James Governor's Monkchips

On Critical Infrastructure, Maintenance, the NHS, Politics and Cthulhu

Share via Twitter Share via Facebook Share via Linkedin Share via Reddit

Image result for cthulhu for america images

“The most merciful thing in the world, I think, is the inability of the human mind to correlate all its contents. We live on a placid island of ignorance in the midst of black seas of infinity, and it was not meant that we should voyage far. The sciences, each straining in its own direction, have hitherto harmed us little; but some day the piecing together of dissociated knowledge will open up such terrifying vistas of reality, and of our frightful position therein, that we shall either go mad from the revelation or flee from the deadly light into the peace and safety of a new dark age.” – H.P. Lovecraft

Last week the UK had a nasty surprise when a bunch of National Health Service computers fell over because of a nasty bit of ransomeware called WannaCry/WanaCrypt0r 2.0 – radiography and prescription systems were hit, non emergency operations were cancelled. WannaCrypt has actually been a global problem with Asia and Russia being particularly badly hit but when your national health service is on the verge of falling over because of malware during an election the blame game is even more pronounced. The absence of Health Secretary Jeremy Hunt during the emergency has been unsurprising and disappointing in equal measure. As usual, it’s lucky that NHS staff take their jobs more seriously than he does.

Microsoft has, somewhat unfairly, taken a fair bit of grief because of Wannacry failures. It responded with a post that argues security is a joint responsibility with customers and that the NSA has been irresponsible in stockpiling vulnerabilities.

“This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today – nation-state action and organized criminal action.”

The company calls for a new approach, a Digital Geneva convention, to shift the model between private sector and state actors.

If you read the statement something dark and compelling and very modern emerges. For far too long IT vendors have put forward a simplistic good guy bad guy view of the world. At tech conferences in security sessions the blame is always laid at the feet of criminals and outside organised crime. The IT customer is never the problem, the government institution is never the problem, we are never the bad guys. I saw this just a week or two ago at Google Next when HSBC blithely claimed that its money-laundering problems were solely due to criminals, when it had been an enabler. It is clear the global banking system enables money laundering, just as the global tax avoidance industry supports criminal endeavours. London, a city I love, has blood on its hands. The truth – it’s complicated.

I read Caroline Cadwallr’s sterling investigative work in the Guardian this weekend about Robert Mercer and realised with mounting Lovecraftian dread that the membranous tentacles of politics, the media, organised crime and big business are now intertwined and playing together like some awful mouth of Cthulhu. When Cadwallr began her journey to “follow the data” I was, I must admit, fairly sceptical. Facebook targeting is one thing, but the idea that Cambridge Analytica has actually won both an election for Trump and a Brexit for the UK seemed faintly ludicrous. And yet… the methods of information sharing, resharing, harvesting on social, then scaling though Big Media outrage, do begin to seem like one vast exercise in softening voters up. Breitbart says something crazy, 4Chan scales it and FOX News shares the story. These days the White House is seemingly leaking directly to the crazies. The UK meanwhile has the Daily Mail, led by a man on a mission to sail Britain off into the Atlantic.

Have I gone down a rabbit hole? Yes I think I probably have. But then I think we arguably all have. The Internet brought us hyperconnectedness, but we’re really not ready to cope. We don’t have institutions and firewalls in place to prevent abuse of the system. The law can’t keep up, and doesn’t have the teeth in place anyway. The Electoral Commission is a joke. We’re eternally shutting the stable door after the horse has bolted. It’s hardly surprising that the methods being adopted by people influencing elections share some patterns with the approaches of Silicon Valley companies.

In truth we are all being held hostage by a refusal to invest in maintenance and the maintainers and the institutions designed to protect us. We have long since internalised that trade unions are entirely bad, when they brought us workplace safety and some measure of job protection, and helped maintain a dignified and sensible gap in pay between CEOs and employees. The EU, like a trade union, is also bad. In the US we jettison one norm, one protection after another.

Our norms are being continually subverted. We expect everything to work perfectly for ever without any maintenance, which is pretty stupid. When you paint your windows, prep is everything, but over time they’ll always need maintenance. Nature does its work, time does its work, the weather does its work. And yet we’re surprised when things rust, when metal corrodes and rubber seals degrade. Our institutions are dilapidated, like our bridges and roads.

The NHS is an incredible organisation – it offers healthcare services for free to anyone that needs it. Naturally that’s something we should try be rid of. One way to dispose of these annoying pieces of critical support for citizens is under-funding. The current UK government is obliging. The 2015 decision not to renew a maintenance contract with Microsoft to support the NHS was a dick move, but again, an unsurprising one. Maintenance is very much a political issue, and lack of maintenance is a tool to undermine protections for citizens and consumers. The EPA – what a drag.

As a society we need to begin to understand that disruption is not always good, that maintenance is not just a necessary evil, but rather something to celebrate. Tax and maintenance fees and environmental protection are what allow us to operate. A few months ago I argued we should celebrate the maintainers. But it’s not just about open source software.

I mention maintenance for a reason – it’s notable that in the age of cloud based services we see maintenance fees as some kind of absurd retrograde mark of the old school. OMG remember when software companies used to charge for maintenance??? How lame. Legacy technology sucks. Things are so much better now.

But maintenance has a cost. Of course it does. Because maintenance has value. Because maintenance requires labour.

Maintenance is politics, and it’s time we started fighting for it. In the UK there is a very important election in a few weeks. If you have a vote, I highly recommend that you vote for the party you believe will support the maintainers.

 

 

 

 

 

Microsoft is a client

 

 

 

One comment

  1. […] On Critical Infrastructure, Maintenance, the NHS, Politics and Cthulhu – When I first met James Governor many security patches ago, he was huddled over his heavily-stickered laptop, blog stylin’. I guess it’s like riding a bike as Governor has been popping a few wheelies lately. This piece puts the WannaCry brouhaha in context; you don’t have to get all the UK specifics to glean from this one. […]

Leave a Reply to Enterprise hits and misses - quick hit Sapphire Now special, plus cyber insecurities via WannaCry Cancel reply

Your email address will not be published. Required fields are marked *