Security by Insanity
A dear friend found a reason to remind me what Einstein (or somebody important) said was insanity - doing the same thing and expecting something different. Well, this got me thinking. All my life people have found probable cause to call me crazy …. but not insane. There’s something more clinical and more considered in the diagnosis of insanity.
I’ve spent over a decade delivering executive summaries on issues in information assurance and IT security. I’ve worked with the vendor community, academics and corporate IT staff studying threats associated with emerging technologies.
For example, when cars become “wired” systems with steering and breaking being driven by software rather than direct physical linkages, there are certain risks that should be understood and analyzed. We framed the risks for remote automotive systems access through OnStar as well as vulnerabilities in network addressable controllers of medical devices.
We were one of the first groups to study SCADA vulnerabilities years before Stuxnet hit. As we evolve processes similar to SCADA for advanced medical devices like a Pacemaker, should somebody be thinking about securing it?
As an economist who spent several years teaching in an engineering school, I’ve developed a passion for root cause analysis. And, when things continue to break, I seek the pattern, the system drivers behind the break down. It seems we’re doing the same thing with each new threat, with each new technology.
But over the past year, there’s been too much insanity - too much doing the same thing and expecting different results.
Maybe the system itself is flawed. Maybe this is beyond crazy and actually insane. What are your thoughts?