> HN: This paper is the antivax argument, but for tech. If there was no major digital disaster that does not means that it cannot happen.
No, it's not what the author was saying. I found the paper is advocating a different position.
> Paper: This essay does not claim that a “digital Pearl Harbor” will not take place. One, or more, almost surely will. But that has to be viewed in perspective. Given our inability to build secure system, such events are bound happen in any case. So all we can affect is their frequency and severity, just as with large physical dangers. Further, the likelihood of a“digital Pearl Harbor” has to be considered in comparison to all the other threats we face. The issue is risk management, deciding how much resources to devote to various areas.
I completely disagree with the main thesis of the paper, but I think this perspective is interesting.
It seems the author is using an approach towards network security similar to, say, industrial safety or terrorist attacks: I think everyone at here is familiar with the criticism from cryptographers like Bruce Schneier on terrorist attacks: locking down the streets or putting armed forces and increasingly ridiculous lists of banned goods at airports is mainly a security theater. If a terrorist decided to destroy something, literally everything, from a bus, a market, a train station, an airplane or a park, etc, can be a target. Imagining a movie plot of terrorists attacking a particular target, and putting that target under a ton of superficial security measures is not meaningful for security in the real world.
It seems the author thinks most online attacks work in a similar way.
I think it's an interesting, debatable perspective.
What do you think about it?
You should probably be replying to the one specific person in this thread who said that instead of arbitrarily attributing it to 'HN'.
If security didn’t matter, we wouldn’t have consultants earning 500k+ per year doing glorified QA.
We wouldn’t have the fines associated with GDPR.
We wouldn’t have the public turmoil over the Clinton email scandal.
I don’t think anyone is smarter about solving security problems as a result of reading this paper.
I don’t think anyone’s smarter about shipping products without security as a result. This reads like an apology for the status quo. There are predictable and avoidable financial consequences for anyone who takes to heart the claim that “security is not very important.”
That's like saying "If elevators didn't matter, we wouldn't have elevator operators." But oh wait, we solved that problem. Future generations will likely solve the problem for the need for security. But today's society is so ignorant of the attributes that lead to abhorrent behavior that they cannot even fathom that security will become a non-issue in the future.
a. The web server hosting the tilde directories is very much likely older than the main site.
b. As any uni user can put any HTML on these directories Perhaps not supplying their certificate is an attempt to lower the success of phishing attempts for the main site logins.
Totalitarian states manipulating the political processes of democratic states for their own gain is a giant digital catastrophe.
There was a large social component to it, as is the case with most large cybersecurity breaches.
Big difference between phished and a 0day or an unpatched vulnerability. Can’t patch humans.
When a totalitarian adversary does it to aid their preferred candidate it is.
In the threat model you've described, advertising and social media services were explicitly granting the agents access; they didn't circumvent the cybersecurity layer.
Edit: Maybe you can count it as social engineering, but that would only apply if e.g. Facebook is trying to enforce a policy of "No Russian election/political ad buys", but they don't seem to have a problem doing that once they decide to.
That fact notwithstanding, the hacking of Podesta's emails is absolutely a cybersecurity issue.
Then mugging me of my smartphone is cybersecurity, and the boundary ceases to exclude anything, and we might as well just drop the "cyber" prefix.
This is not revolutionary, it's just not an idea that's been applied on a widespread basis in the cybersecurity realm until fairly recently.
"All along, the constant refrain has been that we need to take security seriously, and engineer our systems from the ground up to be truly secure." The author argues that attention to network security will be and has been growing as proportionally needed. The author compares to cars killing large numbers of people and Hurricane Maria. These are the types of tradeoffs that society has made in the past and continues to make in other areas as well, and if you rank them in terms of the negative aspects it is easy to argue that network security issues are well down the list. The paper does not directly discuss the issue of targeted harassement on the internet and how the various online and offline systems have not really adjusted to this yet (some people saying "crisis" are arguing for such changes, although they might not be the particular people saying "crisis" discussed here). I would argue that a major and general failing of capitialism is that many value jugements end up being made by economically self interested parties rather than society as a whole and that pushing against this tendency wherever it appears is not a bad thing.
"The critics of the standard “business as usual” approach have been presenting to the public both a promise and a threat. The promise was that with enough resources and control over system development, truly secure information technologies systems would be built. The threat was that a gigantic disaster, a “digital Pearl Harbor,” would occur otherwise." I don't see this argument much so maybe I am missing the context of the paper. I do see things like "connecting power plant control systems to the internet could cause big problems", however my sense is that the author would also argue against doing that. The main arguments I see are around individually smaller scale issues (and sometimes the possibility that they will happen many times).
The author doesn't really cover the issue of needed physical proximity, which is much lower on the internet and can make it easy to cross legal boundries and avoid many potential physical consequences. It isn't a pure difference since people can and do pay people in other parts of the world to conduct physical attacks, however it is still a difference and I think it somewhat undermines the argument that "through incremental steps, we have in effect learned to adopt techniques from the physical world to compensate for the deficiencies of cyberspace". Relatedly, falures of different systems can cascade more easily on the internet, although this can certainly also happen in other types of security (e.g. Kevin Mitnick style attacks seem communication system related rather than information network security). The author does touch this issue when discussing how slowing things down can be important for security but doesn't discuss how that is supposed to be implemented in a complex but not that secure world. It seems like there are some potential issues mostly due to wider communication networks and some due to networked information systems, but this isn't discussed. There is currently a lot of pressure for things done on the internet to happen quickly and awareness of the risks might help change that.
Setting priorities can involve both analysis of the tradeoffs and value judgements of what positive and negative options are preferrable. It is the value judgement aspect where I particularly disagree with the paper. While network security isn't a particularly large aspect of my overall value disagreement, I think attitudes toward network security can entrench particular tradeoffs even when those making the value judgements have interests at odd with society in general. Additionally, to the extent that exposure to the internet is becoming required in many contexts (in the US at least) and IoT exposes more of physical reality to internet control, information security issues can make it impossible to make good choices even if well informed and increase the number of uninformed people subject to direct attack from almost anywhere in the world (again, this is not only an issue with information security). Similarly, to the extent that lack of privacy can improve security in some ways, those who are interested in privacy should and do argue for stronger information security in other ways.
The costs and benefits of current global systems (in general, not just information systems) are unevenly distributed and the overall arguement seems made to appeal to those who get more of the benefits and fewer of the costs. One good short argument (not information security related) about this general situation is:
So I agree that information security is in many ways in better shape than other types of security and basic social tradeoffs, but I don't think this means it is in good shape on an absolute scale or that society as a whole, particularly on a global scale, has actually agreed to those changes. I think most people saying "crisis" are arguing for different value judgements and often do so in other areas as well as network security. The internet is a more recent development than many other issues and hasn't been as strongly integrated into society yet, another reason for greater attention.
I'll end with my favorite quote from the paper:
"We do not know how to build secure systems of substantial complexity. But we can build very secure systems
of limited functionality. Those can be deployed for specialized purposes, such as monitoring
large systems for signs of penetrations or corruptions, or ensuring integrity of backups."
I can't say whether this paper is nonsense or legitimate, but people making major contributions to their field and then going off in interesting directions isn't unprecedented.
I appreciate Andrew Odlyzko’s contributions to cs, but this paper is not one of them. It is a fine example of the evolution security nihilism in its final, tenured form.