by Valerie Lopez of PRLinks for FIRST
Wednesday, June 14th, 2017
Florian Egloff is a Clarendon Scholar, a D. Phil (PhD) Candidate in Cyber Security at the Centre for Doctoral Training in Cyber Security at the University of Oxford, and a Research Affiliate at the Cyber Studies Programme at Oxford University's Department of Politics and International Relations. He is currently working on his thesis entitled 'Cybersecurity and non-state actors: a historical analogy with mercantile companies, privateers, and pirates.' That was precisely the topic of the Keynote speech Egloff delivered on FIRST Conference’s third day. In his lecture “Cybersecurity and the Age of Privateering,” he drew a historical analogy between the pirates and privateers of the 17th Century and the cybersecurity landscape of today. He added that the topic is highly debated within the information security industry and hoped that international colleagues can participate in this conversation and contribute solutions.
To begin the analysis, Egloff noted that no great power dominates the current cybersecurity landscape the way that the English Navy did back in the 19th Century. Rather, when thinking about the analogy to pirates and privateers, one has to go back much earlier.
Egloff stated that privateers were privately “owned vessels that operated against an enemy with license or commission of the government in times of war.” In the sixteenth century, privateering were seen as a form of protection, a source of income, and a national strength. But it also had some risks. Privateers competed for skills, were hard to control, and seen as unreliable. It also corrupted public officials. Truth was, privateering in those days was seen as more profitable than the Navy itself. Many sailors at the time turned to privateering because they could acquire more income and better food. Many of them would eventually become pirates and that added a risk of danger.
Piracy began to flourish, with governments backing pirates. At the time Spain and Portugal had control of North and South America respectively. The French and English were also seeking power and greater access to sea lanes. Spain and France, in particular, sought protection against the English, which often engaged in piracy.
Egloff mentioned the story of Captain William Kidd as an example of how pirates were used by companies to advance their market opportunities. He was a Scottish sailor who was hanged for piracy.
“In those days, there wasn’t a clear definition of what was considered piracy in the high seas,” explained Egloff. “There needed to be a clear definition of what constituted piracy, what was legal and what was not.”
Privateering continued until the mid-19th Century, when it was outlawed by the Paris Declaration Respecting Maritime Law in 1856.
A similar landscape can be applied to modern cybersecurity, said Egloff. Like privateering in earlier centuries, no great power controls cybersecurity, nor is there a clearly defined consensus of what it should be.
Egloff compared the privateers of yesteryear to hackers and cybercriminals of modern times, while he compared the merchant companies of that time with current technology champions such as Google. He also noted organizations such as the Russia Business Network (RBN) as modern-day pirates, while cyber armies and intelligence agencies are the current naval forces.
As cybersecurity becomes more complex and crucial to modern society, Egloff pointed out that “the collaboration between cybersecurity companies and governments is still a matter of potential debate and it’s still being fought.”
In conclusion, Egloff stated that “actors present in cybersecurity with regard to the proximity to the state resemble the actors present in naval warfare in the 16th and 17th centuries.” He added that the militarization of cyberspace is similar to when some states transitioned from using privateers to relying on professional navies in the late 16th century. Egloff also noted that the push against privateering goes back to “unintended consequences of state-sponsored and state-tolerated non-state violence,” adding that when it comes to cybersecurity, “those unintended consequences may increase over time.”