As an adaptive system, the world of cybersecurity is stuck, slow and stale to recognize and respond to rapidly changing relationships and threats. To make progress, the cyber world needs to take advantage of discoveries on the laws that govern adaptive systems of all types and at all scales. These advances have powered new capabilities to build adaptive capacity in layered networks of technology that provide valued services to human stakeholders.
YOUTUBE KzTv09fATeE Published Jan 22, 2021.
Cyber security is in a crisis. You can't find a better example of the need to focus on resilience engineering.
Technically, the challenge consists of layered networks, inherently tangled. Not neat. Not mappable. But a bunch of extensive and hidden interdependencies.
This is essentially human.
These are stories of people and rivalry, seeking advantage and coping with complexity.
This applies in a very general way to all vital, digital infrastructure that supports valued services that have to operate under pressures.
The canonical origins of resilience engineering. Systemic, organizational factors in NASA set up the conditions for accidents in 1999 and the Columbia space shuttle accident in 2003. (This bears repeating. Systemic patterns within NASA—pressure for faster, better, cheaper—undermined their safety measures. If we want to avoid software disasters of our own, we must do something different. We must engineer capacity to adapt to relentless change and persistently finite resources.)
Antagonist to adaptive systems: Maginot thinking. In WWII the French constructed the Maginot line thinking walls would protect them. The Germans bypassed the wall.
Part of being stuck in cyber security is the emphasis on walls; on rigidity; on constriction; on compliance; on non-transparency; that people are defects in systems. All of these things work at odds and actually undermine our ability to build continuously adaptive, poised to adapt systems.
Resilience engineering of cyber security emphasizes adaptive cycles that spiral over time. Cycles illustrate risks of adaptive system breakdown and the variety of responses that mitigate or counteract those risks.
.
In a beautiful example of co-adaptive rivals in a shared space, Stackoverflow recounts how an attacker used their Q&A site during the attack. See Attacker’s Footprints.
See also Zero-click iMessage Exploit.