The System Doesn’t Care

Bruce Schneier: Crypto-Gram Newsletter

Or to be more precise: it doesn’t care about you – only for itself. And it doesn’t really even care about itself, in the long run – but only in instant gains at the expense of everything else. It is not interested in producing quality products – only the cheapest stuff they can get away with.

Bruce Schneier is the most important¬†security specialist in the world – it’s as simple as that – he writes and speaks all over the place. I quote from him:

Information technology is increasingly everywhere, and it’s the same technologies everywhere. The same operating systems are used in corporate and government computers. The same software controls critical infrastructure and home shopping. The same networking technologies are used in every country. The same digital infrastructure underpins the small and the large, the important and the trivial, the local and the global; the same vendors, the same standards, the same protocols, the same applications.

With all of this sameness, you’d think these technologies would be designed to the highest security standard, but they’re not. They’re designed to the lowest or, at best, somewhere in the middle. They’re designed sloppily, in an ad hoc manner, with efficiency in mind. Security is a requirement, more or less, but it’s a secondary priority. It’s far less important than functionality, and security is what gets compromised when schedules get tight.

The software used to run our critical infrastructure — government, corporate, everything — isn’t very secure, and there’s no hope of fixing it anytime soon. Assurance is really our only option to improve this, but it’s expensive and the market doesn’t care. Government has to step in and spend the money where its requirements demand it, and then we’ll all benefit when we buy the same software.

Did you notice that all-important word Government? The very thing the conservatives are out to destroy, in the name of the market.

For a related posting, see Cyber War


Cyber War

A new book is out by ex-Presidential adviser Richard Clarke, called Cyber War: The Next Threat to National Security and What to Do About It. His writing leaves a lot to be desired, but he seems to understand the subject. The basic problem is this: Americans and their government are too stupid to deal with the problem.

The biggest secret in the world about cyber war may be that at the very same time the U.S. prepares for offensive cyber war, it is continuing policies that make it impossible to defend the nation effectively from cyber attack.

In other words, Ladies and Gentlemen: America is screwed.