Th idea of "will", especially from the German side, got a bad rap for
obvious reasons. But I like Arendt's picture of it as an uncomfortable
inner tension when we simultaneously see what what we want to be (or
should morally do), and an alternative path set out by habit and
company.
To me, will is a very important component in security, it's that
tense feeling you get just before you;
- decide the video conference with your boss urging you to transfer
$1m into a Swiss account might not be as it seems, and pull the
plug (risking being fired)
- walk out of the shop that stubbornly refused to take cash (risking
social embarrassment)
- refuse a significant discount in exchange for giving personal
information (taking financial loss on principle)
- tell someone in a more authoritative position, no you won't be
joining them via Teams/Zoom because of its security risks (risking
unpopularity)
What we find in cybersecurity incident autopsies is that people say "I
knew X wasn't right. All my spidery feelings and heckles were on red
alert, but I didn't act, and I don't know why."
So in another piece I wrote;
Our culture is now about to split into two camps; the normative
and the secure. Instead of "the haves and have-nots", there will
be "the will, and the will-nots". Those who will compromise and
those who will not compromise security. Those who choose security
over convenience. Those who choose security against the nagging
"advice" of corporations and governments to adopt a weaker
position favourable to "markets".
To me, will is a very important component in security, it's that tense feeling you get just before you;
What we find in cybersecurity incident autopsies is that people say "I knew X wasn't right. All my spidery feelings and heckles were on red alert, but I didn't act, and I don't know why."So in another piece I wrote;