Thoughts on Technology and IT

The start of a new cyberpunk predicted era.

For years, cyberpunk fiction has warned us about a world where the battleground is not just streets and borders, but information and technology. It also warned about power shifting away from democratic institutions, toward actors who can move faster, surveil deeper, and influence at scale.

The twist today is that the dominant force is not only the mega-corporation. It is the rise of authoritarian states and state-aligned movements promising cultural strength, dominance, and “order” in exchange for control. That promise is easier to sell when information itself can be manipulated, and when technology can be used to pressure or punish quietly.

Over the last 20+ years, democracy has been drifting towards authoritarianism. This trend globally moves the needle towards a top-down control structure that tramples on personal freedom. The table below captures the movement:

Tracking Democracy’s Drift

At the same time, the old assumption that the United States will consistently anchor a post-1945, democratic supporting, rules-based international order is under stress. A February 4, 2025 U.S. executive order directing a review of international treaties and organizations, with a view to potential withdrawal, signals a sharper, more transactional posture toward multilateral commitments. Carnegie’s related analysis also frames this as a reassertion of sovereignty and a retreat from international agreements and institutions. Carnegie Endowment

A Cold War pattern, updated into grey-zone information conflict

In her December 15, 2025 speech, the new Chief of the UK Secret Intelligence Service (MI6), Blaise Metreweli, put the reality plainly: “We are now operating in a space between peace and war.” (her speech). She described a world where disinformation manipulates understanding, where conflict spans “the battlefield to the boardroom,” and where “the front line is everywhere. Online, on our streets, in our supply chains.”

This maps cleanly to NATO’s definition of hybrid threats: a coordinated mix of overt and covert, military and non-military means (including disinformation and cyber attacks) used to blur the line between war and peace and destabilize societies. NATO

Call it an Information Cold War if you want a headline. Operationally, it is a sustained grey-zone contest, and it is already shaping how institutions are targeted.

The change is real and it is not transient “This is not a temporary state or a gradual, inevitable evolution. Our world is being actively remade, with profound implications for national and international security. Institutions which were designed in the ashes of the Second World War are being challenged. New blocs and identities forming and alliances reshaping. Multipolar competition in tension with multilateral cooperation” (her speech).

Business as usual is not a serious posture

If the “space between peace and war” is the operating environment, then “normal operations” become a vulnerability. The institutions most at risk are not just governments and militaries. It is the places that hold high-trust information, high-value research, and high-impact decisions.

Common targets and why they are exposed

The practical vulnerabilities that make grey-zone pressure work

Across these sectors, the pattern repeats:

1. Identity becomes the breach path (phishing, MFA fatigue, OAuth abuse).

2. SaaS becomes the data spill path (oversharing defaults, weak governance, uncontrolled external collaboration).

3. Vendors become the quiet entry point (MSPs, EdTech, LegalTech, clinical platforms, analytics).

4. Logs become inaccessible or incomplete (no full-fidelity export, short retention, poor correlation).

5. Keys and access become externally controlled (encryption that exists, but cannot be enforced or revoked independently being in vendors control).

6. “Truth systems” become attack surfaces (websites, portals, email, workflows, and approvals that people trust by habit).

This is exactly the environment Metreweli warned about: disinformation in the mind (GOV.UK), conflict in the boardroom and the front line in supply chains (GOV.UK). It also matches NATO’s framing of hybrid activity as a blend of coercive tools below the threshold of open conflict. NATO

A new path: protect, validate, and secure information with sovereignty and local control

This is not a call to abandon cloud services across the board. It is a call to stop treating cloud as the default trust zone for high-sensitivity information. If you cannot control identity, keys, telemetry, and exit paths, then you do not control risk.

Here is a practical, organization-agnostic approach that works for universities, law, healthcare, and public-sector bodies.

1) Define what must be sovereign and locally controlled

Start with categories, not platforms:

• Regulated personal data (students, clients, patients, citizens)
• Sensitive research and partner data
• Identity and access systems
• Encryption keys and secrets
• Security telemetry and incident evidence
• High-trust publishing and decision systems (portals, approvals, finance, HR)

2) Build around four non-negotiables

1. Locally governed identity authority: phishing-resistant MFA where possible, strict conditional access, least privilege.

2. Locally controlled keys: keys that you control, rotate, and revoke without vendor dependency for your high-sensitivity classes.

3. Locally controlled telemetry: near-real-time export of critical logs to your own SIEM or security data platform with retention you set and an elimination as much as possible of external outgoing telemetry to vendors.

4. Segmentation and enclaves: separate what must remain open from what must remain protected (especially research and privileged workflows).

3) Reduce the cloud blast radius instead of arguing about cloud ideology

• Minimize data replication into collaboration platforms by default.
• Use secure enclaves for sensitive work (research, legal matters, clinical operations).
• Require vendor log export and deletion, incident reporting timelines, and security controls as contract terms.
• Design for exit: portability, backups, and the ability to isolate a vendor quickly.

4) Add validation back into daily life

Metreweli’s “check sources, consider evidence” framing is not a public-relations aside. It is a control objective. GOV.UK

• Verified publishing for official sites and portals
• Stronger email authentication and anti-impersonation controls
• Workflow hardening for approvals and payments
• Clear out-of-band verification for high-risk requests

The point

We cannot assume business as usual, because our situation is anything but usual. Metreweli’s “space between peace and war” is not a metaphor. It is an operational description. NATO’s “blur the lines between war and peace” is not theory. It is the playbook. NATO And the foreign policy drift away from multilateral constraint and toward sovereignty-first retrenchment changes the backdrop institutions have depended on for decades. Carnegie article

The world is changing rapidly, and our response cannot be incremental. We need a deliberate shift in how we store, share, validate, and defend information. Business as usual is not a sustainable position.

---

Bibliography

• UK Government. “Speech by Blaise Metreweli, Chief of SIS, 15 December 2025.” https://www.gov.uk/government/speeches/speech-by-blaise-metreweli-chief-of-sis-15-december-2025
• NATO. “Countering hybrid threats.” https://www.nato.int/en/what-we-do/deterrence-and-defence/countering-hybrid-threats
• Carnegie Endowment for International Peace (Emissary). “The Death of the World America Made” (Feb 2025). https://carnegieendowment.org/emissary/2025/02/trump-executive-order-treaties-organizations
• Carnegie Endowment for International Peace (Emissary). “Trump’s Distorted View of Sovereignty and American Exceptionalism” (Jan 2025). https://carnegieendowment.org/emissary/2025/01/trump-sovereignty-american-exceptionalism