Cyber Roots - Jon Henry

hello everybody good morning my name's John I'm here to talk about how we got here um so hello um let's get started so how did we get here right so I I I've been to so many of these talks and I hear amazing stuff I see awesome exploits I see things that people are doing that are amazing Cutting Edge stuff techniques processes things they've done things they found right but what I'm seeing more and more and especially as more younger people are coming into the industry is kind of you know how did we get here where are we right now in the history of uh cyber security infosec and all that good stuff right um because

security cyber security is not just an it normal it field right because we work with people not just computers we work with computers and people and how do they work together and how do people work with people how do computers work with computers and servers work with people and etc etc right so cyber isn't just about machines and code and you know finding the exploit it's also about people so let's defrag all of this stuff and see where we go we're going to do a journey through all the way back to the beginning when we called things cybernetics in the early days of what cyber was right so hopefully that gives us a good perspective on you know what

we're doing now and why we're doing it so a little bit about me I am from the US but I currently live in Poland now um you know we talk about Generations a lot in the US there's the Gen X the millennial mines all this stuff there was a cool article I read one time about this little niche kind of microgeneration in between uh Gen X and um the Millennials called the Oregon Trail generation that's where I find myself in so I don't know how many people played Oregon Trail okay a couple but uh this was one of these early early games it was really hard to beat I don't know if anybody ever beat it actually so

but um you know I I uh occasionally will go punting I I you know I know that's something that most Americans don't know what that is but you know I've been to Oxford and like to go down down to you know tame and all that so um and I do some ston heny art kind of stuff I'm actually an artist you know it's it's kind of weird because um I work in security but I had a start in art and education and things like that so you know um with with technology I was a late bloomer um I had a habit of taking everything apart that my parents gave me and breaking them so they just didn't buy

computers they said no you're just going to break it so I was that kid that went over to the other kid's house that had the computer and then I broke his computer so um I have a a special uh ability to break things um I was an early street artist in the 90s you know before everybody knew who bangy was I was doing that kind of stuff I I was a little bit of a graffiti artist I was known to sometimes dress up into uh things like utility workers and locksmiths and government type stuff just to kind of test and see what Society was going to measure and and and how I could you know push those kind of

boundaries right so an engineer and artist I had to make a decision when I was in college and I said I don't want to make the decision I want to be both right so I guess I'm somewhere in the middle of that which is kind of fun place to be because again security is about people and machines so I think it's important to to kind of look at that from that perspective um I love information I like to be plugged in as much as I can and learn as much as I can so let's talk about information because if we're going to talk about cyber roots and the history of how we got here we

have to understand how we got here from the perspective of information right uh a lot of people have told me that uh we're in the information revolution right now um we're leaving the Industrial Revolution we had an Agricultural Revolution we've had all these revolutions and changes right now we're in the information one right so obviously there's a lot of different inventions and things that are not mentioned on this slide but it gives you the idea of where we're going but what does that mean how did we get to an information revolution so I want to look first at Alvin tofler um a you know a great writer from back in the day he was talking about things that were uh way

ahead of its time right so you know uh he he he said you know when we're talking about information and how we uh disseminate that information and teach uh that you know we're kind of in a transition phase and and it's really really interesting that he said that 40 or 50 years ago um because he said that before we learned things uh in the early days of education from the churches and that's really where people got a lot of their information from but the Industrial Revolution changed that people couldn't just look to the past to understand where they fit into the industrial world right so what they did is we somehow created an education system that kind of mimicked what the

industrial factories were right students came in they were kind of separated into groups they had different subjects in different areas everything got segmented um it was allow they had an authoritative figure right so they were able to uh kind of condition people to go into the factory and work right but Alvin Toffler said hey you know that's not where we're going to be you know when we look at the information age where we're going in the future ironically enough 50 years ago he talked about that we would be in the future working from home and it wouldn't be about the factory anymore it would be about us exploring not how to um you know produce

things but how to understand things information and where we're going in this age is all about understanding and learning and he saw that a long time ago so quote from him right the systems of Tomorrow fast and fluid these machines will deal with the the flow of the information or a flow of physical materials while we deal with the flow of information and the Insight so both us and the machines instead of being concentrated in these factories we'll be scattered across linked together so cool that this guy was saying this so long ago and here we are so again you know I want to I want us to look at the past and understand how we got here so that

we can have a a different perspective

hey okay the lightning workshops are starting if any anybody signed up thank you cool cool no worries so let's keep moving through history information right the result of processing that which can be sensed or the abstractions of the result that's kind of my own definition of information going through a lot of different information theories um but uh that's important because when we start talking about machines this is this is where a lot of the science behind what we do in cyber comes from right it's just simply you know a little delay on my remote there it's simply measuring things right so we can look at things in intervals or a segment of time and that's where most of

our machines and devices are working right even bits themselves right the on and off of electricity so we often think in this industry information is just limited to data messaging n networks things like that but information isn't just encoded in the things that we make in our languages and the Transmissions we send the emails we send uh you know we could look at information expressions in a lot of different ways maybe humans are and DNA maybe even that's an example of um an expression of information so as we're going through studying information again I was talking about the measurable Val value changes over time right that's where most of information Tech comes from so we're

measuring change or entropy right um or dis entropy we're measuring at intervals so that's pretty important when we talk about cybernetics which was the the earliest field that dabbled with what cyber is uh Norbert weiner here uh one in all time and the apparatus to deal with them whether in Computing laboratory or in a circuit have to deal with these recording preservation transmission and use of the information so what is it and how is it measured right so he wanted to answer those questions a lot of the things that we were looking at in early information Theory and early cybernetics um got us where we are uh but we had to kind of look at it in systems and break things

down into parts right we've got a message Source it's encoded through some type of language right um then we have the channel with the noise the noise is the entropy that is the information being lost um and that's almost inevitable it seems like right so we live in a world of systems all these different things and if we're thinking about it from a cybernetic standpoint each of these systems will have some type of control mechanism or feedback mechanism right so let's expand our idea of our ideas of what a system is I always like to look at this picture because we have this is our solar system but what it would look like as it travels through

the Galaxy right so perception of a system is limited by whatever you limit it to right um everything seems stationary here while we're standing here everything's still but we're moving really really fast and then when we take that perspective out a little bit further we're moving even faster so we have opposition to order which is entropy D entropy the opposite of that right why is it that in the universe entropy seems to be this thing that is constantly uh you know moving through time maybe it's even one of the the forces of time even right um but yet we as people we have a homeostasis we have an order and we tend to want to to create those systems of

security and control that we experience ourselves in our body right and we apply that to the world around us as it's you know chaotic and more and more every day right so entropy is huge for information Theory and uh security right so um the first time we used entropy in in relationship to that I found actually Transmissions of messages was from the Bell Labs where they were trying to describe how they just always seem to lose a little bit of information uh you know through the Transmissions that they were uh experimenting with so there's a little bit of math for those mathematicians here but um the amount of information gained uh about a random varial signal

from observing another random variable so this is dis entropy right so this is kind of important for for Life information gaining right um ultimately as a species this is kind of what we're doing over time every generation we gain more information and have a bigger understanding maybe right the organism us ourselves is a system right and you know when we're talking about systems each cell in our body is an organism we can look at it in a lot of different ways uh different communities working together so you are essentially a community so when we apply Community you know to society and we try to build that we're we're just mimicking what our bodies are already

doing this entropy so maybe the organization is actually the core fundamental part of what messages are um I have a little bit of uh just thought um pictures here just to talk about a little bit different ways right we we have uh kind of fallen into a trap through our Freudian uh overlords that have turned everything into a want or a desire or a need right we live in a world with consuming is is a big part of it in our Western culture right but not every uh form of uh you know looking at at the human mind and the relationship of people looked at that just start really talks about um you know more of a psychology that's

based on um you're a whole system made up of smaller systems so there isn't they're not acting independently they're acting in unison right which is again another important thing to think about when we look at our own systems and what we're trying to secure we have a lot of different machines different servers different programs that are running different Services they all could seem very isolated but they're all connected so essentially that's what we're really looking at when we secure something is the entire homeostasis of the entire system of all the systems right that we're working with so let's get to the Cyber stuff cyber stuff is definitely about guns and weapons and like cool stuff right this is uh you know growing

up in the 80s you know I got to see a lot of cyber movies and uh they influenced me but what is it really about so I've got a handful of quotes up here um the art of governing or science of government I never never thought of that until I started researching early on I was like cyber I always thought cyber was was about computers and code but it's actually about governing and steering and how we move through something that has a control mechanism that's kind of that's kind of different so study of systems right we were talking about systems how they can receive store and process the information and use it for control securing efficient operation

right the art of effective organization the science and art of understanding you know cyber the root of that comes from um believe a Greek word and it was the steersman so if you work in cyber security what are you steering what are you governing what are you in charge to secure some type of control mechanism some type of feedback loop what is it that we're doing here's the basic cybernetic Loop so this is the beginning of machines right here so this is this is from way back in the day uh Norbert weiner again had put this together I believe it was like the 40s 50s something like that um but you know all of our machines and

computers and servers and all the the technology that we're working with this is essentially what it's doing right um there's some type of controller there's an action an output right that output will hit another system there's a feedback loop that comes in we have our sensor right we can look at and and the thing that I want to bring up here that's important is that again we we tend to focus on computers and Technology too much in this industry but the early cybernetic folks that were you know experimenting and theorizing about this they didn't see a difference between humans and machines they saw it as the same thing right so the way that people interpret and take input and

process and output some type of reaction machines were modeled after us right people as processors so here's an interesting uh diagram that norbar put together from the cybernetics or control and communication in the animal and the Machine 1948 so he talks about Computing machines um and he's doing a comparison of how our nervous system works with actual uh and and how we're building and developing machines to kind of mimic that right so there was something called an effective tone a condition reflex right so as we're going through different processes and we're looking at a larger system that has smaller systems in it we have multiple systems that are effectively each have their own uh effective tone some type of reflex that

they're working with uh but then he talks about this effective tone totalizer and you know when I read this uh book I don't know 25 years ago I kind of just glazed over this part but when I was going back through it I said wait a minute what is this effective tone totalizer right it must adjust slightly based to to provide stability for the whole machine for the the whole system I mean right so how do what can we compare this to right um again if we're securing a system or we're securing a company or we're securing a nation or a family what is the effective tone totalizer that is the ultimate you know the steer the how how are we steering

the whole ship right that's really what cyber is is that piece there um so we need to create things that can you know uh feel and and and uh and tell when things are slightly off and you know when we when we see things that are wrong then we have to respond to them and fix them and secure them so here's a cybernetics uh flow here again cybernetics is human machines are kind of doing the same thing there's a control mechanism computer or communication so again the computer or the phone or whatever device that you're using that's essentially your your effective tone mechanism cyberspace in itself is this giant black hole of all of these things together but what's

interesting to me is if we kind of go backwards and and pull away from the fact that it's computers and Tech well there's a lot of people in cyberspace humans right communicating with each other so it's almost a reflection of the entire Society of the world the internet is right all of these different ideas and places so if that's the effective Tone totalizer If we think of it that way then we need to learn how to measure what's going on in the internet in the cyers space right we need to understand where are we as a species going if we continue this path and that we're we're heading to through how we're building our reality

right so cybernetics Norbert talked a lot about law right the law may be defined as ethical control applied to communication and to language as a form of communication especially if it's under the control of some Authority right strong enough to give it a decision we're an effective you know social sanction so right so again early cybernetics early cyber was thinking about people as a whole society humans right understanding that law really is uh a mechanism that we put together to help control the flow of communication how we live together and work together but uh unfortunately a lot of a lot of folks are out there they can see that and they understand a lot of these control

mechanisms feedback loops and I don't know there's a lot of noise right now for me and a lot of the people I talk to there's so much information out there that people are starting to be kind of lost why are we doing what we're doing I have so many things that I could do at one time which one do I do I see a lot of people becoming kind of down about it even you know they're they don't know what they're doing anymore and why we're losing purpose maybe so let's go back and explore some early art movements that uh that kind of lead us to where we got here in the cyber security age right

so uh in the last century almost you know 80 years ago or so uh in France a group of artists writers Engineers scientists they got together and they decided that you know there's something going on with uh corporate culture where we're essentially bringing you know giving people a commodity and getting people to want things that you know is life about wanting and just I need this I need that so they they said hey we're losing connection we're the way that this is going it's going to segment us and it's going to turn people into somewhat of a zombies almost right right so the some of the earliest hacking that I've seen um in terms of social engineering you

know type of hacking is you know these folks were doing really cool stuff where they were modifying existing Billboards and modifying you know um messages that were being put out through corporations to try to say hey like in the end of the day um we can we're in control of where our species is going not this massive controller you know big Corporation so the letterist movement turned into the situationist so again these folks were really interested in Social Engineering um you know one of the the early uh um events where the people learned who the situationists were they were also out of France but they were from all over Europe uh they crashed a like premiere for uh

Charlie Chaplan film and kind of turned it into their own film almost by how they went in and changed how people saw the film by the art and the performance that they did in front of the show so um the situationists were looking for a unitary urbanism right the complex ongoing activity which consciously recreates humans environment according to the most advanced conceptions right so how do we manipulate all of these things out there to help steer the ship right they talked about the tournament it's a fluid language of anti ideology it occurs within a type of communication aware of its inability to enshrine any inherent and definitive certain so this was a quote from G Deo

uh G was one of the main situationists ghee uh was upset with the way that we were going he he he kind of was against a lot of the consumer you know um Western direction that we were heading and he thought that it was going to segment us and turn us into zombies like I said before right so um he started the group and he wrote some really good stuff uh one of which was the Society of the spectacle all right so a great quote from him the spectacle is a permanent Opium War waged to make it impossible to distinguish goods from Commodities or true satisfaction from a survival that increases according to its own logic

right consumable survival must increase in fact because it continues to ensine deprivation G de bord the world of images history will see advertising as one of the real evil things of our time it is stimulating people constantly to want want and want art reflects life so taking all this information uh in the early 2000s um I had teamed up with this uh artist from Washington state that was living in DC at the time and this is you know this was before a lot of people knew what disinformation was so we wanted to uh share with everybody what we thought was going the direction that we we were going right so we created the US Department of Art and

technology and on the right we have the secretary being sworn in by Alice Denning who is was at the time the wife of the head of the CIA in the US um we put out a website for the US Department in art and Technology it wasn't a.gov it was a us but you know in the early 2000s people didn't know what these things even men most of the people right so we went around and did political speeches uh in in DC and uh as members of the US Department of Art and technology and people didn't know that it wasn't real they thought it was real and it went on like this for a while um you know what is a steering the

ship governing right so isn't that what we do in cyber as we look for ways to guide people we didn't want to confuse people though we wanted to teach people about thisinformation so when they came to our shows and Exhibits we would end by you know revealing everything and saying what it is so governing the temptation of being a controller right societal engineering so much fake news out there every day more and more I don't know about you all but I I'm kind of having a hard time finding actual good news anymore um what happens when we lose the truth from our media well we can take one one nation state that has probably taken this idea

the furthest right so this is an aerial shot of Chernobyl uh during the Ukraine Invasion Russia invasion of Ukraine right so Russia as we know um they are very um good at rewriting history so uh their soldiers they don't teach about Chernobyl in Russia so their soldiers didn't know what it was so they dug trenches there and then they got sick so the hacker Manifesto uh when information becomes a commodity it means we will only be able to see the information produced by that vectoral class that's the class of the the big super uber corpse and the you know the massive isps and these big companies that are controlling everything right so the hack was

something to counter that the the manifesto was written in the same structure that g de board wrote Society of the spectacle so where are we now we're separated we're more divided than ever disinformation is pushing more segmentation so how do we Society control and regulate we got to go back to the roots we got to understand how we sculpt this tree so we can steer the ship so what can you do be authentic you have power in your positions in security you are exposed to a lot of things be authentic if something doesn't feel right don't do it have integrity be cool you have power in the positions that you have you impact people people

trust put their trust in you you to protect their systems have confidence speak out teach people help people learn about what it is that we're doing here so that we can help all of our all of us you know get through this and keep moving forward in a good direction so that's all I got thank you