There’s been a flurry of resurgent interest in cyberwarfare in the last couple of months. It’s clearly a topic that we as citizens should take seriously, but there’s a strong temptation to dismiss it as science fiction. But as architects it is a topic we should perhaps take very seriously indeed.
Like most people of my generation war has passed me by. It’s a matter for professional soldiers, not for the man in the street. But Cyberwarfare introduces a fundamental shift insofar as the war is more likely to be waged against a nation’s infrastructure, its banks, power and water utilities, logistics infrastructure and so on; quite possibly waged by anonymous perpetrators whose aims are to seriously destabilize another society.
My interest was sparked by the Economist article of May 24th (Cyberwarfare, Newly nasty. Defences against cyberwarfare are still rudimentary. That's scary). By sheer coincidence a couple of weeks ago I picked by Michael Dobbs book The Edge of Madness. I like Dobbs’ highly realistic political thrillers, and this one is no exception.
The Daily Telegraph said “Dobbs, best known for his political trilogy House of Cards, and for being a former adviser to both Margaret Thatcher and John Major, is a master at seizing straws in the wind and building a bonfire with them. He has found enough straws lately to ignite civilisation's funeral pyre. An unexpected entry on his wife's credit card statement, suggesting she'd been gambling on the internet, propelled him towards The Edge of Madness, his 13th novel. . . . You don't need the wiles of a computer hacker to see that Michael Dobbs may be on to something with his fictional prediction of a cyber-war in which one nation - in his scenario,
This led me to reflect that our de facto approach to security architecture is obsessed with access – identity, authentication, permissions, rights. In the SOA world many have moved beyond the fortress model, but the primary advance made is to apply the same old checks at a finer grained level. So what’s to stop an intruder able to get past the screens wiping bank balances en masse; scrambling demand and supply data for power grid supply, publishing personal details of prison officers, corrupting aircraft maintenance records and so on. The scary thing is that the motive is not profit, it’s simply to destabilize and cause terror. For how many weeks will your civilization persist without electricity, gas/diesel/petrol, food supplies and money?
If we are to take this threat seriously we have to rewrite the book on security. We have to work on the basis that threat assessment is not based on criminal intent, rather on calculated attempts to cause chaos.
Of course the service architecture is inherently suited to this purpose. We tend to promote separation as a means to enable agility, but it “could” also be a key defensive strategy.
Over the years CBDI has identified a number of patterns that perhaps show us the way.
- I have advised numerous banks over the years on real time, independently provisioned pre and post conditional audit operations.
- we also developed the idea of a disruption tolerant service network, where meta data is collected independently to track the status of say a logistics system, in order to advise end user on the real system status
- a couple of weeks ago we came across the concept of forensic operations. The idea of, again independent operations that collect meta data that can be used to investigate abnormal events.
This class of pattern, and once we put our mind to it we will surely discover many more, is clearly not used systematically by many organizations. Perhaps the time has come for one of more independent businesses to provide such services. But without a clear and present danger will anyone spend money on prevention. The cynic may say, "the banks have already done a good job of screwing up our society, why would other countries bother?"
Yet, the requirement for this form of defensive architecture is actually increasing. We are all aware of the event driven, smart systems architecture, many applications of which are focused on critical infrastructure such as power and water.
I am reminded of the devastating floods that occurred last November in
I would be very interested to hear others experiences and views. Tell me you already scan inhouse, outsourced, offshore developed code for hidden bugs; that you have self checking operations that prevent malicious operations . . . .
Cyberwarfare, Newly nasty. http://www.economist.com/node/9228757 [note this is premium material.]
The Edge of Madness', by Michael Dobbs (Simon & Schuster 2008)