The System Doesn’t Care

Bruce Schneier: Crypto-Gram Newsletter

Or to be more precise: it doesn’t care about you – only for itself. And it doesn’t really even care about itself, in the long run – but only in instant gains at the expense of everything else. It is not interested in producing quality products – only the cheapest stuff they can get away with.

Bruce Schneier is the most important security specialist in the world – it’s as simple as that – he writes and speaks all over the place. I quote from him:

Information technology is increasingly everywhere, and it’s the same technologies everywhere. The same operating systems are used in corporate and government computers. The same software controls critical infrastructure and home shopping. The same networking technologies are used in every country. The same digital infrastructure underpins the small and the large, the important and the trivial, the local and the global; the same vendors, the same standards, the same protocols, the same applications.

With all of this sameness, you’d think these technologies would be designed to the highest security standard, but they’re not. They’re designed to the lowest or, at best, somewhere in the middle. They’re designed sloppily, in an ad hoc manner, with efficiency in mind. Security is a requirement, more or less, but it’s a secondary priority. It’s far less important than functionality, and security is what gets compromised when schedules get tight.

The software used to run our critical infrastructure — government, corporate, everything — isn’t very secure, and there’s no hope of fixing it anytime soon. Assurance is really our only option to improve this, but it’s expensive and the market doesn’t care. Government has to step in and spend the money where its requirements demand it, and then we’ll all benefit when we buy the same software.

Did you notice that all-important word Government? The very thing the conservatives are out to destroy, in the name of the market.

