Peter Cochrane: Pattern matching: The strengths - and weaknesses - of habit

Standard patterns of behaviour and predictability makes goods and services easier and cheaper to produce, but at what potential cost? Peter Cochrane considers the issue

Our innate habituality is almost ‘Schrodinger like' (his cat being simultaneously dead and alive): it is both good and bad at the same time in almost equal measure.

Having routines, regularity and patterns makes us more efficient, more predictable and recognisable by others and, as a result, more easily accommodated and catered for.

Known patterns of behaviour and performance helps us in the design and operations of everything we organise, build and use

But there's more. It turns out that our computers, mobile devices, networks, and even the chips that power them, also exhibit their own regular patterns of behaviour and, in some part, as an extension of ours.

Known patterns of behaviour and performance helps us in the design and operations of everything we organise, build and use. Even a small degree of predictability and behavioural containment renders the engineering of products and services far more economic, but there is also a down side: habit and predictability can also be exploited to our detriment by the ‘dark side' - by cyber criminals, and other people and authorities with nefarious intent.

Every idiosyncrasy, signature, keystroke, friend and social network we interface with can be key pieces in the ‘jigsaw' of identification

Our security is not only based on who we are, what we do, our physical appearance, passports, driving licences, National Insurance numbers, bank and credit cards and so on, they also embrace our behaviours and that of our machines.

Every idiosyncrasy, signature, keystroke, friend and social network we interface with can be key pieces in the ‘jigsaw' of identification. The full list is extensive and includes; our gait, clothing, when, where and who we meet, what we own, where we travel, what we consume, and of course, the devices we own and how we use them.

This all provides conformational clues in the process of establishing our identity as individuals in the real and virtual worlds. And the more of this data the dark side can accumulate, the easier it is for them to impersonate us, steal our identities and raid our resources. Data mining was never so easy, either.

Just consider the time spent all online, on social media, on camera, talking and communicating in open public areas, posting snippets of personal and identifiable information on the internet and sharing data. By default, we are all ‘target rich' opportunities.

Conversely, trying to identify and locate dark side players is not so easy.

It is no longer a matter of looking for a needle in a haystack stack with a single identifier, tool or technique. We now have needles in needle-stacks and they are bent, or at least changing shape.

To escape the forces of law and order they employ every obfuscation technique in the book and, in general, they put in a great deal of effort into hiding any recognisable habits. The good news is, it is almost impossible for them to become totally invisible and to disappear, and there are always identifiable clues.

For our part, being mobile and having several devices, browsers, points of access, ISPs, email addresses, cloud accounts and points of connection is a good start, along with multiple log-on identities and passwords. This all makes it more difficult for the dark side to accumulate ‘certain' knowledge about us and, if we really try, we can confound them by dispersing and varying everything we do.

It really is time that firewalls, malware protection and our wider security software picked up on this dimension to broaden our automated protection

During malware and botnet attacks our networks, devices and chips also do unusual things and exhibit new patterns of behaviour, while we may receive false calls, emails and minimally distorted URLs, such as natwast.com instead of natwest.com.

They are all indicators of an actual attack or precursors to some impending onslaught. But such is the scale and growth of attacks we are long past the point where any of us can be relied upon to cope.

It really is time that firewalls, malware protection and our wider security software picked up on this dimension to broaden our automated protection. It isn't rocket science and it certainly isn't difficult to engineer, and it might just turn out to be a very effective defensive step.

Peter Cochrane OBE is the ex-CTO of BT, who now works as a consultant focusing on solving problems and improving the world through the application of technology