9. The Application of Cybersecurity: Principles and Practices 223 hackers? Is it possible that they could use the information themselves for nefarious purposes, like identity theft, blackmail, or password guessing? We should avoid unnecessary trust relationships and oversharing. Trusting trust has important ramifications for AI. Machine learning is an AI technology that performs layers of calculations on enormous data sets. Due to its complexity, the outputs it produces are not easily proven or explainable, therefore, some measure of trust is required to evaluate AI-driven recommendations. If we start seeing AI as a superior form of intelligence, even if we are skeptical about its conclusions, we may be inclined to trust it over our own instincts. For example, if some day in the future the military began using AI for war planning as a substitute for the judgement of generals, as a society we would be placing a tremendous amount of trust in technology. Some might argue this trust is well-placed compared to human judgement which history has proven to be liable to error, biases, and vanity. Others might argue that hidden in its complexity is the potential for bugs and malicious hacking by our adversaries, making it less trustworthy. As a society we are steadily marching towards a future full of these kinds of dilemmas in the fields of medicine, law, and the military. One thing is for sure: as we become more dependent on technology for more consequential decisions, cybersecurity will become that much more important. The principle of trusting trust boils down to examining trust relationships and then deciding what course or action to take based on the perceived risks and benefits. 9.1.4 Simplicity “‘Tis the gift to be simple.” - from the Shaker hymn “Simple Gifts” Several times in this book we have highlighted how complexity is the enemy of security. The more complex something is, the more difficult it is to understand—in other words, there is less light and more darkness. In this darkness there are potential vulnerabilities and places for attackers to hide. When it comes to security, the more light (both literally and figuratively), the better. The principle of simplicity states that simplicity should always be pursued. There are a couple of straightforward implications of this principle. One, because simple systems are easier to secure than complex systems, and the more features a system has the more complex it is, unnecessary features should be eliminated from systems. This advice is counterintuitive because it is generally understood that more is better. If a person is trying to decide which app to download from an app store, and one app has just the core feature needed and the other has the core feature plus bonus features, it is tempting to believe that the app with more features is better. Even if a person is not sure if or how he would use some of the bonus features, he might imagine that those extra features could come in handy someday. This reasoning, however, does not take into account the added risk that these unused extra features pose. The app with more features is more complex,
RkJQdWJsaXNoZXIy MTM4ODY=