Insecure software is fatal. Is your software technology built ground up to be secure?
Ascension Healthcare ransom attack was near fatal. Reinventing software with security and privacy as a primary goal is the lasting solution for this problem.
In the May 8th Ascension health care system cyberattack, a neo natal ICU nurse at an Ascension hospital had a frightening experience of giving the wrong dose of narcotic to a baby because of confusing paper work. Software now drives our car, runs our hospitals, runs our finance, etc.
Software is pervasive and it is the medium through with we interact with one another.
Insecure software can lead to fatalities and financial losses and this is getting relentless. Is there now, a way to finally build software that is more secure? Understanding how cyberattack event happened, is the first step in building a lasting solution rather than sleepwalking to the next disaster.
Most of these attacks start with a message with a hook. The user is enticed to click a link and on clicking it downloads the software program. This malware program, starts executing looking for weaknesses. It does this either by looking at the network traffic or by scraping computer memory to get information that is sensitive like user id and passwords. In the case of ascension case, the data files were locked with a key, so it cannot be read by programs anymore, unless the ransom is paid for unlocking the data files.
Now you must be wondering, how come, software can scrape memory of programs that are already running. This is a legacy of design choices when software was first invented in 1950s. The original computers was meant to replace human computers. Security and privacy concerns was not part of the original design intent. It is this missing privacy and security aspects in our programming languages and environment that is leading to these defects.
Present day security solutions are just a band-aid.
It will not be able to solve the security concerns in a lasting manner. Hence the unrelenting successful cyberattacks.
So if given a clean slate, What should be some of the design choices of next generation software?
The present reality is a person has not one computer but many computers. With AI and networking, the number of devices per person is going to multiply. The new software languages and applications, will have to consider this reality and think of applications as a process with many devices across geographies.
Next generation would be a medium thru which we humans interact with each other. Given this reality, the next generation software languages should directly specify these interactions between people, devices seamlessly.
If the humans are going to interact then it should be done with security and privacy. The language should have enough facilities in it so security and privacy do not have to be engineered but is delivered out of box.
The next generation Software (Software2.0) hardware and software should have the above principles. Are your IT investments going into software that have these above considerations or are you running on 1950s software?
Next Gen connected AI world should be executing on Software 2.0 Technologies. Is yours?