The goal of the occupation called cyber security grows more demanding
with time, which I need tell no one here. That growth is like a
river with many tributaries. Part of the rising difficulty flows
from rising complexity, part of it from accelerating speed, and
part of it from the side effects of what exactly we would do if
this or that digital facility were to fail entirely -- which is to
say our increasing dependence on all things digital. One is at
risk when something you depend upon is at risk. Risk is, in other
words, transitive. If X is at risk and I depend on X, then I, too,
am at risk to whatever makes X be at risk. Risk is almost like
inheritance in a programming language.
I am particularly fond of the late Peter Bernstein's definition of
risk: "More things can happen than will."[PB] I like that definition
not because it tells me what to do, but rather because it tells me
what comes with any new expansion of possibilities. Put differently,
it tells me that with the new, the realm of the possible expands
and, as we know, when the realm of the possible expands, prediction
is somewhere between difficult and undoable. The dynamic is that
we now regularly, quickly expand our dependence on new things, and
that added dependence matters because the way in which we each and
severally add risk to our portfolio is by way of dependence on
things for which their very newness makes risk estimation, and thus
risk management, neither predictable nor perhaps even estimable.
The Gordian Knot of such tradeoffs -- our tradeoffs -- is this: As
society becomes more technologic, even the mundane comes to depend
on distant digital perfection. Our food pipeline contains less
than a week's supply, just to take one example, and that pipeline
depends on digital services for everything from GPS driven tractors
to robot vegetable sorting machinery to coast-to-coast logistics
to RFID-tagged livestock. Is all the technologic dependency, and
the data that fuels it, making us more resilient or more fragile?...
http://geer.tinho.net/geer.rsa.28ii14.txt
http://geer.tinho.net/geer.rsa.28ii14.txt
No comments:
Post a Comment