Sunday, May 14, 2017

Lessons from the Global Ransomware Attack, Part 1

How should we protect against future attacks such as the ongoing worldwide ransomware attack?  There are no easy fixes but we can draw some lessons.<p>
The standard response from computer professionals for these types of problems is "update your system." Unfortunately, not all systems can be kept up-to-date.  Many operations can't be shut down because the physical plants that rely on those systems can't be shut down. Economics also limit the speed with which hardware and software can be updated.  And let's face it, software updates often require hardware updates.<p>
I have written before about the problems with relying on Moore's Law to fix your design problems.  Computer systems are maturing and will not be replaced as frequently in the future.  And relying on upgrades to eliminate your design problems is simply bad engineering.<p>
The designers of safety-critical systems have become used to creating software that works.  The rest of the software industry has not yet caught up.  Unfortunately, given the ubiquity of computers and the widespread use of both purchased and open-source software components, we can't make a clean distinction any more between systems that require high levels of reliability and those that do not.  The patients of Britain's National Health Service have learned that lesson.

No comments:

Post a Comment