Cybersecurity, Safety Barriers, and Secure by Default
Rarely are systems secure out of the box; in fact, quite the opposite, most of the time we turn off every possible security feature or setting in the desire for expediency.
Above we have such an interesting question about the security barrier in the retweeted video.
"Name one thing in security that works this way."
In the video, we've got a huge bin being emptied, and as it's pulled out of the ground, a safety barrier comes up so that no one can accidentally fall into the hole that's opened up as the bin is being emptied.
Here's what's happening:
- During maintenance, the service enters a different mode. The service is unavailable during this time.
- The maintenance event exposes a known temporary security vulnerability.
- During the maintenance period, a secondary mitigation is automatically implemented to reduce the risk to end users from this temporary issue.
Metaphors
What might this be a metaphor for in cybersecurity? Obviously, it's a smart thing to do and a safe thing to do. Where do we do something similar in cybersecurity?
Nothing that matches up perfectly immediately springs to mind. I'll have to think about it. But, that said, many issues in cybersecurity are related, such as "secure by default."
I think the original poster is suggesting that we never do the part where the extra barrier comes up, which I would call "secure by default" thinking. This is definitely the case in technology, as very rarely are systems secure out of the box; in fact, quite the opposite. Most of the time, we turn off every possible security feature or setting out of a desire for expediency.