The recent WannaCry NHS cyber-attack has once again highlighted the dire need for more robust systems. As the world becomes more connected, each new connection creates another potential avenue for attack. Surprisingly (or maybe not to some), the NHS attack could have very easily been prevented – the virus targeted Windows XP, which Microsoft ended support for on April 8th, 2014 (almost 3 years ago). Any machine which had been updated to a newer system was immune to the attack.
The reality of the situation is that there are hundreds of thousands of machines, running critical infrastructure that are still running on Windows XP (and older), and this is unlikely to change in the near future. Our systems have become increasingly complex, intertwined and convoluted – we have created a meshed web of interconnected devices with thousands of critical systems and single points of failure. This makes updating any one of these systems a large and risky task, which is perceived, incorrectly, to outweigh the risk of an attack against that system. At the same time, attacks against these increasingly messy systems become easier and more profitable over time. The more critical a system is, the more a target it becomes.
Conventional thinking suggests that we should put more robust security and infrastructure around these critical systems, and ensure that single points of failure have redundancies, backups and protection. This way of thinking, however, is fundamentally flawed. Increasing the complexity of a system will always make it more vulnerable to failure and attack. The solution is to make these systems less complex.
To use a simple analogy, the more doors and windows you have to your house, the more vulnerable it is to someone breaking in. Traditional thinking would increase security around every entry point, better locks on the doors, stronger windows, camera monitoring systems, intruder alarms. The cost and complexity soon increase dramatically, and the entire system is still only as strong as its weakest point. As the complexity grows, the cost of maintenance goes up, and you need to constantly upgrade the entire system as new and better technologies become available. A simpler solution, and a much more cost effective and secure solution, is just to build a house with less doors and windows.
Single points of failure are a ticking time bomb in any software system – eventually they will fail (otherwise we would call them single points of success). In the blockchain world of Interbit, single points of failure don’t exist, in fact they can’t exist. It’s impossible to build applications on a distributed ledger platform which introduce single points of failure at the infrastructure level.
The key to security is simplicity. A less complex system is cheaper to build, easier to maintain, and much more secure than a complex one. If we want to avoid similar attacks against our data in the future, we need to build blockchain based applications, drastically reducing the complexity of enterprise IT infrastructure, which in turn are much easier, and cost effective, to secure.
By Guy Halford-Thompson, Co-Founder & CEO, BTL Group