Klaus Schwab warned, “We all know, but still pay insufficient attention to, the frightening scenario of a comprehensive cyber attack, which would bring a complete halt to the power supply, transportation, hospital services, our society as a whole.”<p>I think one vector might be global root CAs. Banks stop so you cant transfer cash, ATMs stop dispensing cash, flights cant be booked. The only thing that will work is btc, assuming you have some in a wallet.<p>What else is the SPOF, where "single point" can be read as the order of 10^2 orgs?
CAs are a horrendous weakness, but are still a "pillar" weakness and
not even a "base" problem. In other words the threat exists not
because of a base technological capability or necessity, but because
we _choose_ to stick our fingers in a blender and play with the
switch. Like the liquidity deadlock persisting the post 1929
depression these things happen because humans, collectively are
clinically insane in surrendering before systems (hubris, pride,
social control). No one dares to override the system. In reality
decisive emergency action can mitigate such sticky situations.<p>We also worry about existential threats from "class" points of
weakness. Like a mathematical breakthrough that makes factoring large
primes or mapping elliptic curves trivial. Again here, one can imagine
that were it possible to entirely switch-off encryption and return to
early 1990s operation, even a catastrophic class failure would not be
that bad - we'd just have a massive cybercrime and infosec problem
instead of a systemic failure.<p>Real dangers come from systems where logical regression is strictly
not possible. A base weakness like a backdoor or fault in every ARM or
Intel processor that could brick half the devices on Earth is a likely
cause of widespread civic harm - because it could be unrecoverable,
turning devices into e-waste overnight. Crowdstrike had a flavour of
this because it reminded us that computers are actually pieces of
hardware in data centres that can need manually rebooting or need
human physical intervention at scale.
It's not about a single point of failure. It's about lots of different systems, each with their own unique set of vulnerabilities, and a well-resourced adversary picking them off one-by-one, escalating privilege, gaining persistence and then... doing nothing, because they're not at war... <i>yet</i>.<p>It's like building up an arsenal of ICBMs without ever using them, but when they do get used, they're launched all at once.
Shodan [1] is not the only place active vulnerabilities are stored up. Each nation have systems that track vulnerabilities and scripts can be stored up to mass exploit all these systems all at once. And that is just for internet facing crap. There are also systems designed to be weak. Anything with SSH default settings <i>especially multiplexing</i> and sudo with weakened <i>lazy</i> settings <i>such as passwordless or passwordless with timeouts</i> are easy targets for phishing and establishing a RAT without any additional software meaning no malware is required, no bugs are required and nothing would be detected, ever. The existing state of the internet was not designed to handle nation state level attacks and fixing that requires adding friction that people simply will not accept. It's a hackers paradise.<p><i>TL;DR The biggest weakness of the internet is human nature.</i><p>[1] - <a href="https://www.shodan.io/" rel="nofollow">https://www.shodan.io/</a>
Ah yes, the classic “society collapses because a TLS cert expired” scenario. I love that one.<p>To be fair, you’re not wrong -root CAs, DNS, cloud infra… we’ve basically built the modern world on top of a Jenga tower made of YAML files and third-party APIs. And yeah, a well-coordinated takedown of a few dozen orgs could make things very spicy.<p>But let’s not pretend it’s that easy. Most critical systems have failovers, redundancy, and monitoring. Banks aren’t going to fold just because Let’s Encrypt has a bad day. (Unless you’re Silicon Valley Bank… then maybe.)<p>Still, the scary part isn’t a single failure. It’s that all our “redundancy” loops back to like 50 companies we pray don’t screw up at the same time. It’s like putting all your backups on the same USB stick… and then losing it.<p>So yeah - not doomsday just yet, but definitely not great. Maybe worth more than zero attention.