Last March, I had the privilege of spending almost three weeks wandering around Japan. This was enriching for my work, community, education, and my personal agenda, broadening my worldview. Anyone who knows me a little knows that I enjoy sharing knowledge and expertise in the fields of hacking and cybersecurity. This is also the reason I dedicate a lot of time to things like OrangeCon, the hackerspace Randomdata, Hack in The Class, DIVD, and many more. At home, they sometimes have their doubts about it because it takes a lot of time and energy. Is that a problem? No, because in the end, both I and my surroundings understand my personal life goal perfectly: "Building a secure world."
In Japan, it became very clear to me that in the Western world, we’ve lost something over the past few decades: the collective. By that, I mean working together toward a greater goal. In Japan, this is much more common. For example, if you want to go on vacation, you consult with your colleagues to see if they can take over your work. When you return from vacation, you bring them some gifts as a thank you. Another example of the Japanese collective is in the area of security: people often volunteer to teach the elderly how to stay safe online.
A similar example of collective action comes from Cuba. There, the government solved a power supply problem by replacing all the old, energy-draining refrigerators at its own expense. Such an approach is effective, but not directly transferable to our Western society. Still, I believe we should consider a “security collective” in the Netherlands. What if we offered everyone free anti-malware or incident response services? Wouldn't we then become less interesting to criminals, and make the Netherlands less attractive to them?
Fortunately, in the Netherlands, we have collective communities such as hackerspaces and DIVD. Last year, DIVD, with 150 volunteers, identified nearly 1.3 million vulnerable IP addresses and notified their owners. This is an achievement that shows what a group of cybersecurity enthusiasts can accomplish. Such commitment is impressive – it amounts to an average of 1,700 vulnerabilities per volunteer per year. I know organizations that make less of an impact in terms of vulnerability management. For the new generation, organizations like Hackshield are already investing in collective security. It’s not an easy task, but youth is often a great motivator. Still, the question remains: what about our elderly, SMEs, and schools? Education and a safety net are limited, and if something goes wrong, it’s uncertain whether help will reach them in time.
What I unfortunately also see is that organizations sometimes invest in the "security collective," often under the banner of CSR (Corporate Social Responsibility), but I sometimes wonder if the "S" stands for sales. I would love to see more organizations invest in the security collective, not just for the marketing story, but because together, we can make the world safer.
Why should we invest in the collective? Criminals operate like an ecosystem, relying on each other to achieve success—let’s call it a collective as well. On the protective side, I would like to see a similar development: one where it becomes normal to notify victims, even if it’s not directly your responsibility, should you come across victim-related information. Or to offer help and collaboration to businesses and individuals who have been affected and might not be able to afford mitigation (Incident Response is, after all, not cheap). I believe that, in the end, it would actually be cheaper to act collectively.
I also wonder where the facilitating parties of crime stand in this collective responsibility; it’s far too easy to develop criminal activities on a rented server, and finding information on how to become a criminal is a piece of cake, thanks to platforms like Telegram and YouTube. That’s why I would like to propose: how about we start looking out for each other a bit more? Not because we have to, but because together, we can make the world a little safer.
Barry van Kampen
Former co-founder of The S-Unit and founder of OrangeCon.
