13 Propositions on an Internet for a Burning World (Part 8)
OpenBSD version: Not relevant here...
Arch: ?
NSFP: Well...
« Read proposition 7 <> Read proposition 9 »
Security is ‘the big thing’. Everything has to be secure. Well, it usually isn’t, but if you keep listening to security professionals (and others’ complaints about them), you might get the idea that they value security above all. In fact, an analysis of protocol design over the ages from… by now… ages ago… found the same. For some reason, it is hard to step beyond the CIA (Confidentiality-Integrity-Availability) nail, if you wield the security hammer. And… there is enough actually reputable research on this issue, just ask Johnny.
However, with a world in which society (and the Internet alike) are crumbling down all around us, this may change. In fact, we claim that:
Proposition 8
“In a burning world, functionality is more important than security, but remains trumped by safety.”
So, what is this all about? Well, we claim that if we ever—and we hope it does not come to it—face a world burnt to its foundations, with an Internet fallen apart and hypergiants failed, paradigms of ‘what is important’ will shift dramatically. We will find ourselves in a situation where the utility and functionality of systems will superimpose their security even stronger as in the current world. We already know the common situation of ‘things’ or even ‘an Internet full of them’ going into production because it just has to work. And, from a certain perspective, there is not much wrong with that. Humans tend to do what is easiest for them. So, unless security is the easiest way, other ways will be taken. (We, of course, do not advocate for throwing insecure stuff on the Internet here. In fact, getting security right, i.e., in the shape of the easiest way, is part of that whole issue of care we have been talking about.)
Yet, if we find ourselves in a world where the question is not ‘can this funny bird app transport my … erm… posts to the Internet’, but ‘is this solar pannel turning system able to function enough to keep the community powered on’, security will not be that important. Instead of that system having a secure password only known to one or a few, we might have a password (if it is needed at all) slapped to the top of the screen (as it tends to be common practice now already…) The reason is simple: A bricked system no longer operable due to a lost password (due to, e.g., the people knowing the password dying) has a significant higher impact on the community than potential security considerations. In fact, security may just end up being resolved by a social contract, following the lines of ‘you won’t break your own power supply’.
Hence, we predict that in such a world, threat modeling will see a significant shift away from security against threats from the larger Internet. And in that process, threat modeling will become a question of safety, back towards the question of ‘What (physical) harm can be done (by outsiders?) if it is not secure?’ Ultimately, the physical safety (and survival) of local communities will have the highest importance.