When I was kid, my parents stressed to me that there were certain topics you just didn’t talk about in public: religion and politics. You never knew whom you would offend if you brought up either taboo topic in unfamiliar company, so it was best not to talk about them. We certainly talked God and politics at home amongst ourselves, but those conversations stayed within the walls of our house. I think a lot of parents gave their kids that very same advice, because I still don’t encounter too many occasions where someone unfamiliar to me will make even a casual remark about religion or politics to my face, and I similarly refrain from doing that in person, too.
Unfortunately, I abandoned my parents’ advice when it came to social media. I use Facebook for a few different purposes: to function as a memory book for me to archive good times with my family, and to serve as a vent or relief valve when I see or hear something I don’t like, whether at work or, increasingly over the past few years, on the political landscape. I have never been afraid to share my politics – and sometimes my religion – on Facebook, because I see it as a form of cathartic expression and as a mildly narcissistic way for me to present who I am and what I believe. Over time, I’ve engaged in my share of debates, and a few of them resulted in either unilateral or mutual unfollowing or un-friending, something I’ve regarded as a regrettable but small price to pay to educate the less-informed on how wrong they are. I’m a professor after all, and teachers have to teach. It’s my vocation.
When I re-read those last sentences, it strikes me how my mild narcissism might not be so mild and has really gotten the better of me. And if you can suppress your own gag reflex a bit and consider whether those sentences might also apply to you and your use of social media, you might find that you and I aren’t all that different, and perhaps we actually can start talking religion and politics again.
I’ve built a silo for myself. It’s a comfortable one, because I no longer have to get all riled up that one of my Facebook friends could be so wrong and corrupt in their thinking as to disagree with the higher-ground truths I was laying out for them so eloquently. No one on my Facebook feed disagrees with me anymore. And I don’t bother to engage anyone else on Facebook, either, whether it’s because I’ve stopped following them because their opinions made me too angry or because I figure they’re a lost soul and there is no sense tangling with them.
It’s really quiet in this silo. It’s also a little bit dim.
A network firewall functions a lot like this. The job of a firewall is to protect a computer network from malicious traffic that might try to infiltrate it. A firewall administrator manages a blacklist, a set of addresses for computers that are known as bad actors because they are either suspicious in nature or have acted before and are known to cause harm. Communications from anyone on the blacklist is going to be turned away and will not penetrate the silo of computers behind it. Firewalls provide an invaluable service for protecting the data behind them. Once an entity joins the blacklist, it is going to take a lot of convincing by them to get off of it. They likely won’t.
We’re firewalls, aren’t we? I’ve unfriended or unfollowed – I’ve blacklisted – people because their network traffic – their posts about religion and politics – have frustrated me to the point that I just don’t want to be bothered by their noise anymore. And I’m on lots of blacklists, too. Their views aren’t going to get to me, and my views – however awesome they are – aren’t going to hit their computer or phone screens, either. We’ve built rather good virtual Faraday cages for ourselves. We’re not going to be hacked.
And yet, when certain traffic that isn’t on our blacklist manages to get in, and it looks legitimate because it aligns with what we expect to see or verifies what we already know, we read it. We may even believe it. My firewall, after all, protects me, so this new traffic from an unfamiliar source merits my attention and probably should win my support, particularly if it justifies having that firewall I’ve built in the first place.
My parents taught me something else growing up: be skeptical. Don’t believe what you hear or read. Investigate before accepting. You were probably taught that, too.
So, what happened?
Firewalls don’t work 100% of the time. If they did, cybersecurity – or the lack thereof – wouldn’t be a thing. When bad traffic passes through them, it often wreaks havoc on the network, corrupting its data, halting its operations. That is why some administrators use whitelists to manage their firewalls instead of blacklists: let traffic come only from explicitly trusted sources, and, even then, make sure that you educate end users who work behind the firewall sufficiently so they diligently inspect the data they receive before clicking or otherwise acting on it. As your communication circle needs to widen so that you can impact the world with your products and services, and as your internal cybersecurity training morphs into a cultural movement that reaches ever deeper into your organization, you expand the whitelist, exchanging more data with an increasingly diverse pool of entities so that you can get your word out and hear what others need and have to say. Your organization becomes more connected while still remaining relatively protected, because you’ve chosen to selectively admit rather than reject incoming traffic, and your employees have acquired the good sense not to click on that cute cat picture with the broken-English fuschia-colored non-sequitur caption.
There is so much chatter now about Russians interfering with our democratic processes, and it certainly is a tremendous problem that legitimately imperils our future. And there is the palpable, incredibly discouraging feeling of being helplessly and hopelessly deadlocked and divided against each other. Both are problems created by the toxic combination of our personal blacklists and our selective gullability.
Our parents taught us to use whitelists and to be skeptical. They taught us to be selective in our discourse but to engage critically and attentively, ready to ask questions and not just believe whatever reaches our eardrums or eyeballs. They taught us to use discretion and moderation when expressing our views lest others blacklist us as just a lot of nuisance noise and chatter. They were pre-Internet cybersecurity engineers who could have helped today’s CIOs sleep much more soundly.
Wanna defeat Russian hackers? Follow your parents’ advice.