Crocker calls for “creative destruction”


27 March 2014
Crocker calls for “creative destruction”

Put yourselves out of business – this was the challenge that Dr Steve Crocker, Chairman of the Board at the Internet Corporation of Assigned Names and Numbers (ICANN), issued to delegates at BlackHat Asia 2014.

In his presentation “Let’s fix this mess”, Crocker took the audience on a tour through history, back to the birth of Arpanet as a four-node network in 1969, connected by routers the size of a fridge. Since then, there has been a dramatic growth in what came to be known as the Internet. Where in its early incarnation it was mainly an academic and research network connecting students and geeks, now “everybody and everybody’s mother” knows about the Internet.

The positives of this have been the emergence of email, Skype and Google, which have changed the world. But a handful of negatives have also crept in, such as spam, fraud, espionage and surveillance issues. “We have a much more complicated world than when we first started out,” he said. “Systems have grown bigger and bigger (but) we have not made them stronger.”

“Over time we have things that, to my eye, seem to be patches - band aids to systems,” he elaborated, pointing to the proliferation of firewalls, IPSes, IDSes, and other solutions that have spawned an entire industry.

It is a signal of how bad the problem has become, he said. And while it is worthy work and helps create jobs, he wonders if, from a longer term perspective, “we can do better”.

He gave the analogy of the automobile. When he first started driving in the 1960s, cares were “semi-reliable”, he said. Today, there is rarely a situation where he has to think about why the car does not start.

Computers, by and large, have also become more reliable, but “we are still a long way from feeling comfortable about systems”, he said.

In part, this is due to complexity driven by scale, growth and demand for new applications and novel uses, and a wider set of users. “You can’t demand that every user goes through a security course, and it won’t help even if you could.”

The challenge, then, is to build systems that are stronger and more reliable, so that standard methods of use do not lead to newspaper headlines about massive disclosure of data. Calling for “creative destruction”, he said, “You know where the holes are. With a bit of reflection, you know how problems were created in the first place and you can think about how they can be built in a way that makes it possible for us not to be here.”