Society Depends on Old Tech
So much of the technology infrastructure that modern society today currently depends on was created long before security was even being considered as a primary concern. In many cases, how technology is being used now use is far different from what was originally envisioned or designed. While this is great for today’s users, many of the things we have come to depend on have vital flaws that can be exploited. What’s worse, we know that these exploits exist, but only limited progress has been made against the work required to protect these critical systems that we have come to depend on.
When many of these technologies were first created or developed, the focus was aimed directly at proving if something could even work. Of course, this makes sense as so much of what we take for granted today was the subject of science fiction not so long ago.
Development and Consumers
Companies burned large quantities of cash in order to unlock the potential of these products, so they pushed to get them on the market and profitable as quickly as possible. Adding in additional security features could have required additional time and money; it also might have slowed the adoption of the technology or product. Sometimes, however, the spec is right but the implementation is fouled. I believe an excellent example of this can be seen in Bluetooth pairing. How many times have you seen a default PIN of 0000 for a device?
Governments, especially their military components, have a lot of incentive to keep things secure. However, so much of the technology that was originally built for military use is now being used by consumers in a way that they don’t even realize is insecure.
For consumers, technology generally succeeds only once people find it easy enough to use and adopt it. This presents a challenge for those creating new products and technologies to find the correct balance between ease of use and underlying security. Too many times we see security being downplayed so as to simplify usability, but this is a recipe for disaster. The best options are those that
Nowadays, we are seeing shifts towards a world where security is considered during the beginning stages of projects, instead of as an afterthought. This is excellent news, but it doesn’t mean we’re in the clear yet. Any software developer knows that there are always bugs in code. Some of them can be catastrophic, but only when extremely specific scenarios occur. Even so, any product or technology that attempts to reduce security holes from the start is already in a better place than most.
Plans for updating and replacing existing technologies need to be created, and their implementation needs to begin quickly to allow time for consumers to adopt them. Some technologies that are impacted and need to be updated include GPS, cellular telephony, and the electrical grid. It is quite obvious that these systems are critical to everyday life in the modern area. In some cases, inroads are being made to secure them. In others, known vulnerabilities continue to exist without repair.
Much like our physical infrastructure, we must invest and maintain these systems to ensure they will continue to operate. We can choose to pay the cost now, which is admittedly quite expensive, or we will find ourselves with no choice to pay even more in the future… possibly after something disastrous has happened.