Freedom Fighters (Part 3)

A technofascist regime believes it can coopt the digital infrastructure of a still-emerging technological society and "pivot" it from a model of bottom-up utility to top-down social control. Just as the US administration is now in a struggle with its own Legislature (organs of civic security like courts, judges etc), likewise any systems security is now seen as security against its totalitarian aims.

As CISOs and sysadmins you are no longer fighting against common cybercriminals, rival firms, foreign governments - but against the forces of a government run amok.

Cybersecurity is now a resistance movement. How did we get here so quick?

The leader of the free world underwent an ostensible coup three months ago, and since then has committed economic and political self-cannibalism. Our ally in distress is undergoing political disintegration in which all of its institutions are being dismantled and theirvalues erased. That will eventually include vital assets related to digital tech too. Without its birthplace, the Internet as we have known it for 40 years, is over.

Since December, the first wave of bombardments targeted institutions of humanities, science, technology and knowledge, such as NASA, NOAA, most of the top universities. These attacks sought not only to remove individuals sympathetic to moderation, peace, democracy and human rights, but to erase decades of information. Databases have been scrubbed, research scrapped, and history erased in acts of vandalism. To save decades of valuable data volunteers now create archives, hiding it in distributed filesystems and offline arcs. It's a story reminiscent of Ray Bradbury's Fahrenheit 451. Similarly, volunteers are stepping in to save CVE.

At this point the regime is merely abandoning cyber defence. Those who built the government digital infrastructure now face being fired and watching thier work torn up. Only a fool would not anticipate a move to actively attacking civic cybersecurity.

Many tools developed precisely to counter repressive state power, such as the Interplanetary Filesystem (IPFS) or The Onion Router (Tor) are now saving the day and should be of vital interest to CISOs and those moving to rebuild or preserve civic cyber assets - not as boogeymen and bugbears to be defended against (as you may have been conditioned by propaganda) but - as essential tools of self-preservation and organisation against ideological crusades.

Defensive cybersecurity now requires tools that give formally strong security, not merely unbreakable end-to-end encryption, but data and metadata hiding, tunnelling and overlays, massively distributed systems, zero-trust architectures and so on.

This raises so many questions for the future:

• What does a digital society look like when the government is locked out because it's not trusted? This extends the "splinternet" problem to a finer granularity.
• What does open civil cyber-conflict look like? Feudal systems and electronic fiefdoms all fighting with each other seems like the future for a USA where the connecting tissue has all been removed.
• If necessary elements of governance are run in-exile is this not a resistance movement?

From the start of Trump's new term it's been a case of the new US administration versus cybersecurity. Staggeringly incompetent DOGE henchmen impatiently bypassed security protocols, threatened or arrested system administrators or brazenly hacked into US institutional networks to wreak destruction leading to breaches.

Professors of cybersecurity (and their families) are reportedly being "disappeared", their homes raided and defenders of constitutional law arrested, deported or imprisoned.

After firing dozens of high ranking CISOs and officers with liberal-democratic leanings, came "Signalgate" in which the US administration thumbed its nose at state protocol, bypassed regular diplomatic and military situation briefing and shared ad-hoc war plans within an informal dinner-party chat group of "filthy-rich power swingers". By chance the group accidentally included Jeffrey Goldberg, editor in chief of The Atlantic. The administration then fired director of the NSA and Cyber Command, Gen. Timothy Haugh along with Deputy Wendy Noble. The administration has been rubbing the noses of its own intelligence and military personnel in the mud ever since.

All forms of digital security, privacy, compartmentalisation, strategic planning and even state secrets, are being dissolved by acts of cavalier recklessness. None of what we researched, learned or trained for could have prepared us for such an unexpected attack; a sudden flip to defective, hostile leadership.

An executive order issued March 20, titled "Stopping Waste, Fraud, and Abuse by Eliminating Information Silos" is a full assault on information security, effectively creating a new Orwellian ministry of information that demands access to and consolidates all civil records, medical, education, criminal financial, military service, and dubbing all existing institutional records "silos" to be dissolved in the name of efficiency. It is very likely the technically incompetent administration will simply bungle the reorganisation so badly they'll just lose all the data, and plunge the country back into a stone age.

Placing national security in the hands of a few billionaire's private companies is not a good idea.

US citizens who felt government bureaucracy has grown unweildy wanted this. For hard libertarians this all looks like vengeful payback. If cutting back the thicket of overgrown government via an efficiency drive were really all there is to it one could at least perceive a rationale. Giving the benefit of the doubt, assuming nominal democratic will, we should do nothing. Grab some popcorn and watch America devour itself?

However, the entire DOGE project looks like a cover for something else. As we have learned in Britain during long dark periods of Tory rule, if one looks at where cuts are made, an ideological pattern emerges. And it is an ugly, cruel, callous authoritarian one.

Prior to the new US administration Europe was already retreating from American online services due to a number of factors:

• the FISA and other aggressive snooping charters
• reckless development with "AI"
• appalling and failing security of BigTech products
• US inability to bring Bigtech to heel

The evidence that the US now wants to actively undermine cybersecurity, starting with its own, is of global concern. With NATO on shaky ground and Five-Eyes allies turning away from the US we are helplessly watching, aghast at a cultural decapitation strike designed to spread chaos and to collapse the US economy. This is an extremely serious sequence of events and must be considered a war against cybersecurity. What can we do?

Firstly, as practitioners we must remember and uphold the principles that cybersecurity is also security from precisely such insider threats. Unlike the political and legal systems that have folded like a wet paper bag, we can retake cybernetic systems via technical measures to shut out hostiles, preserve data and reconfigure systems if required. We can also tactically withdraw support. Tech workers, if organised and aligned would be the most formidable power block in history. How long can any government run if none of its computers do?

But more to the point we must defend ourselves even more effectively at the civic level. The US government is standing down against international cyber attacks on its people, while at the same time launching provocative attacks against other nations. This adds up to open season for cybercriminals and oligarchs alike (and many are the same people). We must make civic cybersecurity - which underwrites critical infrastructure, water, power, food, hospitals, schools - the highest priority. And we must now do so without the supposed help of the state implied by any social contract. We are on our own as citizens. It means we must look increasingly to free, international, independent non-profit organisations like open ssf and fsf. European initiative like enisa will become more important.

Agile security thinking is now needed. We have to think the "unthinkable". The US seems to be aligning with Russia (at least at the level of the oligarch classes). Since the UK has relied heavily on its former ally for protection and intelligence sharing, this leaves us exposed. The UK and Europe should urgently inject cash into defence, in particular to cyber-defence. We are in a rapidly changing geopolitical landscape where it would be no surprise to be definitively told the US Commander in Chief is an activated Russian asset, but we are also snagged by the balls because of historical reliance on US tech.

This will likely further the schism in cybersecurity between those who uphold moral and civic values as part of their profession, and "good soldiers who just follow orders".

We must remember that there is no such thing as "bare security". It is a contextual word that requires we constantly ask the three vital questions:

• Security from whom or what?
• Security for who?
• Security to what end?

It's about zero-trust. And, as Greg Focker says in Jay Roach's Meet the Fockers

"We're starting our own circle of trust. And guess what. You're not in it."

Thst's you US government.

Only yesterday the Global Agreement on Pandemics was reached without the USA, which withdrew from the pandemic treaty in January. Global security affairs continue to develop, simply leaving the US behind.

The new US administration is burning trust like rocket fuel, trying to reach some kind of neoliberal escape velocity. It won't work. Soon they will start to use "cybersecurity" as a weapon and excuse for further malfeasance.

You should not cooperate, either in action, agreement or propagating messages that are rooted in fascist ideology. Use your common sense in selecting which requests to ignore or orders to disobey.

Because BigTech are so enthusiastically backing a regime of destruction, all existing US tech products from companies like Microsoft, Google, Amazon, Meta etc, should now be considered unsafe or actively hostile.

The public and government should expect escalating disruption of domestic and leisure activities, social media, games and entertainment. The joke that we should not worry about civil unrest if the food runs out, but "if they switch-off Netflix", is now not such a silly thought. Tariffs, netsplits, non-interoperability, cut cables, downed satellites… this all looks like part of a plan to divide democratic states.

Alternative 'circuses' and forums of discourse should be the focus of sports, media and culture planning. There is no reason to suppose that "Hollywood USA", qua Western cultural centre of gravity, will hold.

We should all urgently update and adapt our communications habits. If you have a gmail or hotmail/live account, it's time to tell your colleagues, friends and family you're deleting it and switch as soon as you can to a British or European provider (there are many). Choose a real end-to-end encrypted solution. Stop sending communications to people who still have US based accounts or through US owned companies.

Start looking to migrate your digital estates to friendly nation hosted alternatives. There are thousands of European, British, Canadian, Australian and Commonwealth candidates. Any data hosted on US controlled assets should be treated as unsafe and one should execute an accelerated plan to extricate it.

British and European citizens should exit any US based social media immediately. This includes Facebook, Instagram, Messenger, WhatsApp, YouTube, LinkedIn, and so on. Stop posting to or reading these accounts and migrate with haste to federated alternatives hosted outside the USA.

As this terrible situation unfolds we should be sympathetic and not hostile to US citizens caught up in this. They are our friends.

A microscopic few have taken over and the average American is either already strongly opposed or has realised they've been tricked. Until the situation is resolved (if it can be) we must be prepared to receive an exodus of refugees, both digitally and in the flesh. UK and European data-centres should expand to host the US diaspora. Scientists, engineers, researchers and top cyber personnel are likely to be seeking jobs, remotely or by emigrating.

Reciprocal tariffs and trade war are no solution to the unfolding economic suicide of an empire. There is nothing Silicon Valley ever built that we didn't build first and better here in Britain, and cannot again. Since the 1990s much of Silicon Valley is smoke, mirrors and self-created mythology. Have you any idea how easy it is to build a search engine, social media platform or cloud storage?

The main reason BigTech companies flourished in the US is because of decades of massive government subsidy. Were we to do that here we would have better, modern replacements for all US services very soon. We would also benefit from a 40 year leapfrog advantage by choosing Chinese goods - provided they can be thoroughly sanitised, security audited and disconnected from vicarious Communist Party control. The right direction here is formally proven international hardware supply chain plus fully open source Libre software.

We must see through the puff and bluster of BigTech and punish them for colluding in harming civic society. We have never paused to think how Microsoft have barely advanced their awful Windows operating system in 50 years. It was insecure rubbish in the 1980s and it's insecure rubbish now. Windows 11 massively subtracts from the user/owner's security in so many ways while telling a colossal pack of lies about "improving security". US American tech "dominance" is as much a myth and marketing trick as a reality.

Fortunately there is a very clear plan-B. An entire international ecosystem of Free Open Source Software, built and maintained by the people is ready to replace US commercial proprietary software. Learning how to install, configure, operate and migrate systems to that is now the future of IT and cybersecurity for the rest of the world.

Ultimately this may all lead to better cybersecurity, through simplification, down-scaling, diversity, openness and more local autonomy. Perhaps. We should keep hope. Perhaps the best outcome is we all change our attitude and trust assumptions around technology. Even if unsuccessful this won't be the last time humanity faces an attempted technofascist coup.