I started Digital Bond in 1998 to develop a product to secure stock trading transactions over the Internet. A smart card (chip card) would be the second form of authentication and digitally sign every transaction for non-repudiation. This would prevent man-in-the-middle, watering hole and phishing attacks … although phishing wasn’t even a thing back in ‘98.
We had demos showing how we could trick someone to going to a fake Fidelity site, capture their credentials, and various ideas of what a criminal might do with a credentials to numerous accounts. We had demos on how our solution prevented this. As soon as people understood the risk they were taking, they surely would want to address it.
But no they didn’t.
The Internet brokerage market grew quickly and then steadily to being the way most retail customers trade today. About 20 years later some level of secondary authentication has been added, but nothing as strong as what we had developed.
I was reminded of this while listening to a recent Ben Thompson interview with Marc Andreessen on Ben’s Stratechery show. Here’s Marc’s pull quote:
Look, I’ve been dealing with this, the minute we launched the web browser, people were like, what about cyber crime, and what about this, and what about hacking, and personally all this stuff, people stealing credit card numbers. You know what? That all happened. There’s still ransomware attacks happening over the Internet today, all that stuff is still happening and whatever other things people don’t like about the Internet, it’s all happening.
Yet at the same time, I think it’s just very clear if you did a societal accounting, it’s been a gigantic advance.
There are two takeaways from these two anecdotes.
- Companies and people will accept a certain level of loss due to fraud or other causes. Often much higher than security people would understand or accept. Credit card companies stop spending money to reduce fraud when it gets down to some percentage, in the 90’s it was between 2 and 3%. Internet brokerages were willing to accept that there will be every day losses due to fraud. Similarly, the operations group that uses OT regularly make choices that balance cost and reducing outages or scrap. Zero OT cyber incidents and zero OT cyber incident impact will not win.
- Secure by design is bound to fail. We should aim for secure enough by design so a catastrophic or high consequence event cannot be caused by a security flaw. (more on this in future articles)