Culture comes first in cybersecurity. That puts cybersecurity on the front line in the culture wars
- Reference: 1746527292
- News link: https://www.theregister.co.uk/2025/05/06/opinion_column/
- Source link:
North Korea protects its citizens from harm by total control of what they can do, see, and think. They may starve, but they're protected from a hostile world by an ideological ditch a light-year wide. On the other side of the geopolitical equation, members of the European Union, taking their cue from the devastation of fascism, protect their citizens through economic co-dependency among themselves and a polychromatic web of cultures under democracy and law.
Now add technology, specifically the digital tech that simultaneously sucks all the affairs of nations and citizens into cyberspace while removing the physical and tangible borders that define us in the first place. After heroic years of incomprehension, disbelief, and incredulity, the sovereign nations of the Earth have recreated themselves online, bringing their cultures, economies, freedoms, and restrictions, and recreating their old alliances of common interest and trust. Alliances, as always, involve gray areas where mutual interest and trust paper over cracks in actual alignment.
Microsoft unveils finalized EU Data Boundary as European doubt over US grows [1]READ MORE
The best example of this is data privacy and protection. The US lacks an equivalent of Europe's General Data Protection Regulation (GDPR – which still exists in a very similar form in post-Brexit UK legislation). American companies don't have to give their users the same protection and transparency as EU-based companies must. But American tech companies underlie the majority of the digital economy worldwide. Fortunately, American law is powerful enough that US companies can voluntarily abide by EU norms through contractual agreement, so the EU is happy – no, that's the wrong word – let's say warily prepared to let them take control of EU citizen data.
Then Trump 2.0 happened. The administration is advancing some Constitutional innovations, most notably proposing that the courts cannot bind the President. The tech sectors of the EU and America have had to move rapidly from congratulating each other that Trump's massive tariff spasm, rooted as it is in [2]19th century thinking, has no concept of [3]services . Instead, a realization is dawning that nothing is sacred in America if the President pronounces it profane. That most certainly includes the policies of public and private organizations alike.
[4]
Thus we see Microsoft's badly rattled Brad Smith [5]promising to protect EU data in the US courts should Trump come after it, the rapid expansion of datacenters on EU power grids – sorry, soil – and the Microsoft Cloud for Sovereignty. There's no reason to doubt that he means all this; it's not the quarter of Microsoft's revenue he's scared for, it's the creation of plausible competition at nation-state scale. Both China and the EU have the resources to create software infrastructures to challenge the US; but only the EU is built of companies that speak English as their internal lingua franca.
But will it even happen?
Trump might mean it all, but can he do it all? The wild expansion of presidential powers over civil and criminal law has been fueled by a little outright defiance, seeing how much can be gotten away with, but mostly by creative bypass. The administration can't abolish or replace legally mandated federal entities or private companies, but it can cripple them through regulation and defunding. This is done under the banner of the war against woke, whereby federal funding is contingent on policies mirroring Trump's antipathy to diversity, equality, independent thought or real or imagined opposition.
[6]Windows isn't an OS, it's a bad habit that wants to become an addiction
[7]Bad trip coming for AI hype as humanity tools up to fight back
[8]Official abuse of state security has always been bad, now it's horrifying
[9]Please sir, may we have some Moore? Doesn't look that way
In one example among many, the FCC, America's communications and broadcast regulator, has said it will not approve mergers or acquisitions of any companies supporting "invidious" woke agendas. The overt politicization of a communications regulator is an ill-fitting shoe in a democracy. The UK's populist Prime Minister, Boris Johnson, [10]tried the same thing in 2021 with Brit comms regulator Ofcom by pushing ex-Daily Mail editor Paul Dacre as its head, but this was successfully defended against by institutional revulsion.
The tech sector is a lot less regulated than the broadcasters, but that's not much protection against an administration determined to unroll as much of post-war liberal culture as it can, as quickly as it can, and with no thought of cost or consequences. Where global companies like Microsoft are going to see both cost and consequence is in the stark truth that what passes for the "invidious woke agenda" in Trump's administration is just basic civil rights in Europe. Will Trump overlook that, or will it become a [11]casus belli against tech? Nobody knows, and it looks as if Europe isn't prepared to paper over that crack while there's every chance it could become a chasm.
[12]
We already know that state support for cybersecurity in general comes a distant second to state control over data, with vigorous attacks on [13]national security entities and vigorous support for [14]DOGE doing what the hell it wants with everyone's data. We know [15]Signalgate signals the open gate at the heart of the administration on such matters. We know, practically, that the Salt Typhoonization of American infrastructure can only prosper now.
Truly, cybersecurity is a culture of teamwork, not a technology. That is now moot in the United States, where the wider culture is to destroy any teamwork of old if it conflicts with the febrile and fiercely fickle MAGA-lgorithm. This is simply not an environment where Europe can protect its citizens' digital safety, nor can the shattered trust be quickly repaired. Microsoft and its giant tech confreres may fervently wish this isn't so, but it is so. From Maine in the Atlantic to Florida in the Gulf, a silicon curtain is descending across the ocean. We may not see it lift in our generation. ®
Get our [16]Tech Resources
[1] https://www.theregister.com/2025/03/03/microsoft_unveils_a_finalized_eu/
[2] https://history.house.gov/Historical-Highlights/1851-1900/The-McKinley-Tariff-of-1890/
[3] https://www.theregister.com/2025/04/07/eu_to_target_us_tech
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aBoyHp7sa6JUvdGChK0EywAAAFU&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[5] https://www.theregister.com/2025/04/30/microsoft_getting_nervous_about_europes/
[6] https://www.theregister.com/2025/04/28/windows_opinion/
[7] https://www.theregister.com/2025/04/22/bad_trip_coming_for_ai/
[8] https://www.theregister.com/2025/04/14/opinion_secret_state_security/
[9] https://www.theregister.com/2025/04/07/opinion_column_moores_law/
[10] https://www.theguardian.com/media/2021/nov/19/paul-dacre-pulls-out-of-running-next-ofcom-chair
[11] https://www.britannica.com/topic/casus-belli
[12] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_offbeat/columnists&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aBoyHp7sa6JUvdGChK0EywAAAFU&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[13] https://www.theregister.com/2025/04/30/excisa_boss_agency_cuts/
[14] https://www.theregister.com/2025/04/30/doge_goa_probe/
[15] https://www.theregister.com/2025/04/25/signalgate_lessons_learned_if_creating/
[16] https://whitepapers.theregister.com/
Re: "Cost and Consequence"
"Gramps, why did they let Robert Kennedy kill all those little children with measles?"
Robert Kennedy is a believer in eugenics. If the kids aren't strong enough to survive a bout of measles than that's just nature's way of improving the species would be his view. Unfortunately, in practice the selection filter is parents stupid enough to believe him. He also puts out that vitamin A is a good cure so now there are kids turning up for treatment with vitamin A poisoning from over-enthusiastic "treatment".
Re: "Cost and Consequence"
@Doctor Syntax
"Gramps, why did they let Robert Kennedy create covid that kill all those little children with measles people around the world?"
On the plus side Trump has signed an Executive Order banning gain of function research including US doing it in foreign labs.
Re: "Cost and Consequence"
Madam, you have again dropped your foil lined fascinator. Clearly the 5G beams are affecting you.
Re: "Cost and Consequence"
not enough of you anti-vax loons died from covid.
hopefully the next disease that you fucking idiots are too stupid to wear a mask for finally does to you what you deserve, and very very painfully
Re: "Cost and Consequence"
"why did they let ... create covid that kill all those ...people around the world?"
Would you care to provide some evidence for the premise of your version that might be persuasive to the biologists who use this platform? In your own words, please, not a list of links to some conspiracy sites nor a load of LLM hallucinations.
Re: "Cost and Consequence"
@Doctor Syntax
"Would you care to provide some evidence for the premise of your version that might be persuasive to the biologists who use this platform?"
> That they have not found the cross over animal to certainly claim it was natural (previously required).
> Covid labs doing this exact work and using a furin cleavage site not being normal in the viruses close relatives AND the furin cleavage site being documented in a grant request to make covid like viruses.
> That they were making these kinds of viruses (this isnt disputed is it?).
> The covid bat virus came from nowhere near wuhan.
> Upon outbreak the Chinese blocked access to outsiders and locked up scientists who shared critical information with the world about the genetic make up of the covid virus.
So while the definitive and absolute proof of where it came from may never be found, the fact that the Chinese ensured it wouldnt be found by blocking access AND failing to find the point of cross over in the market severely harms any idea it was natural.
"In your own words, please, not a list of links to some conspiracy sites nor a load of LLM hallucinations."
When I post my own words idiots cry 'sources'. When I post links you say something stupid like that. And it takes a special kind of stupid to call it LLM hallucinations so congrats.
Re: "Cost and Consequence"
Oh Madam. Your failure rate is increasing.
This is sad. So sad.
No direct link has been found between any lab (including the Wuhan Institute of Virology) and SARS-CoV-2 as it first appeared in humans.
The DEFUSE proposal was not funded, and there’s no evidence that the specific proposed experiments were carried out.
A furin cleavage site can evolve naturally, and has been found in other virus families, though it is rare in close SARS-CoV-2 relatives.
Genomic analysis has not identified signatures of engineering (e.g., restriction sites, unnatural codon usage) that would clearly indicate lab manipulation.
Would you care to try again?
Cloud Act?
The US Cloud Act already strips away any pretence of how much Brad respects EU and UK laws, even if he genuinely wants to.
The phrase "Microsoft Cloud for Sovereignty" is just gaslighting. It was always a poor excuse to attempt to retain EU customers and make some vague promises about GDPR compliance. Now there's a moronic orange dictator running the USA, these empty promises should be viewed as what they are. While the Cloud Act promises judicial review of access to data held by US companies abroad, the backdoor of National Security Letters utterly nullifies such safeguards.
For far too long, the EU and the UK have relied on the benevolence of the US administration to avoid investing in the technology needed to properly control their own data and computing infrastructure. This has to change now and it has to change very quickly.
Re: Cloud Act?
Good point.
How long it would take sovereign states, or the European Collective to create alternatives to the major cloud providers, remains to be seen.
If the collective puts itself to work, it has shown its capability at being successful a number of times.
One can but hope, there is a change, one that benefits everyone who wants to use Cloud based thingys.
Re: Cloud Act?
I fervently hope there are changes that although benefit those that do not want to use Cloud based thingies but prefer exercising control on their locally held data.
Re: Cloud Act?
To what extent would we want alternatives to major cloud providers? As things stand there must be few clients who are not rounding errors in the bottom line of their US service providers.
As far as stuff like OneBox or whatever it's called is concerned, NextC|loud with the desktop client installed does the job fine, is based on open standards and provides for calendar sync and a number of collaboration tools. There are plenty of EU & UK suppliers who will run it for you if you don't want to run it in-house.
Likewise there are EU and UK suppliers who will host email.
For "major" read "many".
The bits needed to make up Microsoft <365 of the Google equivalent are there.but there is scope for some integration work, the sort of thing that the Microsoft ID handles. There's also scope for a ChromeOS equivalent which will integrate with the users' choice of service provider including an in-house server if preferred. It's those areas where I would see the efforts of a "Collective" being best applied.
Re: Cloud Act?
Is there a bot running somewhere which automatically downvotes people's comments?
Maybe the downvoter would like to add to the conversation with a reasoned justification?
No?
I guessed as much.
"US companies can voluntarily abide by EU norms through contractual agreement, so the EU is happy – no, that's the wrong word"
It certainly is. Gullible? Credulous? Cowed. maybe? Schizophrenic is probably the best description. One part of the EU wants to protect users, the other doesn't want to rock the boat with US trade. Now the boat has been rocked perhaps it's time for the user protection to come to the fore. In post-Brexit Britain I'm not sure there's anyone in HMG who cares about user protection so it'll be readily ditched in order to kiss Trump's arse.
I feel soon the UK is going to have to pick a side. Let's hope they choose wisely.
"Let's hope they choose wisely."
It would make a nice change.
not likely after the recent local elections.
way too many votes for racist reform ltd turds
(it's got so bad in the UK, an uncle who I once thought intelligent, turned out to be a racist piece of reform turd! they are everywhere, pretending not to be racist while saying racist shit)
"cybersecurity is a culture of teamwork, not a technology"
I've been saying this for a quarter of a century to organisations of all sizes from international corporate to mom & pop shop, and mostly they've listened politely and then ignored the advice. Where it grants any recognition to the problem at al, the entire security culture is obsessed by standards. But when we look at said standards we find, on the one hand purely technical approaches such as Cyber Essentials ("have some tech stuff in place") and on the other, process oriented approaches such as ISO 27001 and the NIST cybersecurity framework ("have some processes in place"). Yes, you need technologies and processes, but obviously you must be sure they actually work. Despite which there doesn't seem to be a single standard that defines outcomes and practically zero attention is addressed to culture or awareness beyond some perfunctory references to "training" of the front line (but typically not the executive).
The reality is that price of peace is eternal vigilance on the part of everyone at all levels of the organisation.
"Cost and Consequence"
Sounds like an excellent title for a future Netflix serialisation of these interesting times.
Although watching it with the grandkids might be a bit more than a little uncomfortable: "Gramps, why did they let Robert Kennedy kill all those little children with measles?"
"MAGA-Igorithm" Igor as in "Yeth mathter?" The MAGA ones clearly have loose neck bolts and have lost a few screws.
Or a typo for Ignorithm viz a calculus of (wilful) ignorance?