Sign In

Communications of the ACM

Cerf's up

A Brittle and Fragile Future

Vinton G. Cerf

While this is not intended to be a dystopian rant, I feel strongly motivated to draw attention to the fragile and interdependent future we are creating through the use of programmable devices and systems. Some of you are, no doubt, rather tired of this theme, but as we equip cyber-physical and virtual systems with programs that animate their functions, it seems inescapable that over time they will become increasingly interdependent and that may produce vulnerabilities and fragilities that will be exploited by inimical parties or will simply create difficult and even unrecoverable failures.

Consider systems that use passwords and two-factor authentication to identify users. It is often advised to have alternative means for authentication: a mobile device, a distinct email account, a phone number, or an alternative means of identification. These kinds of interdependencies can lead to cascade failures where loss of access to one system initiates failures in others until a complex of authentication failures render a user unable to use any of them. Loss or cancellation of an email account or a mobile phone number may have later consequences if users do not remember to revise all accounts dependent on these alternative means of identification. They may discover the oversight just when the alternatives are vitally needed.

Multiple platforms that support common services such as Alexa or Google Assistant may be concurrently invoked, leading to confusion as to which is "in charge" at the moment. The situation is exacerbated when multiple users are interacting with the same set of platforms or when the platforms are distant from one another. Conflicting commands from authorized but uncoordinated parties could easily lead to instability or even damage physical and virtual systems.

An analogy might be apt. Personal computers were designed initially to be exactly that: isolated computers for personal use. But before long, they became valuable avenues to access and use of the Internet. Not much thought had been put into the security of these systems when they were stand-alone devices and viruses and worms were already propagating by Sneakernet via floppy-disk drives. The Internet and its predecessors including bulletin board systems were new vectors through which malware could travel and various attacks could be executed. A great deal of effort had to be expended to improve the resistance of personal computers to various forms of attack and failure.

Concerns for safety, security, privacy, and control must be assuaged by systematic analysis of increasingly complex use scenarios.

Many of the devices that are considered cyber-physical systems may suffer from a similar oversight. Often the designers see them as a single-user device controlled from an application running, for example, in the user's mobile smartphone. What is emerging, however, is a highly connected ecosystem of devices and networks with emergent properties derived from the rich, diverse, and distributed connectivity they exhibit. Concerns for safety, security, privacy, and control must be assuaged by systematic analysis of increasingly complex use scenarios. It might even be argued that these analyses will need to be carried out automatically just to keep up with the non-linear growth in potential use cases and device interactions as the devices proliferate.

The designers of devices that populate the Internet of Things have an ethical responsibility to be attentive to the hazards their interactions may create and the companies that market the devices and their services may ultimately be charged by society with liability for their failures or the abuses they invite. It is not too early to begin thinking about these kinds of problems and how they might be addressed technically, legally, and ethically by the engineers and scientists whose advances make new capabilities possible, but which may have unknown consequences as their use proliferates.

Back to Top


Vinton G. Cerf is vice president and Chief Internet Evangelist at Google. He served as ACM president from 2012–2014.

Copyright held by author.

The Digital Library is published by the Association for Computing Machinery. Copyright © 2017 ACM, Inc.


Teodulfo Espero

The All Important Afterthought
By Teodulfo Q. Espero
Associate in Science in Mathematics
Hartnell College

Daily life, especially in developed countries, have grown a large dependence on computing and the interconnection that it offers. Information on demand has been the maxim of those who use and rely on them for information (and basis for decision). The initial idea of the Internet has always been the open transferring and sharing of information between its users. Security and information safety came to be as a mere afterthought despite the danger that it holds. Not a lot of people had access to the early evolution of the Internet, only a handful of scientist and researchers had access or even knew that it existed.

An article published by the Washington Post clearly illustrates the concern. It mentioned that the founders (creators) of the Internet saw the promise of interconnection but placed the concern of its abuse and the damage it can pose secondary (Timberg). Further in the article, it suggests that though security did indeed enter the development phase, the designers did not emphasize as much effort on how to wreck the system for the mere reality that getting the project off the ground was a definite challenge in itself.

Even if its creation was initially for the military to make use of the current advancements of computer technology against the threat of a nuclear attack (Lukasik). The Internet today is accessible to around 3 billion of people (Davidson), a far cry from the number of researchers accessing it back forty years ago. Though its impact and apparent use as a backbone to our modern economy was just a theory back then. Todays Internet is vital in moving massive amounts of information in electronic speed. The utopian idea of openness may have transformed itself as a dystopian realm. The economic, personal (albeit emotional) damage arising from its abuse is very much imminent today than it was forty years ago. Just as the number of deaths caused by automobiles were not handled during its invention. The movers and shakers of todays Internet should see the trends and the ominous threat to its existence and survival in the future. In the future, playing catch up with those who attack the Internet may become more damaging than today. As AI and the Internet of Things enter the living mainstream of humanity. Todays protectors of the Internet will have to begin early in anticipating the future misuse and abuse (Cerf).

Works Cited
Cerf, Vinton G. "A Brittle and Fragile Future." Communications of the ACM 60.7 (2017): 7. Print.
Davidson, Jacob. Here's How Many Internet Users There Are. 26 May 2015.
Lukasik, Stephen J. "Project MUSE." 2011. Why the Arpanet Was Built. Electronic Document. 8 July 2017.
Timberg, Craig. Net of Insecurity: A Flaw in the Design. 30 May 2015. Website.

Jon Meads

I suspect the main problem is that too many companies are employing coders who are not trained in or managed by people who understand what software engineering is all about. I remember one contract I had where I was pointing out aspects of the development that could lead to problems such as hacks and user difficulties. The manager told me that she did not want any "naysayers" on the team and that I should not be bringing up such issues. I suspect that similar things are happening with today's development where management is rushing to get things out the door.

Displaying all 2 comments