#amwriting The Unregarded Consequences of Unintended Lies
As the world resigns itself to the fact that some of their most vital systems: hospitals, banks and communications; transport and energy infrastructure in countries as diverse and disparate as the UK, Spain, the Philippines and China have been hacked, it is worth remembering, worth pointing out, that we have been warned about this by experts, by the opposite of political people, for more than two decades.
I used to work with people, responsible then for the creation of the plan to unify and unite the NHS’ information, technology and communications infrastructure strategy and its future implementation. These were people that worked on projects with all the big banks, the stock exchange and GCHQ; they helped ensured calls could be made in an increasingly complicated number of ways — it was the late 90s — and that planes could land. These were people that knew what they were doing and what was required to safeguard against a future that the rest of us couldn’t see.
Their advice, their premonitions, have been overwhelmingly ignored. Their worst case scenarios, their ‘nuclear’ options have been traded for the price of political point scoring. Where is the spine, the local hubs: the latency and redundancy; the urgency of upkeep, of maintenance and update — of staying current, always, for the sake of security? It was ignored, was made redundant, surplus to requirements as soon as a quicker fix came about, a cheaper out from all this complexity.
But if early reports are to be believed, this attack is not borne of complexity. It is exploiting only old vulnerabilities, things that should have been patched: it exists because of negligence. If those reports are true the this latest attack is borne of the kind of misinformed thinking that mistakes judgement with political judgement, with economic and political judgement: looks for an easy win over a demonstrable victory.
In 2014, Microsoft withdrew support for its aging Windows XP operating system. The UK Government Digital Service chose to extend its support arrangement with the company for a further year by paying £5.5m. It chose, the following year, not to extend that arrangement any further, leaving government computers that still run on the obsolete operating system at risk from hackers. The service said ending the support meant “weaknesses that are found in unsupported products will remain unpatched and will be exploitable by relatively low-skilled attackers”.
Our experts, retired now, have just been vindicated. The software companies too. They are not to blame for this. They retired one version — old, clunky and decrepit — and replaced it with something more vital, more able to cope with the realities of the next century.
Perhaps more culpable are the institutions that claim to protect us, the enforcement agencies that look for holes in the code, doors through which they might slip and slide, might improvise an impossible take over of some enemy’s hide. Problem is, through those backdoors, those holes in the code, others can seep, can cheat. And when not shared with the vendors, the White Hats and good, The Black Hats, the actors, can use the same code for blood.
That what it looks like has happened. An NSA vulnerability, not immediately shared with the wider world, has been utilised, been weaponised, and unleashed on an unsuspecting world. Has been fetisised too, has been sexualised: the right as an expression of fear; the left as a totem of ultimate exploitation.
It is neither. This attack is just the inevitable consequence of not paying attention to things that are too complicated to rationalise in a soundbyte, a sentence or anything else that might take more than a moment to muster. It is the news cycle, the attention span: the half life of a half thought that plays well to a receptive audience.
When plans are made, they need to be big, they need to stick and take control of a room. They need to be impossible to undermine. They cannot shift uncomfortably, shift uncontrollably whenever circumstance chucks you a stickler, a curve ball. If your plan cannot survive such indeterminate attacks, then it was never a plan at all.
It was a wish, a pipe dream: something you hoped you would prosper from.