A while back I asked: is digital civilization sustainable? I wondered whether we had, in the long run, any good reason to expect cybersecurity to stay out in front of those who work around the clock to breach it. Despite ever-increasing (and increasingly burdensome) layers of security, we seemed to be, at best, neck-and neck with the bad guys.
Where I work, our electronic infrastructure is more and more ”˜locked down’ every day. I’m one of the engineers who have to respond whenever there’s a problem with our software at any of our facilities around the world, but the security barriers have become so numerous and so stifling that I typically spend many, many hours just gaining temporary access to the part of the system I need to examine. Generally I spent vastly more time doing this than diagnosing and fixing the actual problem. The problem, moreover, is not limited to the details of our own security arrangements; we also must comply with a bewildering assortment of external regulations and certifications. Tasks that used to take me minutes or hours now take days.
Despite all of this, breaches of corporate and governmental systems are more and more common, even as the armor-plating grows ever more confining, cumbersome and costly. Given that we’ve put all of our eggs into this basket, there must be an underlying assumption that security can stay ahead of the threat.
But what if, in the long run, it can’t? What if the armamentarium of the hackers can become so formidable that it will always prevail? What if it simply turns out to be the case, in principle, that it is always going to be easier to break in than to keep intruders out? Considering the extent to which all of society now rests on digital technology and the Internet, this would be a titanic collapse; it would be on the order of the fall of Rome.
I wrote this at the end of 2014. Since then we have only increased our dependency on networked technology, and with it our exposure — in new ways every day — to risk.
An article today at The Weekly Standard looks at a new battleground in the cybersecurity wars: our network-enabled cars and trucks. Read it here.
2 Comments
Serous question:
Do you think it might makes sense to do what happend in Battlestar Galactica, where they did not link their computer systems?
For instance, maybe some computers should not be linked? Also, maybe some information and some communication systems should be independent of the internet?
IE, did you read the linked article? There is some discussion there of “air-gapping”.