Surviving the Cyber/Location Nexus

Original published in CSO Online

When the science fiction author William Gibson popularized the term “cyberspace” in the early 1980s, it was a reference to an other-worldly domain, a parallel universe, embedded in a context of networked computing in which people’s real world lives had become inextricably linked. In these intertwined universes, Gibson had envisioned a domain in which nefarious actors could harness the cyber-domain to manipulate, harm and even destroy economic, social, and cultural value that has been either created or stored within cyberspace.

Surely, in some important respects, we have seen Gibson’s vision come to pass. Our society’s dependence on cyber-infrastructure, and the extent to which every-day people have become beings embedded in (and reliant on) networked computing and communication, has raised the issue of cyber-security to a Presidential priority. In the first several months of the Obama Administration, we have seen the Leader of the Free World make a top priority of the need to protect what Gibson, some 30 years ago, presciently painted as dominant threads in the fabric of our civilization’s future.

Gibson’s story operates at what I like to call the cyber/location nexus. He artfully wove several location-enabled story lines together, which not only emphasized the extent to which his original vision of the cyber-domain has come to pass, but which also shined a light on how real world location can be the anchor for cyber content and cyber experiences. In the reverse, Gibson also showed how events in the real world, through location-enabled technologies, can be tracked and monitored in cyber-space. This melding of the two worlds, that of the cyber domain and the real world (where geospatial location matters), not only made for great science fiction and great intrigue, but it also marked an historic inflection point at which the cyber domain and the real, geospatial world were understood to converge in popular culture.

The Dual Revolutions Fueling the Nexus

While Gibson is a recent arrival to the cyber/location nexus, the geospatial revolution actually began just when the cyber revolution began. The Cold War (and its corollaries found in the Space Race, Keyhole satellite reconnaissance, and nuclear command and control) was the impetus for massive investment by the U.S. Department of Defense (DoD) and Intelligence Community in large scale waves of technology, two of which can be thought of as the Cyber Revolution and the Geospatial Revolution. While these dual revolutions are each complex and involved stories of families of complementary and intersecting technologies, it is instructive to examine the investments in ARPANet and in the Global Positioning System by the US defense and intelligence community.

In the wake of Sputnik, the DoD founded in the Advanced Research Projects Agency (ARPA) in 1958, to ensure American military technological dominance. One of ARPA’s early projects was ARPANet, an experiment in computer networking and communications that had the promise of providing resilient nuclear command and control. Google’s Chief Internet Evangelist, Vint Cerf was the ARPANet program manager and responsible for both the 32bit IPV4 namespace (192.168.0.1 anyone?) and the TCP/IP protocol that are at the core of today’s cyber infrastructure. In important ways, Cerf was Gibson’s muse. ARPANet planted a seed which has grown into the global cyber infrastructure that permeates modern life. During that period of growth, the imaginations of some of the world’s brightest minds were captured by the template that Cerf and his team created and by the future patterns of life that Gibson saw Cerf’s template enabling. This has led to four decades of innovation that have fundamentally reshaped modern life, and their fruits have become so essential to everyday people and the basic institutions of civilization that the defense of this cyber infrastructure has become a top priority of the President of the United States. The Cyber Revolution was played out in a very public manner, with all of Western Society watching with great anticipation.

Every revolution is different. It is helpful to view the Geospatial Revolution through the lens of the U.S. Global Positioning System, the space-based “position and timing” solution was designed and deployed by the U.S. defense and intelligence community. GPS was conceived to underpin a wide array of American Cold War capabilities including precision geopositioning for Keyhole spy satellite imagery, precision munitions, satellite positioning, missile guidance, and military navigation. GPS served as a “secret sauce” for so many Cold War capabilities, because location matters acutely in matters of national security.

What is important to grasp, but which is commonly misunderstand, is that a GPS receiver does not tell you where you are. The receiver derives your location from information that is streamed by a constellation of 24 satellites which derive their own location from atomic clocks and a whole lot of math based on Einstein’s General Theory of Relativity. So, it is a broad complex of “position and timing,” communications, and computing technologies that let you figure out your location, let alone broadcast your position to the world. Just imagine the complex of technology, and all the graduate level mathematics, required to understand the position and orientation of a spy satellite and the physics of its sensor so that an intelligence analyst could derive where exactly on the face of the earth a particular bad guy is located, when she identifies the bad guy’s vehicle in a satellite image.

But what was once impossibly complex national security technology rapidly, though stealthfully, became the underpinning of everyday life. After the USSR shot down a commercial airliner which strayed into prohibited airspace, President Reagan issued a directive making GPS freely available for civilian use. Today, as everyone knows, location permeates modern life with GPS-enabled phones, cars, personal navigation devices, cameras, and sensors of all kinds.

The Geospatial Revolution, compared to the Cyber Revolution, was relatively quiet. GPS was designed for use in the US national security community, and only slowly made its way out. Certainly geospatial technologies of all kinds had been around, supporting a relatively small community of geospatial specialists. One can Google the professions of photogrammetry, geodesy, remote sensing, and GIS to see that digital mapping and geospatial technologies have a long and rich history. But, it is a relatively recent that everyday life has been transformed by location- or geo-enablement. And, this is due to the extensive, and increasing embeddedness of GPS in everything. The GPS constellation has become a public utility, and GPS chips have become commodities that designers are increasingly apt to add to everything by default.

Two Revolutions Walk Into a Bar…

If we reduce the Cyber Revolution to the ubiquitous IP-enablement that has seized the modern world, and if we reduce the Geospatial Revolution to the eponymous PBS documentary’s quip “the location of anything is quickly becoming everything,” we are then left to ponder the impact of these revolutions combining forces. Because, indeed, these dual trends of IP- and Geo-enablement are colliding. It seems that everything will eventually be IP-enabled, bringing the inexorable logic of the Cerf/Gibson paradigm to a near fusion of the cyber and physical world. But, it is the fact that all of these cyber- or IP-enabled things will also be location- or geo-enabled that will complete this fusion. These two revolutions are unwittingly combining forces because cyber-connectivity and location-awareness independently have functional value to us in national defense, business, life and love. This obvious value has necessitated both public and private investment of epic proportions. Yet, as these dual trends converge to a nexus, something new is happening.

In Spook Country, Gibson introduced the notion of locative art (also known as locative media)—think of large modern art installations that are conceived and crafted in virtual space and projected onto the real world terrain, oriented and anchored by GPS, but only viewable through a special set of GPS-enabled goggles. Imagine something so culturally rich, which could be hacked and either defaced or destroyed, and the value that would be lost to a particular geography (e.g., a property, community, etc.), if only to the people jacked into cyber-space through those location-enabled goggles.

While not as literary, the vulnerabilities that exist at the cyber/location nexus are much more disturbing as they reach out to us in the real world—the world in which our corporeal bodies live, and love, and die. One can think of all of these IP- and Geo-enabled devices as sensors, each capable of making some sort of observation over some part of the Earth, and perhaps attached to some sort of control point or process. This might be as trivial as an IP-webcam which has a GPS-derived location, and a gyro divining the pitch, yaw, roll and angle of view that together characterize a very specific, and geospatially precise chunk of the Earth. Or networked thermostats installed across a corporate campus, marshalling HVAC resources to various locations based on the occupant’s designated settings. It could be network accessible imagery satellites, Predator UAVs, physical security access controls, stream gauges, traffic monitors, ocean buoys, automobiles, Supervisory Control And Data Acquisition (SCADA) systems, asset management systems, or mobile computing devices. Yes, it could be your Blackberry or iPhone. As IP- and Geo-enablement proliferate, this list simply gets longer. As they are IP-enabled, each one becomes vulnerable to hacking. But, when they are also location- or Geo-enabled, they become susceptible to “space-time hacking”.
The Dawn of “Space-Time Hacking”

Many everyday users of the World Wide Web have stumbled across a website capable of taking their IP address and telling them the city they live in. So, to some extent, it has seeped into the popular consciousness that one could locate an individual based on their unique address. But, until now, this mapping of the cyber to the physical world has been of little consequence unless you are worried about stalkers or law enforcement. The worst consequence a hacker could met out is the loss of your data, the unresurrectable death of your computer, the theft of your identity or the denial of a cyber-space service that you depend on. While admittedly these are consequences that one would vigilantly seek to avoid, the threats at the cyber/location nexus make these look mild.

Lets look at the world once it sets firmly at the cyber/location nexus—from the perspective of a nefarious actor. The cyber domain will have evolved into a medium through which bad actors can reach every IP-enabled resource (which at this point would be virtually everything that matters) within any particular geography, with precision geopositioning, and choose to either exploit, manipulate or destroy each individual or class of resource. Such foes will in effect have the ability to harness the functional power of this convergence, the convergence of IP- and Geo-enablement, against anyone at a time and place of their choosing.

Just imagine being able to exfiltrate, undermine, alter or end all networked computing within any arbitrarily small or large geography, at any moment in time, for any period of time, particularly during moments at which vital interests are at stake. In a national security context, one might term this “denial of mission.” But with such a rich context to hack, imaginations could reel in the definition of a nomenclature for all of the opprobrious acts bad actors could then perpetrate against commercial and non-commercial activities in the private sphere.
In essence, the cyber/location nexus serves as a comprehensive, geospatially-enabled “reverse-lookup” targeting infrastructure that allows an asymmetric adversary to quickly marshall all IP endpoints (which are all cyber vulnerabilities), fixed and increasingly mobile, within any arbitrary geography at any moment in time. Along with these endpoints, the adversary will be able to quickly gather sufficient information about these assets to categorize and prioritize them within an Order of Battle specially designed for his particular purposes. It will not just be a brute force denial of mission. It will allow for scalpel-like sophistication in the attacks.

At the nexus, one can easily imagine a hacker denying mobile communications to response personnel within a geography before shutting down a mission- or business-critical facility by toying with its HVAC and setting off its alarm system, shutting down the traffic signals on some key chokepoint intersections, complicating the personnel evacuation, all while monitoring the manufactured event over his target’s surveillance cameras, while streaming spoofed camera footage to the target’s security forces, in order to maximize the casualties that might arise from a remotely controlled chemical attack in that exact location. It doesn’t take much effort to imagine something much worse.

Widening the Cyber Aperture

Clearly, in this day and age, cyber security should be a major priority of an American President. The recent White House 60 day cyber security review, while a good start, has not envisioned the world as it will be when the cyber/location nexus comes to full fruition. The Gibson/Cerf paradigm has now evolved to encompass the cyber/location nexus, and as their complimentary worldviews have done in the past, they will inspire a new wave of innovation that public policy can only hope to keep up with. It will also inspire a new wave of villainy. In this context, it is important that the President adopt a strategy in tune with the ways in which the cyber domain will serve as a pathway by which our adversaries will be empowered to fight a war, or just cause a whole world of hurt, at a time and place of their choosing.

Leave a Reply

Your email address will not be published. Required fields are marked *