Am I secure?

Published in

GentlySerious

8 min readFeb 1, 2024

Inner defences

Many moons ago I wrote a paper with Richard Veryard for the Microsoft Architecture journal. It was about IT security and it argued that the usual architecture, modelled on a fortified castle with strong boundaries was ineffective and inappropriate. Thankfully, infosec practices now agree, but the pattern of thought continues to dominate, there and in many fields.

After thousands of years, we still have Trojan horses. We still have enemies within the gates. Humans have always lived in caves for security, but Odysseus was able to outwit Cyclops. I want to argue here that the topology we have for security and defence is more theatre than practical, a wall that appeals to MAGA lowlifes but not to citizens. On the face of it among all the lies, the wall protecting Israel was vulnerable to some hang gliders and a rusty bulldozer.

For an IT example, old by now, let’s take a major European bank who wanted to know that their global network was secure. It transpired fairly quickly that they were not willing to limit the ability of their star traders to load 3rd party software on their workstations. So, of course, they could not tell whether packets on the network were legitimate.

Let’s go back to the castle and its wall. The architecture is like two armies facing up to each other for a pitched battle. The wall declares what has to be breached for defences to fail. That is not how wars are fought and it is not how security breaches happen. Almost always there is an interpenetration of inside and outside, a mixing, a confusion of topology.

A colleague worked with a school exam board. Every year they had to employ thousands of teachers to mark papers, and every year tabloid journalists would take a job undercover and expose scandals. The company running the board did not accept that the teachers they had on temporary contracts were inside the company: security could not happen.

Physiology

Gregory Bateson had an important contribution about the boundaries of our bodies. As I recall he used the example of a lumberjack and his axe: where is the sensory boundary of the lumberjack at work? Today I have an incredibly skilled digger operator unearthing the drains from my house: there is no boundary between man and machine.

Rupert Sheldrake has an example of an almost blind teenager who could see through his mother’s eyes. The optician knew he couldn’t see what he reported through the boy’s own eyes and could not complete tests when his mother stepped out of the room. This gives us an entry into the necessarily social aspects of security.

The boundary of our bodies is not our skin. The skin can be a useful barrier membrane like a castle wall, but the immune system based in our nasal passages is infinitely more complex and more important. Our various microbiomes in our gut, on our skin, in our mouths, etc. do not respect any obvious physical boundaries to our bodies. An infant and a carer synchronise their heartbeats through the heart’s magnetic field.

A forest is highly interconnected both in communication and nutrition. Trees feed each other. Mother trees will sacrifice themselves for their progeny. Vast fungal bodies extend for miles, connecting trees and plants.

Germ theory

Germ theory is so ubiquitous that we forget it is just a theory and a metaphor. When we realise that it is a way to blame external agents for our illness, and that Big Pharma knows how to exploit that to steal our money we may want to give it a second look. It even sounds simplistic: avoid the germs and you won’t get ill. Zap the germs and you will get better.

Animals and humans who are metabolically healthy and live in an environment that supports that health mostly don’t get ill. People who farm regeneratively don’t spend money on vets. We all know people whose sheer vitality precludes illness. Where did the germs go? The alternative theory, terrain theory, says that the internal conditions of the body are the biggest determinant of health.

If an external agent is causing our illness, we look to external support in overcoming it. If instead, we think that feeling below par is a signal to take care of ourselves and our internal environment or terrain, then we will correct our course. There is vast resistance to the notion that we are not taking care of ourselves in an environment that has become stacked with factors that undermine our long term health. I worked with Noel Cobb, who when he had a mild heart attack searched his soul for how he was hardening his heart.

The people who demanded Covid lockdowns committed this mistake. They thought that keeping children from their peers, old people from their families would keep them safe.

Architecture

There is no core to a person or an organisation or a city that can be walled off to keep it safe. To think so is to commit an architectural error that precludes security. Instead, there is a living process that needs to be connected and vibrant.

The health and security of a living things depends on the health and security of all its connections. In an ecosystem there is massive redundancy to these connections and the routes by which they may be maintained. The biomimicry lesson is that life builds life, that in a healthy system everything ends up guaranteeing everything else. There is security because it is continuously generated even before it is defined or understood.

A wall is a single point of failure, like the weakest link of a chain. You don’t make a system more reliable by making the parts more reliable: you have to make the interaction of the parts more reliable and that often means building redundancy. Almost everyone makes the same architectural mistake: it is deeply buried in our culture. Our common sense is mistaken.

When we are drawn to an architecture of exclusion and suspicion, we should ask ourselves why. If we are not happy with the way the existing security gets generated then we will need to play our part more fully. There is no security for us at the expense of others.

Schooling

There are some foundational errors in what we consider schooling to be. I will not use the word education for something that is not a leading out but a walling in. It is errors deeply buried in our childhood that betray us into thinking we can be a castle or an island. We are persuaded at school not to see things jointly.

Very few schools, even the best, are able to celebrate when a pupil gets beyond conventional wisdom. Perhaps fewer still are able to support a pupil who will not comply with things that they see as wrong. Very few institutions can properly support whistle-blowers, even if intellectually they think they should.

School architecture becomes more prison-like, and the ethos of keeping pupils in and intruders out seeps into the school culture. But a school that cannot support its staff and pupils to be what they can be can never be secure. It cuts itself off from the only real source of security: the intelligence and vigilance of its people.

One of the principles of the original Emilia Romagna schools was that one day a week the school was held in the town square. Think about that as an architecture of embeddedness versus an architecture of privacy and exclusion. Pedagogues observing and facilitating the learning of pupils on behalf of parents, not the state. If we teach children albeit subliminally that they are only safe in prison, we get the worst possible outcomes.

ID

We are edging round the question of what it is that we are trying to make or keep secure. Can a person be secure? Or a company? Or a town? The other side of the notion that we can have a wall as a boundary to keep the dangerous outside out is the notion that what is inside is in some sense fixed and stable. Managers love the idea that people are resources that they can count and marshal. The notion that what people can do depends on what they are allowed to do and how they are allowed to change and grow, is often anathema.

The price of a poor notion of security is often a degradation of what it is that is being secured. Like an animal in a zoo not being the animal that people have come to see. Or the classic colonial belief that subjugated people are stupid and lazy. There is a campaign in the US called Let Grow to champion the need for children to have independence. Imagine the magnitude of the thinking mistake that makes parents over-protective.

Schemes that use a fixed ID in order to develop a security system are counter-productive before they even start. The formal ID and the abstract notion of security become a cover under which all sorts of malfeasance can and will take place. What we need to protect is what we want to become not past achievements. A living identity that can never be quite captured is not at all the same thing as something that remains bureaucratically constant.

Subterfuge

The very best security attacks are those where the target is and remains unaware of what is happening. I once worked with a commercial director of a large corporate. At an away-day event I saw him go into a phone booth and come out doubled up with laughter. His cryptic comment: “I took him for quarter of a million and he thinks he owes me a favour”.

We know that many classical IT security products have backdoors and trapdoors often at the behest of so-called national security services. At one level security measures are being put in place and at another the potential for global attacks that are hard to even detect are introduced. Something has been outsourced that is then impossible to manage. Lines of responsibility are blurred at the same time.

Indeed, I became aware first-hand that sometimes security measure and security personnel (I am thinking of a Security Director for a global company) are there as window dressing only and are in trouble if they try and do their job.

When I first started work, my job involved using dynamite as a signal source. The dynamite arrived in unmarked trucks and was stored in nondescript steel bunkers on farm tracks. And all during the time of the Irish troubles. We did have a moment’s doubt when one of our casual labourers turned out to be from Northern Ireland with a criminal record.

The issue of what, after the event, has been secured and what has been exposed to subversion is worthy of deep consideration.

Immune systems

The most sophisticated security system we know of is our immune system. It can detect potential threats by the billion and is constantly training itself to cope with new situations. It is not universal; it works best on the situations it grew up in — it is brilliant in its own context.

One of the many problems with the Covid-19 so-called vaccines is that they trained immune systems for a very specific threat at the expense of the generalised function of routine defence. In military strategy pulling defences out of shape so they are not ready for what turns out to be the main attack has always been practiced.

What we can recognise here is that if the immune system or similar defence mechanism does its routine job really well, we no longer recognise that we are under attack in all those ways. If we do not know what the system is doing for us and still less how it performs its miracles, we are unlikely to recognise when we might compromise its functioning. One of the reported harms of the Covid-19 vaccines is that cancers that were managed or dormant become active again.

This is also a generalisable lesson about security: if we cannot fully specify either what is being secured or what it is being secured from, then a broad spectrum learning from experience is the best we can do.