--- On Mon, 10/26/09, Rich Kulawiec <r...@gsp.org> wrote:
> And this in turn is why any security strategy that depends
> on user education/cooperation has already failed.
> Completely. It's prudent to presume that one's users are at
> best utterly incompetent, at worst actively malicious, and
> design accordingly.
While I don't (think I) agree with the spirit I completely agree with the
summation. Assuming that your user population is a breath away from going
barking mad at any given moment is only prudent.
And, since we have not yet delivered the full set of tools necessary to design
and implement accordingly, it should not surprise anyone that we still have the
results we do.
So far, while we have managed to make an incredibly functional global
communications system, many of the parts are still only partially engineered.
It is equally possible to make a functional transportation system that is only
partially engineered but still "works" by general definitions.
In either case, each desperately needs more advancement than is going to come
in any short period of time.
Cars can be built with little more than a drive train and steering (and brakes,
if you feel generous), but when Gramma slams one into a building it shouldn't
come as a tremendous surprise. Seat belts and airbags are no replacement for
embedded radar, video interpretation software, accelerometers and predictive
pseudo-cognizant vehicle management combined with a driver-override (or better
yet, replacement) system, but until we can develop and deliver all that
affordably for a billion cars belts and bags will simply have to do. The only
downside is that this freedom of movement will cost a few tens of thousands of
lives a year (in the US alone) until we get the full system developed and
deployed sometime around the middle to the end of this century.
Also in the meantime, traffic engineers will have to work with the tools at
hand and send their own grandmothers and children out on the half-baked
highways they design.
So, all in all it isn't anything new that is expected of us, whatever our roles
are in the infosec industry. If you work for a vendor, you need to improve
your cars so fewer (but, sorry, still 'some') of your customers slam them into
trees. If you are a network admin, you have to design and operate systems
where only some of your users will die in fiery wrecks some of the time.
Except, of course, that generally we don't lose any actual lives in the course
of dealing with our own compromises so the tenor of our self-pitying whining
should be notably less than our automotive peers.
-chris
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
