Written by 
Remember the thrilling cyberpunk battles with hackers and outlaw console-jockeys? We thought we were going to get black ice, but all we’ve got so far is passwords that have to have a letter and a number in them. Oh, and no security.
Over two decades ago, my then colleague Peter Buck and I wrote an article for the Computer Law and Security Review 8(2), p.74-78 (1992), called “What is Cyberspace” [Ref] [PDF]. The paper, which tried to explain the idea of cyberspace to a lay audience (this was before Netscape, the year zero of the modern age, so most lawyers had never been online) turned out to be rather popular. I like to think that one of the reasons was the conviction that we were exploring the actual future, not a hypothetical future. I can’t remember where the idea of the paper came from, but I do remember that we chose extracts from writing of the brilliant William Gibson to illustrate the concepts rather than trying to paraphrase, and I still get a thrill from reading them now.
That’s king hell ice, Case, black as the grave and slick as glass. Fry your brains as soon as look at you
[From “What is Cyberspace?”]
I loved the idea of the “black ice” then and I love it now. In the Gibson world, Intrusion Countermeasures Electronics (ICE) refers to security programs that protect data form unauthorised access, and black ice is ICE so deadly that it can kill a hacker. Wonderful.
Anyway, I turned on BBC radio at random a few days ago when driving home, only to discover that someone was reading one of my all-time favourite books, William Gibson’s “Burning Chrome”, and the mention of the black ice gave a chill all over again. In the book, “ice” is the security software used by organisations to keep people out, and “black ice” is the ice that is so deadly that if you encounter it in cyberspace it can actually kill you in physical space.
The assumption, I guess, behind our 1992 article was that by now there would be real black ice in place, and that organisations such as banks would be impregnable cyber-fortresses, ruthless capitalist redoubts impervious to teenage console-jockeys and government spying alike. But, in this case, life is far from imitating art.
Last week’s newspapers brought the unsettling news that JP MorganChase’s internal CRM systems were penetrated by unknown attackers, compromising the personal information of 76 million households and 7 million small businesses…
[From Celent Banking Blog » When $250 Million Can’t Buy Cyber-Peace]
JP Morgan’s annual report says that they spend $250 million annually on cybersecurity and will have 1,000 employees focused on it by the end of the year. Quite what they are doing I couldn’t say, but I am sure they are working hard to improve bank security. Meanwhile, Apple has delivered biometrics authentication against a revocable token stored in tamper-resistant hardware. Even William Gibson didn’t see that coming.
