icm2re logo. icm2:re (I Changed My Mind Reviewing Everything) is an 

ongoing web column  by Brunella Longo

This column deals with some aspects of change management processes experienced almost in any industry impacted by the digital revolution: how to select, create, gather, manage, interpret, share data and information either because of internal and usually incremental scope - such learning, educational and re-engineering processes - or because of external forces, like mergers and acquisitions, restructuring goals, new regulations or disruptive technologies.

The title - I Changed My Mind Reviewing Everything - is a tribute to authors and scientists from different disciplinary fields that have illuminated my understanding of intentional change and decision making processes during the last thirty years, explaining how we think - or how we think about the way we think. The logo is a bit of a divertissement, from the latin divertere that means turn in separate ways.

Chronological Index | Subject Index

Mother Courage and the shotguns of cybercrime

What can be learned from Brecht's dramaturgy

How to cite this article?
Longo, Brunella (2019). Mother Courage and the shotguns of cybercrime. What can be learned from Brecht's dramaturgy. icm2re [I Changed my Mind Reviewing Everything ISSN 2059-688X (Print)], 8.4 (April).

How to cite this article?
Longo, Brunella (2019). Mother Courage and the shotguns of cybercrime. What can be learned from Brecht's dramaturgy. icm2re [I Changed my Mind Reviewing Everything ISSN 2059-688X (Print)], 8.4 (April).

London, 1st May 2019 - From April 2019 ENISA (the European Union Agency for Cybersecurity) has an updated regulation about the Internet of Things (IoT) and all the connected devices we enjoy over the Internet. It establishes a "European cybersecurity certification framework". The assumption is that such a measure will improve the conditions for the functioning of the internal market by increasing the level of cybersecurity within the Union and enabling a harmonised approach at Union level to European cybersecurity certification schemes, with a view to creating a digital single market for ICT products, ICT services and ICT processes.

The regulation comes into force in the UK in June 2019. It states the vision and the technicalities saying that the European cybersecurity certification framework shall provide for a mechanism to establish European cybersecurity certification schemes and to attest that the ICT products, ICT services and ICT processes that have been evaluated in accordance with such schemes comply with specified security requirements for the purpose of protecting the availability, authenticity, integrity or confidentiality of stored or transmitted or processed data or the functions or services offered by, or accessible via, those products, services and processes throughout their life cycle.

What can be said about this new endeavour? All good news for cyber security weaponry.

Will the new ENISA Regulation have any impact on the billion or trillion of devices and interactions used in the context of appalling criminal behaviours perpetrated through the internet, from human trafficking to money laundering?

The tip of the iceberg

In the UK, the Department for Digital, Culture, Media and Sport (DCMS) has recently published a 66 pages document containing the results of a quali-quantitative survey of cyber security breaches suffered from businesses and charities.

Not a single clue on the impact of cybercrime on human rights.

Of course, the aim of the study is to better understand the nature and importance of the cyber security risks and inform policy making, not to inform strategies or share insight on how to prevent slavery, frauds, forced labour and economic violence, all crimes that are flourishing through the use and abuse of information and communication technologies. Surveys and research like the DCMS's represent the perception and experience of cybercrime within sectors of the economy that are not hidden, by way of engaging mainly with IT teams. In sum, they offer a snapshot of the tip of the iceberg and do not say pretty much anything that could not be categorised as IT budget item - not even a word on corporate crime and internal frauds, one of main routes to data breaches. But let's take a look at the snapshot all the same to see how is contributing to understanding the issues on the table.

One of the main findings is that GDPR has accelerated the pace of change, enabling organisations to see the risks of cyber attacks and take technical and behavioural actions to prevent them: people understand that these attacks always target personal details. As a consequence, the number of reported breaches or attacks has slightly fallen between 2017 and 2018, from about 1.5 to just 1 million.

Board engagement is still poor though, as well as supply chain involvement. And managers lament a chronic skills shortage that is hampering their ability to deal with cyber security.

About 32 per cent of businesses and 22 per cent of charities have experienced in the last 12 months phishing attacks, impersonations and related identity threats, viruses, spyware or malware and ransomware attacks. Sadly, the study confirmed that experiencing a breach with a negative outcome, such as a loss of data or assets, is a strong driver of behaviour change. The findings also suggest that, where businesses have lost data or assets through cyber security breaches, the financial costs from such incidents have consistently risen since 2017. Among the 32 per cent of businesses recording breaches or attacks, this resulted in a negative outcome, such as a loss of data or assets, in 30 per cent of cases. Among the charities recording breaches or attacks, this happened 21 per cent of the time. In businesses that had these kinds of negative outcomes, the average (mean) cost to the business was £4,180 in 2019. This is higher than in 2018 (£3,160) and 2017 (£2,450). It indicates a broad trend of rising costs in cases where cyber attacks are able to penetrate an organisation’s defences. Once again, the average costs faced by larger businesses in these cases tend to be much higher (£9,270 for medium firms and £22,700 for large firms in 2019). And for charities facing such negative outcomes from breaches, the average cost was £9,470 in 2019.

Compare these figures with the £5,000 in compensation four young women received from the Metropolitan Police after they worked almost ten years with no pay as domestic servants, housekeepers and baby-sitters, suffering physical and emotional abuses on top of having their childhood stolen. The women were brought illegally to London from Nigeria as teenagers: in 2011, after innumerable attempts to help them from their local communities as they were not attending school, they found a way to have their case heard in the High Court where a Judge established that a breach of Articles 3 and 4 of ECHR had occurred. Although there is no criminal offence of "trafficking" in our domestic law (in England and Wales), the Court recognised there had been a failure to investigate repeated allegations of slavery on the side of the Police. [2011] EWHC 1246 (QB)

This example is just a drop from the ocean of the actual hidden "applications" of cybercrime into human interactions we do not normally know anything about.

In sum, the DCMS survey confirmed that organisational change for cybersecurity is taking place through a system of coherent behavioural rules and technical controls applied by savvy IT teams. What remains largely unsatisfactory though - and even, for some of us advising in the field since long, frustratingly ridiculous - is the lack of awareness about the overall digital infrastructure on one side and the human factors and psychology of cyber security on the other.

On average, people still believe, for instance, that chief executives' or volunteers' smartphones are to be trusted as... safe by default - especially in the charitable environment.

The same attitude is still prevalent in respect of remote or mobile working requirements: if you are so generous and stoic to work from home in your free time or when you travel all around the world with friends and family, why shouldn't you easily access the organisation's IT assets?

Plenty of social conventions and civilised behaviours and expectations or even legal requirements can make any technical standard or framework completely irrelevant at some point somewhere.

So, even when the strongest of the disciplines is in place and all the guidelines are followed (see for instance the Government IOT Security Code of practice published October 2018), there is a tendency not to see and not to deal with the intersections between the regulated and controlled business world and the grey or hidden economy. It is exactly along the lines of such intersections that cybercrime flourish, contaminating and exploiting trusted human interactions.

A theatrical digression

Bertolt Brecht was possibly talking about himself when he said anyone deserving of the name of artist is unique; he represents something universal, but in his own individual way.

It seems he was quite disappointed with the way in which the audience ignored the moral judgement and political stances he moulded into his most famous character, Mother Courage.

For decades, instead of listening to and caring for the author's message, both the public and the critics have overwhelmingly been preferring a reassuring reading of the play, always showing various degrees of compassion and sympathy for Mother Courage, well beyond any technical reading and authentic interpretation of Brecht's masterpiece.

Nobody can actually complain about this. Who is the owner of the artist's message at the end of the day? According to the classical theory of information, well that is - in fact - the public!

For my curiosity, I wanted to check some reviews of the play's productions given in various Countries and at various points in time and learn something about Brecht's dramaturgy, more than forty years after my first encounter with the artist at my primary school's library.

Guess what? I came across a long queue of scholars and experts who basically said that if Brecht was ever misunderstood that was... because of his own fault!

Thanks to a very readable yet specialist account of such review of Brecht's dramaturgy (Gleitman 1991), I learned that he was openly criticised against his own character by one of his biographers, Ronald Hayman, who said By trying to discredit her [Mother Courage], he makes her unforgettable. [...] Brecht demanded the radical transformation of the theatre which would correspond to the whole radical transformation of the mentality of our time (quoted in Clark 2006).

Brecht was convinced for long years that creative productions were destined to a process of commoditisation and became just another productive force in the market. But they could still have an impact on society, educate the public, spread a message, trigger intellectual and critical reactions.

His positions were for long identified as marxist. Empowering as it was (as we would say with current terminology of public engagement with arts and current affairs), Brecht's philosophy and practice of an epic theatre caused him in the 1930s to be put on the nazi blacklist and became an exile.

It was during those exile years that he wrote Mother Courage.

In my childhood's readings, what he had to say about war and human choices was absolutely clear and paramount. There would be no wars if belligerence was not intertwined with human nature, that is epitomised at its best by motherhood.

Ambivalent for most part of his career, and genuinely committed to a politically active intellectual role, it seems that in the aftermath of world war two, and after the experience of his exile, if he had lived through 1956 and into the later 1950s he too might have become as disenchanted and disenfranchised as other anti-fascists who returned from exile to the GDR and later left it. This is at least the opinion of Mark Clark, historian who has extensively studied XX Century intellectual history of Italy and Germany, who writes that partisan without being bound to a party, independent of official institutions yet experienced in surviving within institutions, prepared to entertain risks and undertake unconventional experiments - this was how Brecht accommodated a world he envisioned as changeable, and he introduced some innovative poetic and political strategies to give form to his vision. It sounds familiar!

In 1995 a Kent's Royal National Theatre production attempted a creative exercise looking at Mother Courage as a work-alcoholic contemporary human type, victim of her own adrenaline more than anything else. Did such reading succeed in making Brecht's call for attention to the dimension of individual responsibility in social tragedies a little bit closer to the public? I am afraid it did not.

Perhaps a similar attempt had been made by an American production in 1975 that completely removed the context of war and the issue of personal choices. Instead, it focussed on the technicalities of the process of buying and selling cheese in a certain social environment, skills Mother Courage was proudly exercising in the context of her war time. This was apparently in the hope that spectators would engage with the themes of the play without being distracted by any abstract notion very distant from their own present - and one of these themes was that bad social systems make good people bad.(Ryan 1975).

My patience with a certain... scholars' laziness stumbled. What the hell is so difficult to understand? Is the context of the play so unbearable and uncomfortable or incomprehensible for both the actors and the public up to the point that it needs to be camouflaged and re-engineered? or is that the essence of the character, I mean the personality of Mother Courage, is so impossible to liaise with that it needs to be translated into a more palatable one? In much more recent essays, following the 2008 documentary Theater of War, staged by the Public Theater in New York's Central Park, a production that starred Meryl Streep (reviewed in Farmer 2008), I have eventually found a partial admission and recognition that yes, indeed, this is the level of the problem.

People cannot usually bear the emotional cost of dealing with Mother Courage's ambivalence and inner deep ugliness and moral inadequacy. But how different things can be if you have the fortune, as I did, of an absent father who points your curiosity to the library's shelves!

Meryl Streep's mastering interpretation of Mother Courage powerful points to the actual themes of war and violence and how these are intertwined with politics and art at all times - themes that are at the core of the play as well as Brecht's life. And yet the production still left great space to accommodate the sympathy of the public for the mother and her children: it would be impossible for everybody to look at their stories without a deep feeling of compassion but for being able to read between the lines of the script and see the shadow of the author's more complex and demanding weave, a pattern in which human emotions are interlocked with moral and rationale arguments about and against the idea and reality of war.

The same documentary about this amazing 2008 production, shows the emotional trouble people normally experience - so many decades after Brecht's first proposition - to deal with such level of literacy on the issue.

I learned that the first representation of the play was given in 1949, and it did not surprise me at all that the actress playing the role of Mother Courage for the first time was Brecht's wife Helene Weigel. Who else could do it at that time, unconditionally understanding and endorsing his position?

The documentary says, brutally, that Mother Courage learns nothing. [...] Brecht wants the audience to learn in order to prevent war and explains that Brecht wanted us to reflect about what attracts us and what exposes us to the risk of self destruction.

In the way in which we sell cheese, in which we design and organise our work, or anything else we do for a living, there is a route for peace and for wellbeing. This can be exploited, turned against us or just made unaccessible. We are all "malleable" at some stage in our life and in some circumstances, up to the point of becoming unaware soldiers fighting for causes that have nothing to do with our own good.

In a nutshell, this is exactly the main shotgun of cybercrime.

Theatrical lessons learned

Mother Courage is unable to see, learn and choose happiness. Either because of her inner human nature or because her behaviours and moral choices have been deviated by socio-economic pressures, in a marxist reading of Brecht's characterisation, the point is that Mother Courage cannot change herself.

It is impossible not to feel immense sorrow for the character in this perspective without any sympathy or concession for her choices.

Meryl Streep acting in the 2006 New York Public Theatre production - and the few glimpses we have on that performance through John Walter's documentary - possibly makes the case for the audience too. I also have now a feeling of deep pietas for the audiences that over the decades have looked at the character with compassion up to the point of being shielded from those more demanding reflections Brecht wished them.

Brecht's dramaturgy helps to get Brecht's message through, and nudge us towards the difficult truth about the choice his character makes to espouse the war as a source of income and her own business.

Ideology of war becomes ordinary business as usual for Mother Courage.

Have the actors and the audiences over the years been able to receive this message? It seems they haven't.

People have worn pietas glasses at all times or have inclined towards biblical interpretations, actors have been engulfed with technical readings and re-inventions of the play as far as I can see from the literature - this is happened particularly in the 1970s and 1980s.

With these pietas glasses on, it is hard to accept that Brecht wanted us to think about the evidence he brought forward, that the war option is in fact always hidden inside us, that precedes and follows us and when we distract from it because we have to buy and sell cheese as well anti malware and other cyber security software we just, in a sense, perpetuate the violence.

A choice of peace would be not to have children, not to engage in buying and selling, not to go to war, not to install server security patches, not to react to DoS or ransomware attacks. Just live enjoying your life and try to leave the planet a little bit cleaner. Of course this is a childish extreme conclusion that is completely unrealistic but in its moral essence it can teach detachment and meditation - not worthless skills to have while dealing with cybercrime at any level.

Interviewed for John Walter's documentary, Brecht's daughter says her father wanted the audience to react emotionally but also to think about the war, assuming people can have access to what we now call the two systems thinking of human mind. I like to think my absent father did the same pointing me to the library shelves.

Perhaps Brecht thought others would achieve that deep understanding of what war does to human beings and humanity as he had done through his own life of exile, persecuted dramatist and poet.


If you feel I have blasted a cannon fire against a mosquito, or I have just given words to confused and not really pertinent thoughts, well ... you may be right. But think again or come back reading this article in few years time.

I said above that cybercrime exploits trusted human interactions at the intersections between controlled and uncontrolled spaces: we are all - from the cyber warriors and cyber security experts to the most naive of computer users - engaging with cheese at all times along such intersections because it is in the human nature, social existence and mental frailties to do so.

Making ordinary citizens - and in particular mothers and fathers, the disabled, the poor and the unemployed, the weak and wounded, the young and everybody who is experiencing an emotionally vulnerable status - able to see, recognise and choose for their good and for the good of others, to choose learning over fighting, compliance over corruption, creativity over cheating, to turn around hostile conditions, to endorse the idea of happiness over the idea of fate, doesn't guarantee neither a long and healthy life nor the ability to prevent cybercrime but for sure it keeps people away from attitudes and behaviours that do not fix vulnerabilities and tend to exacerbate conflicts.

We all have much more to lose than computer security spending an unbearable number of hours on useless fights and distressful inconclusive working patterns, for instance.

In sum, shutting down the computer or the whole network can be a much more cheaper and productive choice in several circumstances.

There is a last argument I have found while wandering through Brecht's dramaturgy I did not mention above and it is the "fatal virtue" or cultural justification of belligerance: John Walter's documentary in the end says that we need to change the context in which people like Mother Courage is left to die by "fatal virtue" or inability to cope with their own defeats.

That is a bit like to say we need an up-to-date regulatory framework to deal with cyber crime, surely sustaining the software markets and the management of information technology services (the weaponry), but overwhelmingly impossible to implement in its entirety and, above all, not enforceable.

I have myself argued in the past that without changing the OSI layers model (that is the conceptual foundation the whole of the current computer security science and software engineering has been built upon), there will be no significative shifting in the fight against cybercrime. I have not changed my mind: this could be hopefully technically possible in the 5G era. But it may be not so relevant anymore in a digital economy in which counterfeit and fake identities prevail together with cryptocurrencies, for both good and bad causes.

I have found the "fatal virtue" argument quite extravagant for a brave and absolutely brilliant documentary that uncovered themes left behind in Brecht's dramaturgy for many years. And yet, once again, with this fatal virtue argument, the documentary shifted the attention away from the main character, in favour of an idealised concept of collective responsibility.

Culture and collective responsibilities will always be pretty much unaccountable in daily ordinary risk management practices, whatever wicked policy and governance issue we are dealing with.

Unreached and untold through market surveys and official statistics, trauma and hardship as well cyber crime cause stressful and degraded life and working conditions that can be exposed through the arts, the media and social media with different degrees of depth and insight, from trivial scratches of politicians' tweets to the greatness of Brecht's plays.

Self regulations, industry standards and regulations all together can help.

Are we - ICT and management consultants, software engineers, authors and users or spectators of the digital world - willing to stay on the page and make our own unique resolutions for change in our own contexts?

I wish you will.


Clark, M. (2006). Hero or Villain? Bertolt Brecht and the Crisis Surrounding June 1953. Journal of Contemporary History, 41(3), 451-475. Retrieved from http://www.jstor.org/stable/30036398

DCMS (2019) Cyber Security Breaches Survey 2019. Retrieved from https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2019

DCMS (2018) Code of Practice for Consumer IoT Security. Retrieved from https://www.gov.uk/government/publications/code-of-practice-for-consumer-iot-security

OOO & Ors v The Commissioner of Police for the Metropolis [2011] EWHC 1246 (QB) (20 May 2011) Retrieved from http://www.bailii.org/ew/cases/EWHC/QB/2011/1246.html

Farmer, P. (2008). Mother Courage and the Future of War. Social Analysis: The International Journal of Social and Cultural Practice, 52(2), 165-184. Retrieved from http://www.jstor.org/stable/23182403

Gleitman, C. (1991). All in the Family: "Mother Courage" and the Ideology in the "Gestus". Comparative Drama, 25(2), 147-167. Retrieved from http://www.jstor.org/stable/41153508

Regulation (EU) No 2019/881 on ENISA (The European Union Agency for Cybersecurity) Retrieved from https://www.gov.uk/government/publications/eu-regulation-on-enisa-and-cyber-security-certification

Ryan, P. (1975). Brecht's Mother Courage. The Drama Review: TDR, 19(2), 78-93. Retrieved from doi:10.2307/1144949

Walter, J. director (2008). Theater of War. Retrieved from https://vimeo.com/110775691

Wolf, M. (1995). Mother Courage and Her Children: Review. Variety, 27 November 1995. Retrieved from https://en.wikipedia.org/wiki/Mother_Courage_and_Her_Children