Security as a public health discipline, not an engineering one

In my latest Guardian column, If GCHQ wants to improve national security it must fix our technology, I argue that computer security isn't really an engineering issue, it's a public health issue. As with public health, it's more important to be sure that our pathogens are disclosed, understood and disclosed than it is to keep them secret so we can use them against our enemies.

Scientists formulate theories that they attempt to prove through experiments that are reviewed by peers, who attempt to spot flaws in the reasoning and methodology. Scientific theories are in a state of continuous, tumultuous improvement as old ideas are overturned in part or whole, and replaced with new ones.

Security is science on meth. There is a bedrock of security that is considered relatively stable – the mathematics of scrambling and descrambling messages – but everything above that bedrock has all the stability of a half-set custard. That is, the best way to use those stable, well-validated algorithms is mostly up for grabs, as the complex interplay of incompatible systems, human error, legacy systems, regulations, laziness, recklessness, naivete, adversarial cunning and perverse commercial incentives all jumble together in ways that open the American retailer Target to the loss of 100m credit card numbers, and the whole internet to GCHQ spying.

As Schneier says: “Anyone can design a security system that works so well that he can’t figure out how to break it.” That is to say, your best effort at security is, by definition, only secure against people who are at least as dumb as you are. Unless you happen to be the smartest person in the world, you need to subject your security system to the kind of scrutiny that scientists use to validate their theories, and be prepared to incrementally patch and refactor things as new errors are discovered and reported

If GCHQ wants to improve national security it must fix our technology

(Image: File:CoughsAndSneezesSpreadDiseases.jpg, Wikimedia Commons, Public Domain)

Notable Replies

  1. But the most powerful people in the world have told us that in order to be safe from this plague, we need to submit to regular bleeding. If we were to decide that bleeding causes more harm than good, then suddenly the ones who claim to be helping us, are exactly the kind of people we need protection from.

    Bloody or bloodless, only a revolution can change this situation. Anything less, results in a more secure system of lies.

  2. Three years ago, I was wishing for accurate IT Epidemiology metrics. My conclusion is, it was unlikely to happen as long as the Security industry was dominated by secrecy, superstition and self-interest.

    But, just close your eyes and wish with me. If the NSA was restructured as Schneier proposed, we might end up with a well funded government group devoted to the defense of the internet.

    • We would get meaningful metrics that help us define the effectiveness of various security measures.
    • We could eliminate the specter of mass DoS attacks.
    • We would dismantle the large criminal botnets.

    And a pony. I'm pretty sure each security professional would get a pony.

    But, the forces of death and destruction have grown so potent, so fearless, it seems they believe we can't turn away from our dark path.

    I pray we can somehow prove them wrong.

  3. LDoBe says:

    Scientists formulate theories that they attempt to prove through
    experiments that are reviewed by peers, who attempt to spot flaws in the
    reasoning and methodology.

    /Blackout Rage

    Science is the other way around: Scientists formulate an hypothesis, then try to disprove it.

    Cranks are the ones who formulate their theory first then search for supporting evidence. Scientists develop theories from a number of hypotheses that have withstood the testing. These theories then make new predictions, and tests are formulated in a way that is the most likely to break the theory. If even a single prediction fails the experimental testing, then the whole theory must be either thrown out or modified in some way so that it will become more parsimonious.

    tl;dr: Explain the scientific method the correct way forward, instead of backwards.

  4. an kxkxkx... worsening headache ...please don't do that.

    I know it comes from the Greek, but it's often pronounced with an initial h in the English.

  5. Sadly, I think the NSA will only be reined in down the road once more Americans lose money because the rest of the world decides American tech is inherently less secure due to NSA meddling. It'll be about the money instead of any concern for our beaten, tattered and absolutely despised US Constitution.

    Until the NSA can be commandeered to be in service of the American public instead of being a corrupt lapdog of corporatist scumbags, they will continue the path of unconstitutional and corrupt suspicion-less surveillance instead of targeted surveillance that can actually protect the public in some circumstances.

    Maybe further down the road they can even focus on helping the public to be more secure, but I'm not counting on it considering how profitable and powerful it is to be able to destroy political adversaries (and activists), pluck business secrets and generally fuck over anyone and everyone who is unfortunate enough to cross their corrupt paths.

    I guess it all comes back to taking over our own government and getting to the root of the evil in the first place:

    Gotta start somewhere...

Continue the discussion

7 more replies