The CrowdStrike Internet disaster prompted me gather some thoughts which have been percolating in my mind for a while. The CrowdStrike event puts a little different spin on them and perhaps, if desirable, will get my thoughts more attention. Of course, this could be my naivete and everyone else already knows all this.
When I worked in the Cyber Security Group at Pacific Northwest Laboratory one of the things I was asked to do was to review and comment on a DHS proposal for making the Internet more secure. In the paper was the suggestion that the Federal Government have a central location with gatekeeping capabilities to isolate sections of the Internet from each other to prevent worms from spreading to the entire Internet. I advocated against this because having a single (even if somewhat distributed) point of control/failure would make it an exceedingly attractive target. Sure, it could be made very secure. But with that big of a payoff for access it will be attacked by the best of the brightest of most nation states as well as those with common criminal intent. When the bad guys inevitably get access, those who intended to make the Internet more secure will be responsible for enabling a catastrophe.
I suspect most large companies are in a similar situation and/or are inadvertently working toward one. At my company most of our security monitoring is being migrated into the cloud. I can’t imagine a major corporation not using Office 365. Which depends on Azure. And I’m sure many other critical or nearly critical products are could based in every company. I used to work at Microsoft and trust Microsoft to do a good job with their security/reliability/etc.. Amazon and Google do as well or better than Microsoft, but the payoff for breaching one of these cloud providers is so great that I find it difficult to imagine it won’t someday be breached/shutdown in some form.
Of course, the same goes for any highly used system. CrowdStrike probably wasn’t breached. But it was a single point of failure for a large section of the planet. And the consequences of this accident probably cost billions. And I shouldn’t have to remind anyone about the SolarWinds hack and how many companies that affected.
And if you want to get really concerned, think of what happened in the TV series Battlestar Galactica. The enemy robots compromised all the computerized systems of human civilization and used that to hide their nuclear strike and suppress the defenses. We now have AI built into our computer security. Enemy robots don’t even have to break and enter. They just need to convince their AI cousins to switch sides.
I don’t know that there is a practical solution. I know what I advocated for in the DHS proposal. I advocated for independent solutions providing diversity and redundancy of the Internet. Even if you postulate an infinitely benign government, government control of everything is a single point of failure.
Having diverse hardware, software, processes, and people (hardware and software are not the only things which can be hacked and/or broken) is very expensive to implement, operate, and maintain. And redundancy is a surprisingly difficult task. As a Boeing Reliability Engineer once told me, “It doesn’t much matter how many backup systems you have. What matters is, how independent they are.” Having the ability to land safely with three out of four engines shutdown doesn’t matter if someone contaminated the fuel in the supply truck.
Perhaps there isn’t a practical solution. But people should at least be aware and hence they may be able to mitigate risks in some instances.
