Insights from Binding Hook Live

At Underbelly Boulevard Soho, the stage lights, columns, and ceiling strips all change colour simultaneously to signal a traffic light protocol (TLP). Each talk at our flagship event, Binding Hook Live, held in London earlier this week, had an individual TLP label: red stage lighting was a visual notice of ‘in-the-room’ only content, amber or green for restricted, and Virtual Routes blue for public information. 

We can therefore only share some insights from the incredible conversations and discussions on Monday for those who were not there in person – but we feel that even the edited highlights deserve a summary in Binding Hook. These insights can be organised into three main areas: China, capitalism, and conflict. 

China

Throughout the day, attendees welcomed – and were sometimes surprised by – the event’s focus on cybersecurity and China. From a comprehensive analysis of the place of cybersecurity in Chinese politics and strategy from Adam Segal to lightning talks on Chinese hacking communities by Eugenio Benincasa, public attribution practices by Ben Read, and a spotlight on US-China chip competition from Melissa Griffiths, China occupied a central place. 

This was deliberate: our attempt to take stock of the tectonic shifts in the world order that are now taking place as the US explicitly disavows the liberal structures it created 75 years ago, thus opening a governance gap for China and others to fill. Current conflicts, from Russia’s invasion of Ukraine to Israel’s devastating occupation of Gaza, rightly dominate headlines in our short-term news cycle. However, the shape of technological innovation, competition, and global governance in the coming decades will be increasingly influenced by decisions made in Beijing, in other major Chinese cities, and in capitals of aligned states worldwide. Understanding these shifts can help Europe navigate between stark security concerns and economic dependencies that currently have no easy solution.

Capitalism

The second theme of the day was the importance – and idiosyncrasy – of cybersecurity and technology market dynamics. First, the inimitable Juan Andrés Guerrero-Saade took the audience on a deep-dive critique of current investment-oriented AI hype through what he called ‘commoditised evaluative power’. His talk exposed the reality behind many commercial promises and predictions about AI and the very serious security implications of ubiquitous AI adoption.

Then, James had the pleasure of moderating a discussion between three world experts in the spyware and exploit marketplace: Katie Moussouris, Sophie in ’t Veld, and Ian Beer. Each approached the topic from complementary perspectives, discussing individual decision-making and incentive structures on the supply side, the dangers of abuse and lack of accountability on the demand side, and the complexities of fixing the intricate tech stack that makes up the mobile device ecosystem.

Two lightning talks continued this debate, with Lena Riecke unpacking the tensions between different roles the state plays in spyware governance and Max van der Horst highlighting the ethical dilemmas and legal challenges facing vulnerability researchers engaged in public disclosure for the common good.

The closing keynote, by Ollie Whitehouse, brought these themes together with an analysis of how market failures have led to systemic cyber insecurity. His recommendations – not UK government policy – ranged across the technology lifecycle, combining operational solutions (like software bills of materials and standardised, measurable security scores) with business and market incentives around executive pay, liability, and regulation. Addressing this insecurity is a tough task, but one that the UK and other governments appear increasingly willing to take on.

Conflict

While Binding Hook Live conversations on cyber conflict are not publicly shareable, we can offer our own reflections on some key questions facing policymakers and practitioners in this space. First up is the question of how to address the increasing overlap between non-state actors – primarily ransomware-focused cyber criminals, but also other scam and fraud actors – and states, with the latter both enabling and benefiting from the activities of the former. Here, disruption is both the main threat – as seen with repeated ransomware attacks impacting the UK this year – and a serious policy option for countering that threat, by, for example, causing ‘cognitive effects’ in adversaries.

Second, there is continued uncertainty about what level of cyber pre-positioning during peacetime (or ‘hybrid’ conflict) is normatively acceptable and what the appropriate response should be for states that discover such preparation in their national critical networks. Greater digital vulnerability due to network compromise on both sides of a conflict – civilian and military – could lead to greater caution, rather than escalation, but this path is a highly risky one. 

Finally, recent years have demonstrated the difficulty of predicting exactly how cyber capabilities or technological dependencies will be leveraged in a kinetic conflict. The only way to prepare is to build teams that are sufficiently skilled and flexible to adapt on the fly to a rapidly evolving conflict environment.

Watch this space

Among Binding Hook Live’s diverse audience of coders, diplomats, analysts, and students, one attendee stood out with her brushes and bottles of ink: a sketch artist captured the spirit of every speaker live, recording their visages as they spoke. 

This series of detailed, dynamic, and honest snapshots, developed and delivered with extraordinary care, knowledge, and skill in a rapid timeframe, reflects the talks themselves and the Binding Hook Live ethos. 

We hope that in the coming months and years we can draw inspiration from these sketches to take these conversations in the directions they urgently need and deserve, and to paint these topics on a larger canvas for everyone in our community and beyond.