Every Wednesday, my DevOps team has our weekly meeting. This past Wednesday was no different. The first topic on our agenda dealt with SSL certificates. (Real blast, huh?!) We were lamenting the recent trend into lowering the certificate validation period even further to 45 days. My obvious question to the group was “why?”. We have period limits to these certificates now, not to mention the strength of the cryptographic algorithms have gone way up from what they used to be. The thought of lowering that time period even more could lead to a monumental headache for IT groups across the world.
My mind, though (as it does), took this idea to “What’s next? What’s next? What’s next?”. To the point of questioning why we have them at all if the goal is to keep them so supremely safe that they become impossible to actually manage. And the answer, in the end, is it simply can’t. There will be a point in which it fails. Computers, the faster they get, and the more horsepower is thrown at them, will be able to crack these cryptographic keys. We can’t stop it. So, measures like this are thrown out there to help aid it as much as we can, now.
Which doesn’t make me feel better, and just leads me to the feeling that all of this is just theater. Like taking our shoes off sometimes at the airport.
Curtis, my IT manager, broke it down to me like this:
Most attacks are thwarted from basic cybersecurity principles. It is when you have an either really determined attacker or an unfiltered opportunity that attacks mostly happen. Look at a grocery store. While there is ample opportunity to steal, the rudimentary security keeps a good portion of folks honest. It’s the folks that have the intention from the jump, that you plan for.
Basically, what he’s saying is that it’s the idea of norms that keep us from stealing the apple. Keep us from hacking the construction company. Keep us from breaking in through the locked screen door.
That hit me hard when I realized it’s the same idea that we’re facing with yet another Trump presidency. For the better part 9 years, the ideas of norms in our country have come under attack. And they continue to be.
We shouldn’t steal the apple. We shouldn’t hack the company. We shouldn’t break in to the house.
We shouldn’t thumb our noses at legacy and decency and decorum.
And that’s what I continue to be afraid of.
