Complexity Is The Enemy of Security
Philip Reiner with Eric Grosse
In this segment, Dr. Eric Grosse argues: “Much of the security progress over the past decade has been at large-scale, finding and patching vulnerabilities in widely used applications or defending networks of millions of machines containing high-value data. The lessons there may help military systems, but for the very highest security needs such as NC3, we ought to return to basics and harden small-scale systems. And we ought to do it as a joint effort, even between adversaries.” This segment presents an intriguing and critical assertion for those involved not just in the design and development of NC3 related systems – his assertions and ideas are of relevance across the security spectrum, from Homeland Defense to tactical comms. We hope you all enjoy this piece as much as we have, and we look forward to your feedback and thoughts. Dr. Eric Grosse was Google’s VP of Security & Privacy Engineering, having just recently retired in 2017. Before Google, Eric was a Research Director and Fellow at Bell Labs. He has a Ph.D. in Computer Science from Stanford University.
This podcast is accompanied by Eric Grosse’s paper “Security at Extreme Scales”
The Fourth Leg is a series of podcasts focused on one of the most complex systems in the world today – nuclear command and control – and its increasingly complicated future. Within this series we go straight to the experts, across multiple sectors, to discuss the modernization of nuclear command and control systems.
Along with colleagues from the Nautilus Institute and the Preventive Defense Project, IST recently hosted over 50 international experts at Stanford University to anticipate technical challenges that will arise from the modernization of complex nuclear command and control systems. We aim to spotlight some of the vulnerabilities within a modernized NC3 system while furthering the conversation with this series.
Keep an eye on IST, as we will begin additional podcast series in the coming months focused on how to fix the internet, AI and global stability, and other critical tech and security issues- for now, we have so much more to talk about, so let’s get started.