Unintended consequences—we don’t mean for them to happen, but they do because we fail to consider even the most obvious issues surrounding the situation that exists before us.
Take kids’ fruit and vegetable pouches, for instance. You know those pouches for youngsters that are moving from milk to solids. Remember the time when we made stuff ourselves for our 1- and 2-year-olds? OK, maybe not.
Regardless, with our new grandchild born just as I pen this, the ones that have gone beforehand have taught this old dog some new tricks.
Pouches with pureed food in them are a great idea. The food industry came up with the idea to move the product from a jar to a pouch. What could be the problem with that?
As it turns outs out, a bunch.
Imagine a 9-month-old eating broccoli and cheese lumps from a plate on the high-chair table, albeit with their hands. Now imagine a 2-year-old eating a fruit pouch. There is no plate, no utensils, no standing still since it is effectively drunk while on the move. A pacifier, you may ask?
Other unintended consequences could be lack of portion control, taking in nourishment too quickly, lack of learning about food texture and many other items of concern for a young culinary mouth. Obesity comes to mind in later years.
Imagine now that this 2-year-old is eating French toast or anything, for that matter. The food gets sucked until it dissolves; thus, this child will not eat broccoli or cheese. The child will eat soft foods only because the child doesn’t chew. Will this child grow out of it? Probably, but the ability to try different foods and stay away from "he won’t eat anything green" is truly limited.
Well, the unintended consequences of the Internet are many, such as email fraud, ransomware, phishing without a rod and reel—well, you get the picture. It’s about trust.
The Internet has destroyed trust in so many things due to the lack of security. But it isn’t the responsibility of the Internet to provide that, is it?
HBO has been hacked, and the hackers can truly bring down this large enterprise. The “Game of Thrones” franchise is a huge money maker for it. I don’t think Netflix has suffered from “Orange Is the New Black” leaks, but it makes one wonder how unintended consequences can affect us.
I don’t blame the packaging industry for the food-pouch dilemma. Nor do I blame the food industry. They are selling convenience.
Well, isn’t that the same for the Internet security industry? Let us do it for you, they tell us. We will provide you with the tools to stop hackers in their tracks. But, by the way, we have to leave some of the configuration and installation up to you, so we don’t have any responsibility. But we may not tell you.
The responsibility is all on us, but, just like it’s on the parents of the children who don’t know the basics of chewing and eating due to drinking their food; this responsibility is not necessarily known to us. I did a research project on remote access earlier in the year, and I heard or read many times about the fact that it was the user’s responsibility to configure and implement security.
I submit that hardware VPN companies or any VPN software solution is selling convenience while hiding the fact that the implementation is the responsibility of the user. It smells like an insurance policy, and you know how that works.
They talk about the hardware—we love hardware. Once you implement it, because it is way easy, you will be safe. Except for the intended consequence of having the OT guys implement the solution. And of course the IT guys, who are enlisted to provide that user-level security we so desire, don’t really know about this implementation.
And then the next unintended consequence is a breach. You implemented the remote-access solution to aid in the ability to support the industrial control system, for your own convenience, and to save money on the management of the process maintenance, and it results in a major problem.
Your cyber insurance skyrockets, if you have it, but it won’t cover the resulting costs.
Can we make vendors accountable for a full front-to-back implementation of any technology from a security point of view? Probably not.
But ask the questions of them and your IT group. It is imperative that we are aware of potential unintended consequences of our own actions and decisions.
Who would have thought that the psychological effects of a food pouch could lead to childhood obesity?
Who would have thought that a remote-access solution that is already secure needs to be secured? While not all solutions do, be sure you know first. Think about those unintended consequences as best you can. Set the table for success.