Broker Check

Why Are We Here? What Can We Do About It?

May 24, 2021
Share |

This is not a blog about the nature of the universe or the meaning of life, but a post on the Cyber Theory website (https://cybertheory.io/why-are-we-here-and-what-to-do-about-it/) does address these questions in the context of the exponential growth in cybersecurity breaches.

It starts with a "Readers Digest" history of computers and the Internet:

  • Computer architecture was devised by John von Neuman about 1945, and was designed to be insecure. No one then imagined the huge number of computers in use today; Thomas Watson of IBM thought there was a world market for about five!
  • In the late 1960s TCP/IP protocol was designed to allow robust communication over a network.
  • The word "Internet" was coined in 1974 and by the mid 1980s it had replaced private networks.
  • With the focus on functionability, as requirements changed and projects grew security did not keep up.
  • Outsourcing came into vogue in the late 1980s, typically resulting in loss of control over code and infrastructure.
  • In 2000 the "Agile Approach" focused on time and money rather than security.
  • The growing complexity of computer ecosystems led to a situation in which no one in an enterprise fully understands the system, increasing vulnerability and the risk of attacks.
  • In the 2000s digital transformation started, increasing the number of systems connected to the Internet and incentives to breach them.
  • Cloud computing started between 1996 and 2006; it requires more stringent cybersecurity.

We now have a cyber world where the "bad guys" are using NSA-type exploits, Internet proliferation has destroyed borders and cyber attacks can come from anywhere. Quantum computing is going to kill current cryptography. Digital transformation continues to accelerate, and senior executives often fail to understand the problem.

What can be done? There are no guarantees, but we should try to close as many loopholes as possible:

  • Maintain strong cybersecurity hygiene, especially over PKI and domain management.
  • Simplify computer ecosystems as much as possible.
  • Develop a new generation of secure Internet protocol.  Quantum encryption is not yet available, but it will help.
  • Universal use of zero trust.

Billions of lines of code may need to be redeveloped. To quote the Sayings of the Fathers, "The day is short, and the work is abundant".