, the discovery of Stuxnet can be red flagged as thecritical moment. When experts dug deeper to understand it, they found that the worm had a programmable logic controller (PLC) hidden in its root kit. It was a first in any virus or a worm.
A PLC changes the logical and sequencing structure of an infected programme or a machine. As they tumbled further into the hole, as Alice once did in a storybook, they discovered that the worm had a special fondness for the Supervisory Control and Data Acquisition (SCADA) systems of Siemens. These systems control and monitor specific industrial processes. This is where it becomes circumstantial with a number of ifs and buts.
In Iran, these proprietary systems do not run any ordinary industrial processes. They are at the heart of the uranium enrichment infrastructure across six locations in the country. By August, when the hole had been dug deep enough, Symantec found that 60 per cent of the infected computers across the world were in Iran. Kaspersky Lab came to the conclusion that such a sophisticated attack could have been conducted only with a 'nation-state's support'. American and Israeli officials were privately delighted at the disruption of the Iranian nuclear programme.
In the shadowy world of cyber attacks, a buzz did the rounds that Stuxnet was a joint US-Israeli attack called Operation Olympic Games started by former US President George W. Bush and expanded by the current incumbent Barack Obama. The retaliation - whispers claim it is from Iran - was from a virus called Shamoonthat took out the administrative operations of the world's largest oil company Aramco. The Saudi-owned oil company is America's largest supplier. This is a warless war, and it can be speculated that it has not seen its end yet.25
The heart of any Siemens system, from uranium enrichment plants to smart automatic washing machines, is a PLC, as it is for any networked or non-networked system or a gadget that has an embedded artificial intelligence powered by a chip. A Stuxnet, then, can as easily infiltrate any individual's home. By extension, and looking into the future, it can also equally enter a pacemaker and any human embedded enhancement application (read wearable applications) that may emerge. In short, cyber security has to be conceptualized, in the first instance itself, as security of the personal self and bodily space. If cyber security is to be seen as part of the realm of a digitally mediated personal and public space, then there are four major conceptual and practical shifts that need to be negotiated and managed.
First, national security has to be equated with cyber security and then eventually be subsumed within the larger landscape of cyber security. Cyber attacks and cyber warfare are no longer esoteric in nature, confined to digital assets that do not have any direct implications of the socio-economic and cultural foundations of daily life. In fact, the very definition of security has to undergo a change and include the security of digital assets, networks, smart systems and any digitally mediated personal and public space.
Any unauthorized attempt to undermine or compromise a system, device or a daily lived experience based on a digital logic (chip), leading to a denial of service, access to resources or disruption of existential patterns must be defined as a cyber attack. It has to cover a broad range of activities, from a virus or a worm stalling to taking over a single individual's digitally mediated lived/virtual experience to bringing down an entire network, like a power grid or the process infrastructure of an industry.
The concept and practice of cyber security has to take into account the transformation of an analogue society into a digital one. Everything from money, utilities, civic services, financial and social transactions to governance, home security, transportation, entertainment and even one's own identity is now becoming digital. With each step towards digitization, a previously analogue and physical asset turns into a digital one, redefining the concept of security. A digital asset is both physical and amorphous, requiring an integrated system of proactive and reactive systems that is both anticipatory and defensive.
Second, the global governance architecture of cyber security has to take into account that security is as much a part of the larger lived digital experience of daily life as it is about protecting the institutional digital foundations of state, market and civil society. A 2012 report on Windows and Mobile Malware released by the anti-virus firm Quick Heal found social media platforms are the favourite haunts of cyber criminals to plant malware. The report found an increase of over 90 per cent in Windows malware and a massive 170 per cent in its modifications. Interestingly, the report also found that the virus attacks on mobile digital devices increased by 30 per cent, with a concomitant 80 per cent increase in its modifications.
The cyber security challenges are not only granular, statal and global, but are also multidimensionally intermeshed. For instance, security firm McAfee in December 2012 released a report that a gang of cyber criminals had developed a sophisticated Trojan capable of siphoning off billions of dollars from banks. Thirty banks in the US were high on the target list. McAfee says the cyber criminals are so organized that they are recruiting other criminals to ensure that the amounts siphoned off from each bank is limited in order not to rouse suspicion. All banks in the US were put on high alert and the US government organized a special team of cybercops to track this case, which continues as of date.
Such simultaneously granular and inter-regional threats not only target individuals, but also systems of global economy and polity. The new and emerging paradigm of cyber security has to understand that such threats to, and within, cyberspace cannot be seen in singular and confining terms of sanitizing specific digital access points. The concept of cyber security has to move beyond specific digital boundaries and engage with larger technologically mediated spaces. In short, cyber security has to necessarily embrace an approach of internationalism, global cooperation, open standards, protocol based systems and of digitally mediated ecosystems, rather than one of digital devices and nodes.
Third, cyber security has to involve ordinary people as stakeholders. It has to move beyond the current confined landscape of experts, technocrats and digital industry professionals. There has to be a conscious effort to engage with people to understand their mediated digital experiences as part of their daily life. Apart from standard operating procedures for protection of personal and sensitive information, the changing nature of digital transactions and the consequent changing relational social dynamics have to be understood in all their nuances and complexities. For instance, the levels of digital engagement of an average Indian with the ecosystem of a banking correspondent, Aadhaar-linked bank account and direct benefits transfer (DBT) not only reorients the basic character of democracy-state-citizen relationship, but also throws up cyber security challenges that are quite different from the conventional cyber security concerns of malware, viruses and firewall breaches.
The cyber security concerns range from identity theft forms and modes of partnership with private players and institutions and civil society organizations to fundamental questions of a state's responsibility towards it citizens. In involving people as stakeholders in digitally mediated experiences, the emergent concerns of cyber security will require a reorientation of the legal and institutional structures of digital governance at global, regional, national, local and hyper-local levels. Such a reorientation will create the foundation for a new paradigm of cyber security.
Fourth, and finally, cyber security has to be located within a larger global policy push for 'digital by default' approach towards citizen services, governance structure, business of government, commerce, banking systems (including financial inclusion practices) and entertainment. Cyber security is not only national, but is also uniquely global. It requires an international consensus on identifying the foundations of cyberspace and creating a set of protocols for accessing it transparently and securely. The logic of digital is becoming embedded from mobile phones to human beings. The approach to cyber security must look at the future of digitally scripted spaces, where digital information increasingly becomes part of the contemporary built environment.
As expressed by Nigel Thrift, the digital logic is 'extending its fugitive presence through object frames as diverse as cables, formulae, wireless signals, screens, software, artificial fibres and so on.'26 Policy makers have to quickly realise that cyber security is basic and fundamental security.
In this emergent Internet of Things, cyber security faces its greatest challenges and its greatest opportunities. They are both not in the realm of technology or technical possibilities, but more in the area of human imagination and our own ability to foresee the trajectory and scope of ubiquitous digitalization, a task mined with humble pies in the best of circumstances. The future and emergent digitally scripted spaces are going to be at once political, social, cultural, economic, functional, transactional and aesthetic. It will not only intersect with physically lived-in spaces, but in many cases will mutate them by constant interaction, engagement and contestation. Such digital spaces will create their own set of exclusions and inclusions, where one can be logged in or logged out (left out), depending on access/accessibility to digital resources.
The starting point for the new and emergent paradigm of cyber security has to be ubiquitous digitalization. In conceptualizing society as sets of intersected and intermeshed spaces that are digitally mediated, even as they are transformed and mutated, cyber security will find a way to decouple its current tight relationship with the Internet. It is only by renegotiating its almost obsessive focus on the world wide web and Internet that the structure and architecture of cyber security will reorient itself to understand, analyze and accommodate the paradigmatic changes being brought about by ubiquitous digitalization.
By Special Arrangement with : Observer Research Foundation (www.orfonline.org)