In November Sony Pictures Entertainment was hacked, a lot of the company’s data were made available on the Internet, and many of its computer systems were wiped clean. Last week hackers hit Anthem, the health-insurance giant, and potentially compromised 80 million records containing personal information, including Social Security numbers, that could be used to steal identities.
Modern life increasingly depends on information technology, and this dependence is for the most part irreversible. The networks and systems of the digital world are also unavoidably complex. Internet service providers, software vendors, credit-card companies, computer manufacturers, content-delivery networks, certificate authorities all work together to make the Web function for the benefit of society—but every one of these elements is a potential target.
The complexity of information technology has technical significance, because complexity is one of the greatest enemies of good security in system design and development. But it also has policy significance: Complex systems are very difficult to manage properly through a top-down, government-driven approach.
Yes, but distributed and decentralized approaches produce insufficient opportunities for graft.