This article is more than 1 year old
A Code War has replaced The Cold War. And right now we’re losing it
There’s always someone to blame for bad infosec, but never a willingness to make meaningful change
Column Remember the Cold War? For me, growing up in America meant living under the permanent, intangible threat of sudden vaporisation by thermonuclear attack. It added a piquant pointlessness to everything. Ashes, ashes, all burn down.
Yet the world stubbornly refused to end. Communism collapsed, Western neoliberal democracy seemed triumphant.
Then just as we entered a phase of peace and prosperity, the internet came along and ruined everything.
It took some time; Rome was not destroyed in a day. And we should have seen it coming. A full year before the Berlin Wall came down, the Morris Internet Worm took the then-tiny internet down with an exploit drawn from weaknesses in sendmail, finger and remote shell. In 1989, Robert Tappan Morris was arrested and prosecuted under the then brand-new Computer Fraud and Abuse Act.
I’m increasingly of the belief that instead we should have given him the Presidential Medal of Freedom.
How do we combat mass global misinformation? How about making the internet a little harder to use
READ MOREMorris showed us the weaknesses of connected systems, demonstrating in code that every connection represents an attack surface. At a moment time when those connections began multiplying exponentially - from hardly any to almost everything - we could have heeded the message instead of shooting the messenger.
Flash forward thirty-two years and we can see that the landscape we inhabit today could have been predicted. And that means it could have been avoided.
Instead, we see the SolarWinds hack, described as a “digital Pearl Harbor”, so extensive is its scope. And the hits keep on coming, from odd malware worming its way into tens of thousands of macOS systems, to motherboards that allegedly record and transmit data back to servers in China, and even corrupted dependencies in the software stacks used by - well, pretty much everyone, everywhere.
Connections can be powerful, but with great power... you know the rest.
So who’s responsible? We try to blame users, or lazy manufacturers, or obscure procedures or “bad actors” (which, depending on the paranoia of the day, can range from Russia to cryptocurrency-fueled ransomware dealers.) There’s always someone to blame, shifting responsibility for the failure carefully away from anyone who otherwise might be forced to change what they’re doing.
If this goes on, the scope for networked collaboration will continue to dwindle, until it disappears completely behind walls of denial and compromised infrastructure. This problem is not moving toward a solution. It’s not even in some sort of status quo. It’s getting worse. Rapidly.
It’s long past time we faced that ugly truth. And took responsibility.
That means putting an abrupt pause to software and hardware systems development as they’ve been practiced for the past 30 years. Throwing out the practices that landed us here and acknowledging the real message of the Morris Internet Worm: the Cold War ended, but the Code Wars began.
Like the Cold War, the Code Wars won’t have much of a body count and might never flare into outright violence. But when we peel back the cool surfaces, we witness the same titanic battles for power and control, this time using cyberspace as a platform for dominance - just as, militarised by ICBMs, outer space became the premier platform for dominance in the Cold War.
Space may also point the way toward a solution. Reagan’s largely fanciful "Star Wars" program accelerated the Soviet Union’s slide into economic and military collapse. It may be possible that a similar approach - using "moonshot" technologies like artificial general intelligence and high qubit quantum computing - could place the defenders so far ahead of the attackers that assault becomes effectively impossible, or makes continuing combat ruinously expensive. Although far from guaranteed, we could put an end to the Code Wars by changing the game.
Is that sort of doubling down on computing exactly the wrong approach? Whatever we do, we can’t keep doing what we’re doing. Denial has stopped working. Either we lose the game – or we change it. ®
Biting the hand that feeds IT
