The Colonial Pipeline attack is a dark omen
Our software infrastructure is not built with security in mind. That’s partly because a lot of it depends on older layers, and also because there has been little incentive to prioritize security. More operating systems could have been built from the start with features such as “sandboxing,” in which a program can play only in a defined, walled-off area called a “sandbox” that is unreachable by anything else. If that program is malicious, it can do damage only in its sandbox. (This is analogous to the idea of “air gapping,” in which crucial parts of a network are unplugged from a network’s infrastructure.)
Adding security after the fact to a digital system that wasn’t built for it is very hard. And we are also surrounded by “technical debt,” programs that work but were written quickly, sometimes decades ago, and were never meant to scale to the degree that they have. We don’t mess with these rickety layers, because it would be very expensive and difficult, and could cause everything else to crumble. That means there is a lot of duct tape in our code, holding various programs and their constituent parts together, and many parts of it are doing things they weren’t designed for.
Our global network isn’t built for digital security. As I wrote in 2018, the early internet was intended to connect people who already trusted one another, such as academic researchers and military networks. It never had the robust security that today’s global network needs. As the internet went from a few thousand users to more than 3 billion, attempts to strengthen security were stymied because of cost, shortsightedness, and competing interests. [Continue reading…]