How Cognition Became a Weapon: The Trust Conundrum
How Cognition Became a Weapon: The Trust Conundrum
In the world in which we live and breathe, “trust” is developed over repeated interactions between parties with whom a relationship has been built. In the world of the Internet, trust is established much more quickly and subconsciously based on cognitive queues of similarity or credibility that are not always reliable. This apparent conflict of trust paradigm is the Trust Conundrum. The trust conundrum weakness has become the preferred and most successfully executed attack posture for hackers to exploit due to the relative ease of creating trust in the Internet. Cognitive hacks, or also known as; phishing, social engineering or by other names is the biggest threat in cybersecurity as the level of sophistication and variants of these attacks evolve.
Trust in the Internet is not a new or novel topic for those who have followed these trends over many years. In 2003, the University of Pennsylvania’s Lions Center was created to study cyber security, information privacy and trust.  The center was established in 2003 to serve three main purposes: (a) conduct research to detect and remove threats of information misuse to the human society: mitigate risk, reduce uncertainty, and enhance predictability and trust; (b) produce leading scholars in interdisciplinary cyber-security research; and (c) become a national leader in information assurance education. In the same year, the University of Oxford’s Oxford Internet Institute produced a research report titled, “Trust in the Internet: The Social Dynamics of an Experience Technology”. Today’s headlines would suggest that we have much more to learn about trust in the Internet.
After reviewing a variety of studies on the topic of trust in the Internet the general findings conclude that we have a healthy level of skepticism while conducting business in the Internet due to the perceived risks yet we trust the Internet to conduct an ever-expanding list of services. The studies suggest that our use and behavior on the Internet is driven by trust. Generally speaking, the more we use the Internet the more trust we have, a concept called cybertrust. Conversely, we trust (“net confidence”) the Internet more as our use increases exposing us to more threats (“net risks”). This conundrum is partly the reason why cyber attacks continue to grow unabated and demonstrate a huge and growing gap not fully addressed by either cyber security professionals, technology frameworks and standards or policies and procedures designed to mitigate these risks. These studies are dated and much more research on the topic of trust in the Internet is still needed but the initial research provides some insight into the root cause of the problem.
The tension between developing net confidence and the threat of net risks will not be solved in this article. The observation however is that consumer behaviors on the Internet are beginning to change. In a more recent survey posted on the blog of the website of the National Telecommunications & Information Administration (NTIA) for the U.S. Department of Commerce noted, “NTIA’s analysis of recent data shows that Americans are increasingly concerned about online security and privacy at a time when data breaches, cybersecurity incidents, and controversies over the privacy of online services have become more prominent. These concerns are prompting some Americans to limit their online activity, according to data collected for NTIA in July 2015 by the U.S. Census Bureau. This survey included several privacy and security questions, which were asked of more than 41,000 households that reported having at least one Internet user.”
The implications of these and other research suggests that if nothing is done the growth and huge economic benefits of ecommerce may be curtailed over time as “trust” diminishes as a result of increasing threats in cyberspace. The NTIA’s July 2015 survey found, “Nineteen percent of Internet-using households—representing nearly 19 million households—reported that they had been affected by an online security breach, identity theft, or similar malicious activity during the 12 months prior.”
While most organizations have been primarily concerned with developing a defensive posture for internal security of customer data it is becoming increasingly clear that the development of trust will become a critical factor in the expansion of services and uses of the Internet by the government, business and the providers of new technology. Therefore, we are at the beginnings of a crossroads where innovation, growth and security may depend as much on developing trust in the Internet as it does on the features and benefits of products and services provided by the Internet. There are few easy solutions to this problem as demonstrated by the hacking of the DNC and the growth of breaches more broadly. However, given the lack of progress made since the early research into the issue of trust demonstrates that a more comprehensive approach is needed. Joint ventures from academia, industry, government and the military and law enforcement must be forged to address these issues of privacy, security and the open Internet. The window of opportunity may be closing.