12th Annual AT&T Cyber Security Conference

Oct 13, 2010 Posted Under: internet

Among several scary and alarming assessments of our, and the world’s, (lack of) security capabilities at today’s conference, I found Dr. Edward Amoroso’s retrospective from the year 2035 the most imaginative and interesting of the presentations.

He used the scenario to review his entire 50 year tenure at AT&T and the curious developments of security situations and responses over that time. Starting with the emphasis on a Trusted Computing Base in the Orange Book, he reminded us of the evolution of worms, viruses and social engineering attacks over the years, from the original 1988 Internet Worm to the Stuxnet Worm of 2010 and the Virtual Wars of the 2030s.

I suspect some of his timeline to be mis-remembered however, as it seems to me the Stuxnet Worm first loosed in Iran’s nuclear facilities had the capability to bring down essential technologically controlled infrastructures around the world, including power and sewer systems.

He proposes a shift of software engineering to the training status of civil engineering will solve most of the problems with software, culminating with the 2035 establishment of the AT&T Reliable Software Center. But this view is at odds with the fundamental limits of logical proofs pointed out in Godel’s 1931 Incompleteness Theorems. And even though Amoroso cautions that there will still always be software bugs, I get the sense he is referring to the occasional mistake and not the fundamental impossibility of proving software correct. Bill Clinton pointed to another core part of the problem, that of appropriately specifying the intent of software, in his famous “Well, it depends on what you mean by the word ‘is’.”

Despite these fundamental problems, I think Amoroso alluded briefly to what may well be the best possible resolutions by mentioning natural systems like forests. Looking at civilization’s evolution of resilient software from the perspective of how a forest’s ecology arises with various plants, insects and animals performing needed, mutually trusted, functions even in the face of meltdown disasters like forest fires can guide us to workable security solutions.

Be Sociable, Share!

Leave a Reply