If you haven’t read Steven Johnson’s The Ghost Map, you should. It’s perhaps the most important book in print today about the next decade of computer security.
John Snow was a physician who was a pioneer in anaesthesia who turned his attention to cholera when the worst epidemic hit the London where he lived in 1854. It’s not just about Snow, however, it’s about theories, information, and how to select the right model.
The prevailing model at the time (this was pre-germ-theory) was that cholera was airborne, carried by “miasma,” namely stink. If it smelled bad, it was probably disease-ridden. It’s not a bad theory, actually, it’s just wrong. Snow came to the belief that cholera was waterborne, despite the fact that the suspect wells in London were known to be largely sweet-tasting.
Despite the fact that I’m giving away the plot (spoiler — we beat cholera and major cities in Europe no longer have epidemics), Snow got there by examining data and coming up with the proper visualization of the data (the Ghost Map) to show that cholera spread along water flow not along air flow.
Before Adam used Snow and Johnson’s book in his recent “Why Security Breaches Are Good For You,” I read the book and was thinking about it and security.
I believe that our security problems need to be looked at both from the viewpoint of public health issues, but also from the viewpoint of quality. Snow beat cholera because he was fortunate enough to have the right insight, but insight isn’t enough. You need data. Fortunately, there was lots of data available, and the data was available to him and the people who disagreed with him. Data was also part of the problem, as Johnson points out, because the larger problem was sorting through the data. However, when it comes to computer security, we don’t yet have the luxury of too much data.
Everyone’s data center has its own little cesspool. Mine does, yours does. We have to figure out how to clean them up. We need to have more data. We therefore need to remove the stigma of disclosing data as well as insisting on it. This is why The Ghost Map is an important book for computer security, it will take you back a sesquicentury to the problems of creating cities with millions of people in them, and in that history you can think about the problems of making networks with billions of people in them.
Johnson himself has a chapter on the future of cities and urbanization, which I wasn’t as impressed with. The book shifts from being a page-turner to a page-flipper when he gets away from the past and considers the future. Nonetheless, read it and think.
I was fortunate enough to be in London recently and made a pilgrimage to Broad Street (now Broadwick Street) and the pub in his honor. I also made a point to use the modern public convenience on Broadwick Street and was amused by the washing gizmo that soaps, waters, rinses, and dries one’s hands without one having to touch anything.
Photo of the pub sign for the John Snow pub courtesy of Mordaxus. I apologize for leaving the decent camera at home, and thus having to make do with the camera in my mobile.