The Security Butterfly Effect (LISA ‘07)
Sunday, November 25th, 2007After I found out that my LISA ‘07 talk about The Security Butterfly Effect had been scheduled for 2pm on Friday – the last day of the conference, and just before closing ceremonies – I decided my job was edutainment, more than education.
I’m prone to involving my audience in the talk at the best of times – and this was no exception. Heckling was welcome and encouraged, and audience participation was as mandatory as possible with your average herd of sysadmins.
That aside, the general gist of the talk is this:
“Small variations in the initial condition of a system may produce large variations in the long term behaviour of the systemâ€
Most of us don’t actually know what the initial condition of our system (environment, if you prefer) is. As such, we make countless assumptions every day about the initial state of our system. With the increase in automation and automated processing of information, the assumptions that we’re functioning under are often neither ours, nor visible to us. The rise of the machines and vast increases in complexity make it easy to miss that first small misstep that leads to later, catastrophic events.
A much more interesting topic that I didn’t really explore is the interaction of complex systems, where singly innocuous changes become serious vulnerabilities in combination.