Blog U › 
  • Getting to Green

    An administrator pushes, on a shoestring budget, to move his university and the world toward a more sustainable equilibrium.

Robust vs. secure
June 2, 2011 - 11:45pm

I was struck, this week, by two announcements in the news. First came the statement that the US government is moving towards considering cyber-attack, at least in some instances, as an act of war. Second came the news that Google's Gmail (email) system had succumbed to cyber-attack.

Nobody with any technical knowledge at all considers email a secure technology. If it were, you wouldn't get all those messages from Nigerian bankers, and sweet young things in far-off places, and relatives whom you didn't know were traveling ('cuz they're not) but who apparently have just lost their passports and money and need you to wire them funds immediately. But email is insecure in ways far beyond the fact that anyone can email anyone about anything (or nothing). The number of servers which store copies of messages, the way that internal (digital) and external (character) addressing is redundant (and so easily spoofed), the fact that too many people trust their personal information to copies of the same easily-hacked email browser, the lack of encryption in virtually all email messages. So it's bothered me for a long time that email is a critical link in the administrative processes for so many supposedly secure web applications (like electronic home banking, to take one obvious example).

One reason that web-based technologies are so common is that they're tremendously robust. Oh, I know that "robust" isn't the first word that pops into mind for a lot of folks, but the truth is that the World Wide Web never goes down. Little bits and pieces of it (sites and servers) go offline occasionally, but 99.9% of the thing is always up and running. Always. Little other technology even comes close.

So cyber-attacks, whether we consider them acts of war or not, aren't designed to take the whole web down. They're designed to take specific pieces of it down. Or to compromise specific uses of web technology. And, as the recent attacks on Google demonstrate, knowing who's doing the attacking is more easily said than done. Unwinding the artifacts of a cyber-attack is like peeling the layers of an onion. Even if you find a smoking gun, the fingerprints on it may not be telling the truth. A truly top-notch hacker can make you believe you've found the culprit when you've really just found another victim. By comparison, "weapons of mass destruction in Iraq" begins to look like a reliable basis for going to war.

To make matters worse, cyber-attacks are more likely, and more likely to be destructive/fatal, in the future. The more critical are the services controlled and administered electronically, the more attractive cyber-targets become. And we're controlling more and more critical services electronically.

Think about the "smart" power grid. The capabilities ascribed to it are impressive. Literally millions of generation sites (every home and car, in some scenarios). Active real-time management of power flow based on utilization, generation, anticipated demand. The fool thing better be smart, indeed. And if you don't do it electronically, you don't do it.

Web-based technologies are the only ones around that can do the job. And whether those technologies run on the current -- publicly available -- internet or not is irrelevant. Whatever network is used has to be available to millions of sites, at millions of sites. That means it can be compromised at millions of points. And it has to be tremendously robust. Which means it can't be ultimately secure.

The problem is a common one. That which you can't totally lock away -- make unavailable -- you can't make totally secure. But current conceptions of technologies necessary to operate society more-or-less sustainably are inherently complex and must be tremendously robust/available. Which means, ironically, that they're going to be insecure. Vulnerable. To attacks by nation-states, or corporations, or groups, or irate individuals.

The only obvious solution is autarky, or a reasonable facsimile thereof. Robustness on a smaller,potentially sustainable scale. The admittedly limited security of limited exposure. And I'm not just thinking about the power grid.


Please review our commenting policy here.


  • Viewed
  • Commented
  • Past:
  • Day
  • Week
  • Month
  • Year
Back to Top