Jose Fernandez, ""Semantic Security: or How I Learned to Stop Worrying and Looooooove the Internet""
My late friend Robert Garigue, a pioneer of Information Warfare and one of the most original and visionary corporate Chief Information Security Officer, first described the notion a "semantic attack" as the eventual non plus ultra in the hacking arsenal. Semantic attacks do not target directly the information-carrying or information-bearing portions of a system, but rather those components of the system that give it meaning and value; i.e. the semantic components that help us, among other things, establish and maintain truth and trust. When Garigue first coined the phrase "Hack not system, hack the belief system" many of us misinterpreted this as a cry for addressing the non-electronic non-technological "soft" components of the system, i.e. humans and their decision making cycles. In fact, social engineering, phishing attacks and other forms of internet-based cons are in some sense instances of such cyber-mediated attacks on the "meat computers" we have in our brains. However, reality is fast catching up with Science Fiction, and our decision making whether as citizens in a democracy, consumers, military leaders, politicians, businessmen and even intellectuals, is increasingly depending on Internet-based sources and systems. Our increased use and reliance on search engines, social networks, blogospheres, wikis and other non traditional media, for our daily decision making has made it such that an increased portion of the semantic system is computer-based. How are we to define, evaluate or measure the security of these new cybernetic semantic components? Join me on a highly speculative tour of "Semantic Security" (tm), a new subfield of Computer Security, ripe with lots of low-hanging, easily solvable research problems. Believe me!!