Two men, Robert Oppenheimer and Edward Teller, are usually called "the Fathers of the Bomb." That's Bomb with a capital B, which is followed by C, which is for Citykiller. Oppenheimer took the lead in developing the atom bomb. Teller then took Oppenheimer's work and did a very Spinal Tap, "turn–it–up–to–11," inventing the hydrogen bomb in the process.
Usually, Oppenheimer is portrayed as a humanitarian who was staunchly opposed to nuclear weapons, and Teller… well. Popular myth says Stanley Kubrick based Dr. Strangelove on him.
Of course, the reality isn't so simple.
I don't recall where I first read this, but I once read a compelling argument that Teller wasn't in favor of nuclear weapons. He was just in favor of reality. The reality was the hydrogen bomb could be built and the Soviets knew it. The question wasn't whether the hydrogen bomb would be built, but only who would have it: the Soviet Union alone, or the Soviet Union and the United States.
Teller looked at that bleak reality, made his bed, and laid down in it. So did Oppenheimer. Teller decided we needed the hydrogen bomb, and Oppenheimer decided the world had gone crazy and wanted no more of it. Ethicists today still argue over which one was right, and will still probably be arguing about it 100 years from now.
My colleague Ira Winkler has been writing about the MBTA hack in his last coupleof columns. I'm not going to weigh in on that one, at least not here. I'm only going to suggest that we are all becoming Tellers and Oppenheimers. The Tellers of the world say, "These flaws exist, they will be exploited, by bringing them to public light we are forcing people to fix them, by keeping them obscured we are allowing people to delay and temporize."
The Oppenheimers of the world say, "Expose them to light responsibly, which is to say slowly, if ever. Our world is too complex and fragile to have bricks thrown at such critical underpinnings."
Ira makes some good points when he talks about the ethical dimension of the MBTA hack. My disagreement with him stems not from what he says, but from what goes assumed: he seems to be an Oppenheimer, while I seem to be a Teller. There's no shame in being an Oppenheimer -- he was, by all accounts, a most rigorously ethical man -- but neither is there folly in being a Teller.
My point in talking about all of this is not to argue for either side. It's to point out the fact that our infrastructure is fragile and our attack surface is approaching infinity. Already, x–ray imagery is being sent to the operating room via the network. Voice over IP is increasingly replacing copper–wire phone service. SCADA systems are wired to the network for ease of monitoring. A single network outage can threaten the life of a patient on the operating table, a terrified homeowner calling 911, and our ability to run water treatment plants.
Before, it took a Teller, an Oppenheimer, and some top–drawer genius with access to millions of dollars in R&D funds to be able to mount attacks like these against a population. Today it just requires a few smart geeks with college degrees and a few years of experience at breaking systems.
Imagine what it will be like tomorrow.
I think the central ethical question facing security geeks is both very simple and very complex: Given the choice between being a Teller or an Oppenheimer, which should we be, and why?
— Robert J. Hansen, freelance hacker and computer science doctoral student at the University of Iowa
This blog is part of Internet Evolution’s Security Clan, which looks at the present and future threats to Internet security and the methods being used to defend and protect users and organizations. Register here to join the Security Clan, and you might become eligible to win one of our limited edition T-shirts.
For the most part, I agree with you. The older I get, the more I find myself agreeing with Celine's Laws -- a set of philosophical principles invented by Robert Anton Wilson and attributed to one of his fictional characters.
National security is the chief cause of national insecurity
Honest communication only happens in a non-punishing environment
An honest politician is a national calamity
#2 seems very appropriate to the Teller versus Oppenheimer debate. If we know that we can be punished for telling the truth, we suddenly have a vested interest in lying. I don't think that's any way for a society to be.
(read 'laws' here) <-- was that suppose to be a link?
"I believe in free speech, free information, freedom to say and do whatever we want"
That often gets me into social trouble in real life...especially when it comes to politics talk...I said loudly that I'm voting Republican this time around and that I thought Palin's acceptance speech was supercalifragilisticexpialidotious in front of Obama fanatic "friends"<--acquaintances really.
I am obviously not a politics "cheerleader" even in an election year...and if I were to 'freely' say 90% of all political 'promises' are hogwash and at the end of the day, no one wants our country to lose......
Publicize every flaw. Climb every mountain. (Where did that come from? My subconscious seems to be acting on its own...) Get everything out in the open and let the chips fall where they may. (Subconscious again. I'm talking in mixed metaphors today.)
I don't think network vulnerabilities are in exactly the same class as the hydrogen bomb. But what do I know?
I believe in free speech, free information, freedom to say and do whatever we want, and freedom of people. I don't believe in censorship, or in any sort of suppression of information. I don't want my government, or anyone else's for that matter, to protect me from myself or from the ideas of others.
I have little respect for secrecy, and none for aribitrary rules (read 'laws' here).
Security is vastly overrated and often presents more of a threat than the problem it is supposed to cure.
Insecurity is responsible for most security issues.
Destruction of information is far more serious than its dissemination.
Thanks for listening. I seem to be a bit radical today. (My knowledge of chemistry is not good enough to know where free radicals may fit into this discussion, though.)
Thanks for the excellent comparison you drawed from the history of the H-bomb. It perfectlyy fits two schools of thoughts in Enterprise Security. I made a "Teller's contribution" to Ira's Post in disagreeing with the ethical and /or legal issues surrounding the MBTA saga. Fron reading your post and other related references, Teller was a Pragmatist to the highest degree. I don't devalue the Oppenheimer's approach but i think it cannot get the job done for us. If as you said on your post that our attack surface is approaching infinity, then only a Teller's approach can realistically do the job for us.
Most Enterprises by taking an 'Oppenheimer" view on security have stifle innovative solutions and in the process hindering advances that will make us more safe. Some enterprises can not even report a breach of security in their systems lest alone have the audacity to conduct research on potential vulnerabilties. All this is been done to sort of safe guard the reputation of the enterprise. While this action would serve their selfish objectives very well, it stalls innovative measures that would otherwise would have remedy the vulnerabilities.
Let their communities know when they believe they're being ripped off. I believe that's what these students were doing; they saw another exepensive public works project that seemed like a contractor was taking advantage of public money by providing a substandard product, and they wanted to expose it. It's hard to say whether the contractor was negligent, incompetent, or just trying to get something "good enough" to beat the deadline, but the students felt it was important to bring this to light.
Now the transit authority is trying to cover up their embarrassment by making the students into scapegoats, just like when idotic city officials over-reacted to the Aqua Teen Hunger Force ads and tried to accuse the artists who installed them of terrorism. Public officials will always try pull strings and change the rules to hide their own stupidity and incompetence.
"They are telling a terrific tale of widespread security problems, but they still have not provided the MBTA with credible information to support such a claim," says Joe Pesaturo, a spokesman for the MBTA. "It's that simple." <-- doesn't that already sound problematic?
and the defcon reastraining order, I'm beginning to wonder if those guys went to the seamingly arrogant and pompous MBTA first.
wait, did I just say something derogatory about a transit authority?
I will blindly say that the 3 folks from MIT played it NICE!!
Here is a quote from this article(granted it is from MIT Technology Review, hehe):
"MiFare sold a lousy product to customers who didn't know how to ask for a better product," he says. "That will never get fixed as long as MiFare's shoddy security is kept secret." He adds, "The reason we publish vulnerabilities is because there's no other way for security to improve."
and
"The industry should view the MIT students' work as a free service that could ultimately lead to better security. Although there has been plenty of academic research on the security of RFID, he says, little has yet made its way into products. "The core of the problem is still industry's belief that they should build security themselves, and that what they've built themselves will be stronger if they keep it secret," Nohl says."
In this particular instance, I biasedly side with Teller (I just happened to have ran the ez-pass so many times that I got POUNDS of notices in the mail...still unresolved which is a nightmare, good thing I don't need an ezpass where I live now).
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
Whenever there's big breaking news, we pundits are expected to have answers, to be on top of things, to be ready in an ever-changing world at a moment's notice to tell you which way is up.
The New Year is upon us, and that means it's time for both hope and criticism. If we never look back, we won't see our security failures, and if we never look to the future, we won't see potential successes.
Dear Santa: Thanks for the Droid you left, and I really did need a big stack of DVD-Rs, and the Kindle was really nice... but really, Santa. Weren't you listening? I mean, these were the sorts of gifts I told my friends and my family about. The things I really wanted I only told you about, because, honestly, it seems like you're the only one who could possibly give them.
I was going to write something witty and incisive for a column and even had a subject picked out: the interplay of privacy, software, networks, and people, and how something we call "security" emerges from that tangled mess. That was before the Pundits' Union went on strike, which you can read all about in The Onion, our newspaper of record: "Nation's Experts Give Up."
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
The release of Microsoft's newest OS raises the question of the company's relevance in an era when Google dominates applications and search, and Apple runs circles around Redmond with its gadgets and user interfaces.
Microsoft reportedly has plans to integrate Windows Live and even Xbox with Windows Mobile. That may provide them a strategic advantage, but what will the cost be to your privacy? Tom explains all.
Techies are going crazy over the possibility that Google might design and sell its own Android phone. Some writers say it's a very big deal. Reiter questions whether it will happen and, if it does, whether it even matters.
Ever since the iPhone debuted, cellular manufacturers are rushing to incorporate touch screens into their phones. Alas, cellphone touch screens have significant problems that can actually harm business productivity. And doing business isn’t about getting the high score on Super Monkey Ball!
Both the federal intelligence agencies and the metropolitan police forces are likely monitoring your social networks. So should you lay low, or make it worth their while?
Companies used to be confident they'd know exactly what a cellular OS would look like out of the box. Today, that confidence should be fading. Reiter discusses how a cellphone OS's looks could be deceiving, and why businesses need to understand it.
E-discovery is the requirement to make available all digital information related to, and in conjunction with, a legal proceeding. An appeals court ruled recently to limit the scope of e-discovery searches, which gives corporate counsel and IT executives a bit more power over the e-discovery process.
Google Chrome isn't pretty like other OS GUIs, but it's the first OS ever designed from the Internet inward to the desktop instead of the other way around. Crochet a nice border for a Chrome OS window if you like, as long as you realize the world of the cloud will change our conception of desktop computing forever.
When Reiter gets incensed over incompetent Verizon FiOS order-taking and support, he broadcasts it via Twitter. Did it do any good? How should your company offer Twitter support? Watch this for all the answers.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
