What Can (Real) Pirates Teach Us About Cybersecurity?

What's to come?
Jan. 1 2014 11:45 PM

Shiver My Interwebs

What can (real) pirates teach us about cybersecurity?

Treasure Island book cover illustration, 1911
Treasure Island book cover illustration, 1911

Illustration by N.C. Wyeth

This piece is excerpted from Cybersecurity and Cyberwar: What Everyone Needs to Know, by Peter W. Singer and Allan Friedman, published by Oxford University Press.

In 1522, three Spanish galleons left Havana, Cuba, on their way to Seville, Spain. Loaded onto the ships were literally tons of gold, emeralds, jade, and pearls, all the riches of the Aztec empire gathered into one massive shipment. Hernando Cortés has just conquered Mexico and was sending its treasure as a tribute back to his king, Charles V. But once the fleet set out on its long journey, five more ships appeared on the horizon. The lumbering treasure-laden ships couldn’t escape. A short fight ensued, and the Spanish lost to a squadron led by a French captain named Jean Fleury. By stealing the Aztec gold, Fleury had pulled the ultimate score. The episode would inspire generations to come and launch what is known as the “Golden Age of Piracy,” a period romanticized in books like Treasure Island and movies like Pirates of the Caribbean.

In centuries past, the sea was a primary domain of commerce and communication over which no one actor could claim complete control, much like the Internet today. While most just used the sea for normal commerce and communication, there were also those who engaged in bad deeds, again much like the Internet today. They varied widely, from individual pirates to state militaries with a global presence. In between were state-sanctioned pirates, known as privateers. Parallel to today’s “patriotic hackers” (or the private contractors working for government agencies like the National Security Agency or Cyber Command), privateers were not formally part of the state but licensed to act on its behalf. They were used both to augment traditional military forces and to add challenges of identification (attribution in cyber parlance) for those defending far-flung maritime assets.

Advertisement

These pirates and privateers would engage in various activities with cyber equivalents, from theft and hijacking, to blockades of trade (akin to a “denial of service”), to actual assaults on economic infrastructure and military assets. During the War of 1812, for example, the American privateer fleet numbered more than 517 ships—compared to the U.S. Navy’s 23. Even though the British conquered and burned the American capital city, the private American fleet caused such damage to the British economy that they compelled negotiations. As in cyberspace today, one of the biggest challenges for major powers was that an attacker could quickly shift identity and locale, changing its flags and often taking advantage of third-party harbors with loose local laws.

Maritime piracy is still with us, but it’s confined off the shores of failed states like Somalia and occurs on a miniscule scale compared to its golden age. (Only 0.01 percent of global shipping is taken by modern-day pirates.) Privateering, the parallel to the most egregious attacks we have seen in the cyber realm, is completely taboo. Privateers may have helped the U.S. against the British in the War of 1812, but by the time the American Civil War started in 1861,

President Lincoln not only refused to recruit plunderers-for-hire but also blasted the Confederates as immoral for opting to employ them.

131230_FT_CybersecurityCOVER

The way this change came about provides an instructive parallel to explore for cybersecurity today. Much like the sea, cyberspace can be thought of as an ecosystem of actors with specific interests and capacities. Responsibility and accountability are not natural market outcomes, but incentives and frameworks can be created either to enable bad behavior or to support the greater public order.

To clamp down on piracy and privateering at sea, it took a two-pronged approach that went beyond just shoring up defenses or threatening massive attack (which are too often talked about in cybersecurity as the only options, again making false comparisons to the worst thinking of the Cold War). The first strategy was to go after the underlying havens, markets, and structures that put the profits into the practice and greased the wheels of bad behavior. Major markets for trading pirate booty were disrupted and shut down; pirate-friendly cities like Port Royal, Jamaica, were brought under heel, and blockades were launched on the potentates that harbored the corsairs of the southern Mediterranean and Southeast Asia.

TODAY IN SLATE

Medical Examiner

Here’s Where We Stand With Ebola

Even experienced international disaster responders are shocked at how bad it’s gotten.

Why Are Lighter-Skinned Latinos and Asians More Likely to Vote Republican?

A Woman Who Escaped the Extreme Babymaking Christian Fundamentalism of Quiverfull

The XX Factor
Sept. 22 2014 12:29 PM A Woman Who Escaped the Extreme Babymaking Christian Fundamentalism of Quiverfull

Subprime Loans Are Back

And believe it or not, that’s a good thing.

It Is Very Stupid to Compare Hope Solo to Ray Rice

Building a Better Workplace

In Defense of HR

Startups and small businesses shouldn’t skip over a human resources department.

How Ted Cruz and Scott Brown Misunderstand What It Means to Be an American Citizen

Divestment Is Fine but Mostly Symbolic. There’s a Better Way for Universities to Fight Climate Change.

  News & Politics
Politics
Sept. 22 2014 6:30 PM What Does It Mean to Be an American? Ted Cruz and Scott Brown think it’s about ideology. It’s really about culture.
  Business
Moneybox
Sept. 22 2014 5:38 PM Apple Won't Shut Down Beats Music After All (But Will Probably Rename It)
  Life
Dear Prudence
Sept. 23 2014 6:00 AM Naked and Afraid Prudie offers advice on whether a young boy should sleep in the same room with his nude grandfather.
  Double X
The XX Factor
Sept. 22 2014 7:43 PM Emma Watson Threatened With Nude Photo Leak for Speaking Out About Women's Equality
  Slate Plus
Slate Plus
Sept. 22 2014 1:52 PM Tell Us What You Think About Slate Plus Help us improve our new membership program.
  Arts
Brow Beat
Sept. 23 2014 8:46 AM How Men Talk About Relationships in Rom-Coms: While Playing Sports
  Technology
Future Tense
Sept. 22 2014 6:27 PM Should We All Be Learning How to Type in Virtual Reality?
  Health & Science
Bad Astronomy
Sept. 23 2014 7:00 AM I Stand with Emma Watson
  Sports
Sports Nut
Sept. 18 2014 11:42 AM Grandmaster Clash One of the most amazing feats in chess history just happened, and no one noticed.