The most interesting part of the cybersecurity problem is that it isn’t purely about government capacity at all; private sector corporations maintain critical infrastructure that is in the “battle space.” Private firms like Microsoft are being heavily scrutinized; I had one guest-post from last January on why the firm doesn’t manage its security problems particularly well, and another on how it is using its market power to monopolize the cybersecurity market with subpar products. And yet these companies have no actual public obligations, or at least, nothing formal. They are for-profit entities with little liability for the choices they make that might impose costs onto others.
Indeed, cybersecurity risk is akin to pollution, a cost that the business itself doesn’t fully bear, but that the rest of society does. The private role in cybersecurity is now brushing up against the libertarian assumptions of much of the policymaking world; national security in a world where private software companies handle national defense simply cannot long co-exist with our monopoly and financier-dominated corporate apparatus.
Matt Stoller on.
So what if I told you military fighter jets ran Microsoft Windows? Because yeah. They do.
This post is from a longer explanation of the recent SolarWinds exploit, which is what is generally called a supply-chain attack. Probably the best pop culture example of which I can think of is (unfortunately) Pacific Rim: Uprising, i.e. tfw a poor business practices result in a malicious insider in your third party vendor who installs backdoors into all the products it sells you and uses them to disable all your existing security tools and to open a reverse shell inside your firewall for the purpose of downloading additional malware. Because sometimes even terrible films manage to accidentally stumble onto a realistic plot point, apparently.1
- Kind of double ironic because there is a lot of Western paranoia about China doing exactly this via companies such as Huawei. But it’s okay, guys! It’s not Chinese companies! It’s Americans possessed by aliens or . . . whatever the fuck was going on in that film. Hey did you notice the part where Hong Kong suddenly doesn’t exist any more apparently? Because I sure did! [↩]