Brexit Deal Includes Netscape 4.x, SHA-1, and JPEG2000

As technologists, we need to do better. Surprisingly, the 1,246 pg UK Brexit deal includes references to Netscape 4.x, SHA-1, JPEG2000, & non-cloud infrastructure models. It's mix of outdated file standards, tools, and design practice. It's easy to dismiss the fact the authors suggest aged cybersecurity encryption algorithms and applications from the 1990's. The real question is why? The problem we are facing is much larger than a "cut and paste" error. The pace of technology is increasing, but we must bring non-technologists along with us.

As professional engineers, cybersecurity scholars, cloud computing professionals, and technology practitioners, the latest standards, versions, and solution stacks are intuitive to us. They are second nature to us, we regularly apply emerging technology to solve problems. We are the creative class Richard Florida described, knowledge workers defined by Tom Peters. We use the latest package managers, version controlled repositories, and libraries in our designs, deployments, and daily builds. We design for resiliency using agile approaches with our product teams and apply DevSecOps techniques for our Software Factories.

While we advocate for simple concepts like encryption at rest, encryption in transit, loosely coupled architectures, it is clear non-technologists are not processing what we are saying. How do we know this? As evidenced in the Brexit deal, we see plain text connections in the diagram, product versions from decades ago, and design patterns that will not scale. Perhaps what is most alarming is the absence of approaches such as application programming interfaces, distributed ledger technology, zero-trust concepts, identity protections, access controls, governance models.

The list goes on and on. But who is to blame for these seemingly glaring omissions? Some suggest it's a cut and paste clerical error, but even at that I would expect a reviewer to question the ciphers for securing DNA profiles, fingerprint data, and vehicle registrations. The combination of SHA-1 (outdated since 2015) + Netscape (h/t Web Design Museum) + DNA profile should make us cringe.

As technologists, we need to do better. Communicate differently, collaborate in new ways, share the vision with new techniques, demonstrate improved methods. I am convinced the solution, in part, lies with engineers, technologists, researchers, professors, and practitioners.

I recommend the Brexit authors start with core foundational standards to design modern #cloud #architecture for #scaling & #security. There are so many helpful resources, I included 4 that focus on cloud, cloud cybersecurity, re:invent conference proceedings, and even a lab with hands-on instruction to build a distributed ledger to manage vehicle titles!

In additional to the technology standards, we need to appropriately address the ethical use of the data collected. It's time for the non-technologists to treat technology as essential to security and design of systems, not merely an "after-thought."

The challenge before us is to step out of our technology domain and work across boundaries to improve the way we are working, the concepts we are advocating, and created scalable, secure, safe platforms on which future communities will build.
​
References:

• NIST Definition of Cloud Computing SP 800-145 (Mell & Grance, 2011)
• Assured Identity for the Cloud (Daniels, 2011)
• IBM Blockchain Hands on Lab, Distributed Ledger (IBM)
• AWS re:Invent Replay starts on 12-January with over 200 sessions.

---