What would world civilization look like if the US collapses?

Doomers' worst nightmare: a sustainable mid-tech, high culture global civilization, plagued by endless failing genocides.

Civilization would survive just fine. But it might not be a robust high-tech 21st century civilization. That might actually be a good thing - it's hard to tell. 

I've written an essay explaining how I came to this conclusion.  Medium says it should take about 8 minutes to read.  But if that's too long for you, here's an extended summary.

The United States in early 2024 is in a political situation where collapse into a quasi civil war like "the troubles" in Ireland seems like a possibility.  Elected politicians in Texas are calling for military-aided defiance of Federal authorities, supported by governors of 25 other states.  But unlike the first US Civil War in the 1860s, there is no sign of the creation of large state armies to oppose the US Army, and the states themselves are internally divided to the point where a next war would be as much of a "war within the states" as a "war between the states".   Nobody in the Texas Legislature is proposing to fund the Texas Military Department to a level where it would pose more than symbolic opposition to Federal forces.  It's more likely that violent opposition to the United States would take the form of "stochastic terrorism" (I prefer the term "freelance terrorism") - bombings and random mass shootings. Whether these could become focused enough to target Federal buildings and political gatherings seems doubtful.

But it's interesting to imagine what might happen if the US went into a collapse as deep as the Great Depression of the 1920s, that somehow became permanent.

The global impact of US collapse would span five realms: general economic activity, social and cultural activity, geopolitics, technological development, and environmental stability.

The loss of the US as an economic force would severely but not seriously damage the global economy. The Dollar would lose its role as the world's reserve currency, and this would have a tremendous impact. The World Bank, the Euro, and the Chinese Renminbi are waiting to take over if the situation becomes intolerable, though.

Global culture would not be significantly affected. High culture of symphonic music, fine art, and fashion has always been ruled by Europe, and would stay that way. 

Geopolitically, the long-predicted end of the Pax Americana would finally be realized, though the Great Game of pre-WWI colonialism is gone forever, never to return.  The Mideast would continue to be the same mess of intra-Islamic jihadism that it's been since the end of the Ottoman Empire.  China's dominance in the Far East would finally be unquestionable.

Attacks on Taiwan would lead to a major technological setback, since the most powerful semiconductors are made there by TSMC. Software to use the computational power of those semiconductor devices might lose its creative momentum that originates in Silicon Valley, The tech giants are fully globalized and can easily migrate transactions and data from their already fortified datacenters to ones in less unstable areas.

Advanced electric power technology would easily be able to fill in the gap caused by the loss of the US.

When it comes to transportation, the US is no longer the uncontested leader in technology, but only a participant in a close race. The US is losing its lead in aerospace technology.  The US is not even in the running for the lead in advanced railroad technology. Automobile and truck technology has long been a global competition, and the loss of US auto manufacturing would wound employment in Mexico and Canada, but not significantly elsewhere.

The environment continues to be destroyed at a rate exceeding its restoration regardless of the details of civilizational conflicts, although there are macrotrends that act to slow the rate of destruction. 

As long as the High Income countries (aside from the chaos-plagued US) continue to produce pollution-reducing solutions, as Low and Middle Income Countries graduate into the upper tier (and assuming that the World Bank and OECD don't move the dividing lines) their improving governance and economic incentives will lead them to reduce their emissions as well.

As we sum up the effects of US chaos in the five realms of global civilization beyond climate, it appears that short of a global thermonuclear war, the chief threats are related to reduction of silicon and lithium processing capability for computers, photovoltaic power sources and batteries.  These capabilities are concentrated in the Western Pacific, and it's essential that the rest of the world build up resiliency against disruptions there.

As long as environmental and climate deterioration can be reversed, the worst that might happen would be a reversion to the American lifestyle that was pervasive in the 1970s, before everyone had PCs and smartphones. With Total Electric Homes and electric cars in garages, this could be quite tolerable.

The Byzantine Generals Problem also applies to politics with lies and misinformation

The classic work on the Byzantine Generals problem, arose in the context of fault-tolerant computing.  The Wikipedia entry on the topic is titled Byzantine Fault.   Thinking about the problem for reasons that I can't recall, I recently realized that it can apply to political systems infested with lies and misinformation. Studies of this aspect are hard to find, if they exist at all.  

Leslie Lamport's 1982 paper is concerned strictly with systems that use only point-to-point communications, rather than political situations where miscommunications are broadcast to audiences of various sizes. Its successors are (almost?) exclusively about improvements to the amount of messages needed to be sent to prevent any faults at all from being concluded.  The remainder are concerned with the consensus mechanisms for cybercurrencies, and rarely go into any mathematical depth about the consensus formation problem itself.  I expected to find discussions of this in the economics or political science literature, but my web search skills, such as they are, didn't uncover any.  Maybe their vocabulary is totally disjoint from the computer science vocabulary?

What political scientists should want to know are things like how the probability of a false consensus varies as the probabilities of any particular general generating a lie, and the number of variably lying generals changes.  If everyone lies, but nobody lies very often, how much worse or better is that then a situation where some generals lie all the time?

The least bad news is that autocracies can be consistently subverted if at least 1/3 of the "lieutenants" fail to follow the generalissimo. The Achilles heel of all the variations seems to be vote-counting systems. Open voting, like legislative roll call votes, appears to be most robust to miscounts. Open counting of secret ballots can also work. It's why vote-counting machines must be fully open source.

Improving assessment of authentication via some formalization: Preliminary considerations

Authentication used to be easy: collect a username and password, and check the password.  Now it's so complicated that it takes hundreds of pages to specify how it works, and you have to be a talented professional to know if something built to the specification is trustworthy.  

And the requirements for authentication have grown equally large and complex -- a single identity spans multiple implementations, with delegated identities, so authentication is often performed by a different organization than initial registration of an identity, and probably with different policies that need to be coordinated. 

It's no longer possible for a single person to have the privileges and resources to learn and comprehend all the implementations used by a single identity. This means that even if you're a specialist in authentication systems, you can't be sure that the authentication framework that's used by the people that you're responsible for actually fulfills its requirements.  If you're an ordinary user, you can only trust that the social-economic effect of millions of other users like you has enough of a cumulative effect towards trustworthiness that the system is reliably usable.

Perfect trustworthiness is impossible. It's not even possible to clearly and consistently judge how close to perfection we actually attain with real-life systems.  But we can make it easier to understand how it all works and to analyze where the weak points are. Formal methods are the standard recommendation as the way to assure consistency in designs: they replace ambiguous verbal descriptions by strictly defined notations.  But if the problem is complexity, the formal descriptions must be just as complex as the verbal descriptions, and they will make the unattainable demands on the mental capabilities of the security specialists who are trying to use them even greater, since they define yet another language that must be learned and understood, in addition to the natural English of the informal descriptions.

We need tools that will ease the burden of validation of authentication systems by automating the consistency checks themselves. And we need those tools to be usable without imposing their own intolerable complexity demands on their users.

We could start a search for such tools by looking at automated proof assistants, like Coq and Lean.  These turn out to be written for mathematicians, not practicing developers who need to prove the correctness of real-world software, much less application specialists like security analysts.  Maybe we could use languages based on principles learned from proof assistants, such as dependent types.  But no, these are still mostly research projects, and the most promising of them, Agda and Idris, aren't under active development any more, and the dependent type language developed in The Little Typer is a toy language not intended to be used seriously.

Making a long story short, we could look at popular functional languages like Haskell and OCaml, and reject them as being contaminated by too much syntax to learn for the value they provide in utility as modeling tools. (Figuring out what functional languages are good for, if anything, is a continuing adventure.)

In the end, we want a small set of properties in our modeling language:

• Static typing, because we want to check the model, not execute it.
• Classic Euler function syntax, i.e. f(x), rather than some Polish notation with too many parentheses (Lisp, typed Racket) or with no parentheses at all (Haskell, OCaml).
• Functional capability, in order to capitalize on the amazing proof properties of the Curry-Howard-Lambek correspondence if we can, as well as all the other integrity-enhancing properties of the functional programming paradigm.
• Minimization of the amount of transformation needed to process JSON descriptions, since we want to describe the essential properties of authentication systems as a finite-state machine, in a simple, well-known data description language like JSON.

A modeling language with these properties won't provide the ability to check for everything we want to confirm about authentication systems (like resistance to side-channel or hardware attacks, or even the standard correctness properties), but they allow us to address several of the biggest concerns: 

• Completeness: that the descriptions don't have undocumented gaps where loopholes and backdoors can lurk, and that the descriptions themselves aren't so complicated to understand that we inadvertently skip over key parts, and miss important errors that they might contain.
• Consistency: that all the components of the description fit together as claimed
• Clarity: that the descriptions don't rest on ambiguities inherent in natural languages in order to achieve a false sense of consistency
• Absence of hidden weakening: "A chain is only as strong as its weakest link." Complex systems contain many points where it is possible for weak cryptography to slip in without notice, often in the form of short or weak keys, or as obsolete, broken algorithms.
• Key traceability, in two forms:
• Password identifiability: all users who can create, view or change a password are known. All too frequently, there are privileged administrators who can compromise security without any evidence of their misbehavior being recorded.  This is of course a key concern for privacy maintenance of information that isn't security keys, as well.
• Auto-generated randomness: many security algorithms are dependent on the system generating a random number that is often immediately used and discarded, but other times may be preserved for a long time, e.g. across system restarts.  It's important to know where these numbers originate from, and that they are cryptographically secure, i.e. unpredictable in the short run as well as unpredictable in the long run.
• Secure events are securely logged: Logging of key events should be onto write-once media, or distributed onto a public blockchain that is immutably and irretrievably copied.

This gets us to subsets of either Typescript or Gleam as our quasi-formal modeling language.  We'll write about these in a future post.

Passkeys - a password killer at last?

 Betteridge's Law of Headlines is right again.  Nope.

Ars Technica has an enthusiastic article triggered by an announcement that a few more companies have jumped on the FIDO Alliance Passkey bandwagon.  The Ars commentariat remains skeptical.

I've not yet encountered a passkey authentication prompt in the wild, so maybe that bandwagon isn't rolling as fast as its sponsors would like you to believe.  The key thing to try to understand is who the audience for passkeys is: It's the connected person in a connected world.  If you're a person who has a phone, a smart watch, a notebook, and a desktop PC, and your house has an Amazon Echo or three, and you despair of keeping your accounts synchronized and secure, passkeys might help.

If you're a low-tech person, or a security-conscious person who doesn't trust the ability of tech giants to create and manage securely interoperable infrastructure, this is just more unwanted complexity.

For example, my Mother lives in a small town, and her bank's website doesn't support even basic SMS or voice callback two-factor authentication, because their customer base is so unsophisticated that they wouldn't tolerate the hassle.

Enormous companies like ATT are so disorganized that they can't manage a two-factor system that supports more than one phone at a time.  To think that they'll be able to do a clean, secure job of deploying passkey technology is laughable.

Yubico, who makes security tokens, has a nice chart showing how deeply dependent passkeys are on having smart devices fully connected to the cloud.  If you ever travel out of range of cell service, you're out of luck.

Keep buying the latest and greatest model of all your devices, and you be OK most of the time.  Stay in your box, and you'll be fine.

Where to spend a billion dollars improving the world? Desalination tech R&D.

Updated at the end...

Conor Friedorsdorf has a columm in The Atlantic.  This week, he asked " Say you received $1 billion to spend on improving the world. How would you spend it? Why? "

My first reaction was "only a billion?"  That probably won't even get you a seat on the board of Twitter. It might take a hundred billion to buy out Mark Zuckerberg's privileged shares of Facebook.

How about making an impact on a major global public health issue?  In 2016 the Bill and Melinda Gates Foundation announced that they would be spending $4 billion through 2021 in the fight against malaria.  Their current commitment is apparently down to about $250 million per year.

For a mere billion dollars, you're going to need to spend the money on something that will have significant leverage.  For ongoing impact, the best thing would be not to spend the entire amount all at once, but to invest the billion, and harvest the income that it produces, while reserving enough to keep the principal growing at a slow rate. That income might be $100 million a year if you choose good investment managers.

Then target your gifts at subjects that will themselves provide leverage.  For $100 million a year, you can sponsor free broadband Starlink satellite internet for about 50,000 households.  That's almost exactly the number of households in the Navajo Nation counted by the 2010 census.  With an unemployment rate approaching 50% and a population that mostly resides in a desert landscape far from urbanized areas, often without electricity or running water, internet access will create a launchpad to education and job opportunities that are inaccessible today.

But improving the lives of a hundred thousand people or so is far from "improving the world".  We need even more leverage. This means investing in technology to improve the world, in order to lower its cost and make it available to people whose lifestyles are not yet improved to the levels that the rest of us enjoy.

The basics are, as usual:

0. Stable governments and economic systems.  It's hard to see how these can be achieved by spending money.

1. Clean water

2. Electricity

3. Communications technology. Over the long term, education enabled by widespread internet access can lead to improved government, until advanced social media algorithms enhance factionalism and social unrest.

The adjectives "affordable", and "universal" go along with each of these.  According to the World Bank, there are nearly 700 million people with incomes below $1.90 per day.  That $1 billion could give each of them a one-time gift of $1.42.  The huge number of radically poor people creates a serious challenge to any attempts to lower costs on the basics to the "affordable" level for the goal of "improving the world".  But if we don't work on it, we'll surely never achieve it.

Electricity is making great progress towards becoming "too cheap to meter".  If you put solar panels on the roof of your house, you've already got that unmetered power. Your panels feed into your house wiring on your side of the electric meter, and their power doesn't get metered unless your panels overproduce and you sell your excess back to the grid.  Global investment in solar and other renewable power sources is huge, and it's very difficult to find an aspect of it where an additional billion dollar investment would make a significant impact.

So consider access to clean water  While great progress has been made in improving this situation, in 2020 nearly 500 million people still did not have access to safe drinking water, according to WHO/UNICEF Joint Monitoring Programme (JMP) for Water Supply and Sanitation. In many places, installing a simple pumped well or capturing rainwater can solve their problem.  

However, water in desert and near-desert areas is not so easy to obtain. There are many coastal areas where the demand for water exceeds the supply, such as Southern California or the Middle East, and large-scale desalination systems are already in operation.  Even far from coastal areas where fresh well water is absent or depleted, there are often brackish aquifers that are unsuitable for drinking as they come out of the ground, but can be made drinkable with minor desalination.  Desalination of groundwater is already affordable in places as far inland as El Paso, Texas.  With cheap solar electricity abundant in sunny desert climates, the energy efficiency of desalination is not so much of a problem.

If there's no groundwater or rainfall available at all, it's tempting to look to air capture of the water vapor in the atmosphere.  In a few places in the world, it never actually rains, but local weather conditions produce foggy days with high humidity where condensation equipment might be already effective.  But in the deep desert with relative humidity in single digit percentages, it's necessary to process a lot of air in order to obtain a few liters per day of drinkable water.  With cheap solar panels, this might be affordable.

I would spend my hundreds of millions of income from that billion dollars in funding R&D towards lowering the cost of water processing.  The demand is insatiable and warming climates are making drought a new normal state.

 

Update

 

The Atlantic published Friedersdorf's summary of the comments he received. 

Desalination and water treatment was the solution offered by a couple of other writers as well.  Of the other suggestions, the ones that I liked best were concerned with strengthening the bottom of the food chain, by encouraging agricultural practices that enhance the soil, and by simply buying up tropical rainforests, removing them from the threat of clearcutting by exploiting capitalism against its more short-sighted impulses.  The latter is of course, exactly what the tropical programs of The Nature Conservancy do.

I thought that the suggestion to make profiting in any way from untrue speech unlawful, just like making false claims about material products is already illegal, was interesting.  It might be difficult to phrase such laws to prevent criminalization of fiction writing or even telling kids about Santa Claus, though.

Automated social engineering of SMS enhanced authentication

There’s a journalist’s slogan about the threshold for a reportable story that goes something like “Once is an accident, twice is a coincidence, three times is a trend.”  Looks like bots that capture one-time-passcodes sent via SMS without human interaction have passed that level, as a report from Motherboard details.

The NIST has been deprecating SMS as a factor in multi-factor authentication since 2017, because SMS-based OTPs are vulnerable to man-in-the-middle attacks. These attacks are now automated.  Once the attacker has gotten your username, password, and phone number as part of a cache of breached millions that they’ve acquired, they’ll do a partial login to your account on a target system, then the authentic system will send you your SMS code, and the attacker’s bot will phone you and pretend to be the target’s security organization and ask you to confirm the SMS code via your phone keypad.

I found out about this via a finance blog that I follow.  When a security vulnerability has reached a level of visibility that financial pundits are writing about it, it’s time for financial systems to convert to a more secure method.  The report from Intel471 offers some suggestions

More robust forms of 2FA — including Time-Based One Time Password (TOTP) codes from authentication apps, push-notification-based codes, or a FIDO security key — provide a greater degree of security than SMS or phone-call-based options.

Unfortunately, sometimes even simple solutions like physical tokens are unfeasible.  The small town bank that my mother uses has a customer population that is so unsophisticated that they are unable to handle any kind of online authentication more sophisticated than a password, and Mom has trouble remembering hers.

Avoiding check fraud by closing the identity and integrity assurance gaps

Banks and the companies that banks work with that print paper checks have incorporated a host of anti-counterfeiting measures into those checks, but the use of mobile deposits erases the benefit of those measures.  When you make a mobile deposit of a check that you have received, your phone's camera, which has limited resolution, doesn't have the ability to capture features such as watermarks and microprinting and relay them to the bank for verification.  Then when the bank creates a permanent record of the check image, it throws away even more information and stores only a low-resolution black and white bitmap of it - without even shades of gray.  This is very efficient for storing records of trillions of checks, but it creates an opportunity for forgery.  

The checking system thus relies on accounting integrity as the final detector of fraud of any kind.  As long as the check writer regularly computes their balance, any fraud will be detected, and the specific method of accomplishing that fraud can be identified by working backwards through the steps of check processing and clearing.  This is not really satisfactory, since by the time the fraud has been discovered, the check may have cleared and the funds transferred to the criminal, who has had plenty of time to escape and cover his tracks. 

Forged and altered checks need to be detectable at the time of presentation for payment, not long afterwards.  To do this, they need end to end integrity features that are associated with the check at the time that it is created.  When the check is converted to electronic form by a mobile banking app, the features need to be electronic from the beginning, and associated with the paper check and the person who is creating it as they are writing.

For business checking, where the checks may not be created by a single person, but by software and printers under the control of a team authorized by treasurer or CFO, a large number of business anti-fraud measures have been developed.  Most of these don't provide end-to-end integrity for a check that may be converted to electronic form at multiple stages of processing.  One that does is positive pay (and reverse positive pay), but, it is often implemented in ways that are unsophisticated in both their technology and process aspects, and often works on timescales that do not pretend to approach real-time.  With smartphone-based mobile deposits, it's no longer necessary for a check recipient to travel to a bank or ATM to deposit a check; a check can be deposited within minutes after it is received from the writer, as well as allowing the fraudster to avoid all the video and multiple ID checks that are involved in those other methods.

There are at least five general ways that end to end electronic integrity measures can be added to the checking process.  All of them are extensions and improvements to positive pay, with cryptographic assurance of the values of the check, making altered checks or fraudulently created checks almost impossible.

1. Interactive positive pay. When a check is created, the person writing the check enters the check's amount, payee and other information into their online banking account, or their mobile banking app.
2. Smartphone check image preauthorization. When creating a check, the person writing the check snaps an image of it immediately, before delivering it to the recipient.  This function uses much of the same functionality that is already in the mobile app for mobile deposits.
3. Pre-registered print-on-demand checks. Instead of using a checkbook full of preprinted checks, the online website or mobile app creates a printable image of a check, prepopulated with the values intended to be paid and a digitized version of the writer's signature, and decorated with security features that are unique to this particular check.  The digitized signature is conceptually similar to what happens with mass-produced checks from the government and other sources.  The Secretary of the Treasury doesn't personally sign each one of the tens of millions of IRS refund checks that are issued each year.  The paper result is simply an "original" of the replacement "substitute check" that is already approved for use when an original check had been destroyed by a bank during processing, along with the anti-fraud measures that it incorporated. The per-check security features on the on-demand original can include digital signatures printed in an optically-scannable font along with the MICR account information, in the form of a QR code or other barcode, and additional subtle watermarks in the printing that are designed to withstand the data loss from compression as checks are digitized. And in the process of composing the on-demand check, the website or app creating it can file protected pay data with the issuing bank.
4. Camera-equipped smart checkbook. Using a smartphone to record a check image as soon as it is written requires the writer to remember that the recording is needed, pull out the phone, open the banking app, focus and snap the photo.  A camera built into a checkbook, connected to the phone via bluetooth, or even with a standalone LTE cellular data subscription, reduces all these steps to a one-button operation and can be designed to provide for the close focus and perspective corrections needed to give highly repeatable images. A nanocomputer board and camera module can cost less than $20, even in small quantities, a cost comparable to a consumer shipment of paper checks with all their security features.
5. Smart carbons, using a penpad checkbook. The ultimate in usability for check preregistration would be to capture the digital properties of the check from the writer's pen while the check is being written. Using technology like the 2015-era HP Pro Slate with Duet Pen, a checkbook equipped with a special pen and writing surface would provide a user experience identical to the current experience of writing an unregistered check, but with digital security that is fully end-to-end, eliminating the possibility of undetected forgery or alteration.

Trustworthy data on the amount of check fraud occurring in the US annually are hard to find, with estimates ranging from $1.3 billion to nearly $19 billion.  Unfortunately, the many stages and organizations involved in check processing make it difficult for any single participant to justify the investment needed to bring checking security in line with 21st century best practices.  

Alternatives to checks, but with better security

Perhaps the best strategy for a consumer interested in improving their own checking practices is to try to eliminate checking entirely.  Payments that occur regularly can be converted to ACH auto-debit payments, although the ACH system has its own security issues.   

Checking accounts commonly are provided with debit cards used for ATM transactions that can be used for payments instead of ACH debits or checks.  If a debit card is used fraudulently, a new card can simply be re-issued without the hassles of closing the affected account and opening a new one.  Most debit cards come with an explicit zero liability guarantee, as well.

Credit cards are superior to debit cards, since they have a credit limit that will cap the possible damage should the card be used fraudulently. The only way to avoid the trouble of visiting the website of every company that has been setup for autopay and changing the debit to a new card, however, is to obtain a separate credit card for each recurring payment.   (Although if you keep all those cards in the same wallet, someone who obtains your wallet can misuse an amount up to the total of their credit limits.) 

Finally, for person-to-person payments, people with smartphones can use apps like Venmo or Zelle instead of cash or checks. They provide an end-to-end chain of cryptographically assured authentication and integrity checks via the smartphone's security modules and the app's authentication features.  Unlike checks or debit and credit cards, or even ACH transfers, though, there's essentially no way to stop or reverse payment if the recipient acts badly.  They should be used only with people you trust and have continuing relationships with.

Regardless of the improved convenience and security capabilities of check alternatives, paper checks are not going away any time soon.  Users of checks should take advantage of available positive pay and autocarbon features to improve their integrity, and banking and check processing institutions should investigate the further advances that are possible.

The Colonial Pipeline ransomware incident confirms why capitalism is so bad at risk management

Lest we forget, in early May, the largest pipeline in the Eastern US was shut down for a week because malicious software had been infiltrated into many of its administrative systems.  “In an abundance of caution”, the entire company was shut down, including the pipeline itself.  As of this writing, the full story has not emerged, but the most likely reason for the operational shutdown seems to be that although the control systems for the pipeline were fully isolated from the rest of the company’s network, and unaffected, the company’s billing systems were inoperative, and deliveries of gasoline could not be accounted for or charged for.

The consequences of the shutdown were quite serious. Deliveries of fuel to gas stations were halted, their tanks ran dry, and people throughout the Eastern US were unable to refuel their cars.  Stories of hoarding of gas in plastic bags began to circulate.

Lost in all the discussions of cyberattacks and the role of cryptocurrency in ransom payments was the fact that this pipeline represented a single point of failure in the national fuel supply chain. There was not enough spare capacity in the pipeline network to take up the slack if Colonial’s pipeline went out of service.

Tracing back to the root cause of this failure of network redundancy gets you to capitalism itself.  It’s a well known, but little remarked fact that left unregulated, free markets degenerate into a monopolistic state.  Superior profits lead to the ability to buy up competing firms, and established market dominance leads to predatory pricing that drives firms that are unwilling to sell themselves out of business.

In order to establish superior profits, firms optimize their operations for efficiency, at the expense of resilience.  This works fine when conditions are stable, but it leads to outsized consequences when external forces such as a cyberattack enter the picture.

If enough market participants are attacked often enough, the market ought to eventually identify a common set of attack characteristics and adopt defenses against them, but even under the best of circumstances adaptation may take an excessively long time.  If the attacks follow certain kinds of statistical distributions with “fat tails”, a long time may be forever.

Protecting the system itself is the role of government.  It will take government intervention to prevent this type of incident from reoccurring in the future.  The current US government doesn’t even seem capable of recognizing this type of problem.  And certain forms of government, notably “republicanism” tend to evolve into authoritarian modes that themselves are unstable, and unable to drive infrastructures and corporate evolutions towards resilient modes that can survive natural and malicious shocks.

Cybersecurity Doctrine and Strategy: The big picture

Hey, a cybersecurity post!  I've been developing a new security doctrine, Attacker-Oriented Security, that fixes the many problems with popular security doctrines.

Attacker-oriented security recognizes that security events are caused by malicious actors, and that different types of actors have different goals.  Instead of some nebulous notion of "risk", it focuses security activity on dealing with attackers.

This doesn't mean giving up on all the normal security archiectures and practices, it just recasts the way they are viewed, and adds some new metrics.

Why is attacker-oriented security better?

• It replaces a lose-lose perspective by a win-lose perspective
• It has natural benchmarks
• It tunes security responses to the organization's asset profile
• It provides an objective basis for determining how much security is enough
• It exposes a new class of justifications for security to management
• It replaces the psychological burden on security staff with natural goals
• It provides natural motivation for dynamic security operations
  

For more details, see the slides.

Development of a regular article is in progress.