Javier Milei has famously said that his contempt for the state is infinite. A great number of populist politicians, in recent days, would probably say something along the same lines. This is one of the standard tenets of conservative, or right-wing, politics: government is best which governs least. The idea is that government is inefficient, and should be minimal, at best, in order to allow for business to maximize productivity, and therefore, in theory, prosperity for everyone.
As a security professional, I know that this principle, while appealing to very many, needs to have serious limits placed upon it.
For a number of years I held the certification known as the Certified Information Systems Security Professional. As professionals, of course, we are primarily involved in supporting business. After all, very few individuals can afford to hire us, and so the people who pay us are businesses, and therefore, we owe some fealty to the hand that feeds us. But there is that troublesome mention of security.
Those of us in security, and particularly those of us who hold the certification, know about the security triad. These are the three pillars of security. They are not universally acknowledged, nor are they complete. But it is an important principle to understand about security. Security consists of multiple components, some of which are inherently in conflict with each other.
The triad is officially designated as confidentiality, integrity, and availability. Confidentiality and integrity are, primarily, about control. Businesses like control. So they concentrate on confidentiality and integrity, and especially confidentiality. But there is that troublesome mention of availability. Now, to a certain extent, availability is about control. Or, rather, it is about *pretending* to control things that you actually cannot control. You cannot plan for disasters. At least not completely. You can plan to have systems and tools in place to enable you to weather some kind of storm, or to wait out a disaster. But you very seldom know when that disaster is actually going to happen. We do not actually have control of these things. We just pretend that we do.
But, the thing is, that discussion of availability, and the ability to be resilient in the face of some kind of disaster, almost inevitably brings up the topic of safety.
Safety, very much like privacy, is actually a pretty nebulous concept. One person's safety is another person's unwarranted interference. But, the thing is, governments are not in the business of, well, business. Governments are in the business of safety. Governments are there to keep us, all of us, safe. Governments are in the business of keeping us safe even from government. And certainly from other governments. Governments are in the business of keeping us safe from people who think that they should be able to lord it over us, or take things that we consider ours, or attack us, or even take our lives. That is the purpose of government: to keep us safe.
And, as those of us who have seriously worked on this issue of availability, or business continuity planning (as the businesses tend to look at it), or emergency management (as the government specialists tend to look at it), at any rate as all of us who study this field, whatever it may be called, know that resilience is inefficient. As a matter of fact, efficiency, which capital is businesses prize above everything else, is antithetical to resilience.
As evidence of this fact, I offer you the pandemic. For decades, or even centuries, businesses have been pursuing capitalist ideals, and productivity, and efficiency, above pretty much everything else. And then along came the pandemic, which pointed out, in rather drastic terms, that efficient systems are fragile. When you have a completely efficient system, if something goes wrong, if anything goes wrong, then the whole system just collapses.
It's efficient, but it isn't safe.
No comments:
Post a Comment