Nobody minding the store: security in the age of the lowest bidder

So, to recap: Satellite communication systems worldwide are “protected” by easily cracked hard-coded passwords. The private internet connecting the world’s mobile phone operators remains replete with vulnerabilities. Russia has successfully hacked into American power-plant control systems. Oh, and voting machines in use in 18 states can be remotely hijacked.

Just stole an election at @VotingVillageDC. The machine was an AccuVote TSX used in 18 states, some with the same software version. Attackers don't need physical access–we showed how malicious code can spreads from the election office when officials program the ballot design. pic.twitter.com/wa97HWqlv5

— J. Alex Halderman (@jhalderm) August 11, 2018

Do you see a theme here? We assume that everything is fine, that the world in which we live rests on solid foundations, that competent grown-ups are in charge of the fundamental infrastructure on which our society rests, which have been constructed as fault-tolerant, resilient systems. We assume somebody somewhere is at the switch, keeping a sharp eye on things.

In some cases, such as aviation, that does indeed seem to be the case. In others, the infrastructure is too decentralized and disconnected to be seriously at risk. But in far too many others, our we have constructed a perfect-storm-in-waiting of tightly coupled networks, zero oversight, and laughable attempts at security. Authority without responsibility, in other words. And in those cases, the assumption that our structural foundations are fine is a laughable pipe dream.

Reminders of this state of affairs come every month, with every infosec conference, every excited burst of news coverage following the discovery of a new high-profile hole. We patch the holes — maybe — but we don’t change our approach. At last week’s Black Hat conference, its creator Jeff Moss mused: “attackers have strategies, but defenders only seem to have tactics.”

This is tacitly deliberate. We could have a strategy of hardening our collective infrastructure to improve its security, but the daunting list of upgrades (or downgrades) that would require would be ruinously expensive. This isn’t a problem unique to information security: for instance, 54,000 bridges in America need repair, too. Are we going to repair all 54,000 anytime soon? Don’t make me laugh.

I’ve observed while travelling that one of the most striking differences in quality of life, between nations with comparable wealth, is simply what’s culturally acceptable. (A famous example: in Japan it is not culturally acceptable for trains to be late. In wealthier America … not so much.) The only way we’re going to harden our infrastructure, and fix our bridges, if it becomes culturally unacceptable for them not to be fixed.

I don’t see that happening. Instead, in a wealthy world of increasing economic disparity, I expect us to increasingly see two-tier infrastructure; stable, secure, reliable infrastructure for the 20%, and a haphazard, kinda-mostly-functional, vulnerable tier for the 80%. “Natural monopolies” such as power grids will be replaced by e.g. private solar power and PowerWalls. At some point one of the US mobile phone provides may well decide that it’s strategically worth it to become the Apple of phone service, charging twice as much for far better service and security. Etcetera.

Unless, of course, some kind of perfect storm arrives first, and our security problem turns into a genuine crisis, or even catastrophe. I’m an optimist; I don’t think that will happen. But it’s increasingly hard to ignore the possibility.

Leave a Reply

Your email address will not be published. Required fields are marked *