home

NotPetya Google and Secure Computing

2018-08-28

https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/

The reason I use almost 100% Google services is because they are notoriously serious about cyber security. Facebook also has a serious posture towards internal security, by the way. Despite prior issues. :D

Most organizations, particularly small ones or older ones, have security postures that resemble Maersk- the word "dilapidated" comes to mind, along with "shoddy". Often because the funding isn't there, or the interest by the owners.

Computers are close to the most complex objects you can own as an individual and are, despite all attempts & protests to the contrary, designed for a well paid and highly trained IT team to be keeping them running. Even iPhones and iPads have that DNA in them. Computers aren't hammers. They aren't even cars. They are like houses- but houses where components change daily, and you can add rooms at a whim (while incurring all the issues of a remodel, but at the speed of the intenret).

In previous work, I saw the cost of reliable computer hardware, and in my Master's work, the cost of reliable & secure software. A proper estimate would be 10-50x the cost of a computer today, with a different set of capabilities. Then, it would still require a full time systems security person to keep tabs on its maintenance.

I would estimate, for a reliable and secure computer, roughly 20K for the system itself, and probably 1K/year in a subscription for maintenance, with a contract termination and computer deactivation between 6 and 10 years out. That you can buy a $400 laptop and not pay for maintenance means the deficit is being paid for in other ways...