An Argument that Cybersecurity Is Basically Okay
Andrew Odlyzko’s new essay is worth reading—”Cybersecurity is not very important“:
Abstract: There is a rising tide of security breaches. There is an even faster rising tide of hysteria over the ostensible reason for these breaches, namely the deficient state of our information infrastructure. Yet the world is doing remarkably well overall, and has not suffered any of the oft-threatened giant digital catastrophes. This continuing general progress of society suggests that cyber security is not very important. Adaptations to cyberspace of techniques that worked to protect the traditional physical world have been the main means of mitigating the problems that occurred. This “chewing gum and baling wire”approach is likely to continue to be the basic method of handling problems that arise, and to provide adequate levels of security.
I am reminded of these two essays. And, as I said in the blog post about those two essays:
This is true, and is something I worry will change in a world of physically capable computers. Automation, autonomy, and physical agency will make computer security a matter of life and death, and not just a matter of data.
JohnnyS • March 20, 2019 6:45 AM
On April 14th, 1921, I’m certain that Captain Smith was quite happy that things were going splendidly on the maiden voyage of the Titanic. That seems to be the theme for this essay: “whistling past the graveyard.”
WE DON’T KNOW if there are foreign nation-states that have collected ample access to our industrial systems so they can cause massive disruption at their will: Such access would be hoarded until needed.
WE DON’T KNOW which of your home IOT devices are currently being used for botnets to spread spam and malware.
WE DON’T KNOW if our personal information is on a list that is being used by cyber criminals to commit identity theft and they simply haven’t got to us yet as they work down the list.
The fact of the matter is that the vulnerabilities caused by cyber security problems are real and so are the risks. The impact of such threats can be catastrophic.
Anyone remember the Soviet gas pipeline explosion in 1982? You think they have forgotten? You think they wouldn’t do the same thing to us in revenge if they get the chance?
Anyone know anyone who has suffered identity theft and knows the extreme misery of that awful crime?
Anyone know anybody who had to deal with ransomware? Where jobs and even lives depended on fixing the problem?
“Whistling past the graveyard” is irresponsible and foolish. Instead: “Ask not for whom the bell tolls: It tolls for thee!”