Sane people, I BEG you: Stop the software defined moronocalypse

Don't drink and derive, kids

Sysadmin blog A raft of potential vulnerabilities was found in whitebox Software Defined Networking (SDN) equipment. This is the beginning of the saga, not the end. The issues with the Internet of Things promise to be far, far worse.

SDN solves a lot of problems and is broadly applicable (once it gets cheap enough). This brings with it a huge attack surface. IoT devices promise convenience and the ability to remove people from repetitive tasks and mundane decision-making events, thus increasing predictability of response and output.

Both SDN and IoT look to be great concepts for businesses. Unfortunately, every new technology, every new layer of abstraction, every piece of ease of use, brings with it new vulnerabilities.

We, as a society, have a choice to make about computers and our overall interaction with them as a society:

  • 1) Do tasks manually, rely on fallible humans, but lower the digital attack surface
  • 2) Do tasks in an automated fashion, but increase the number and layers of IT leading to a larger attack surface

At the moment, our legal and financial environment makes 2) by far the cheaper choice. The cost of using humans to do tasks is high, and the cost of human mistakes goes beyond the incident cost. Today, when a human makes a mistake, there are liability costs to factor in. If a computer drops the ball there's a lot more legal wriggle room.

If we want to reduce the risks associated with choosing computers to do the mundane work, then we need to legislate liability. The market is not going to choose to secure widgets either at the vendor side or at the point of installation without a right swift kick up the backside.

Human nature makes most of us shy away from thinking too hard about the future and we tend to be overly optimistic, both about our chances of being unaffected by events outside our control and our ability to handle those events. (See: The 80% of us who think they are "better than average" drivers, "climate change won't affect me" etc.)

Sponsored: Becoming a Pragmatic Security Leader




Biting the hand that feeds IT © 1998–2019