Reflections from Ross Anderson’s Security Engineering: Telegraphs and Horse’s Asses
Thoughts on Chapter 2 — and on why legacy shape assumptions and design in cybersecurity.
From the series: Reflections on Ross Anderson’s «Security Engineering» – see the original post here.
Coming back to Ross Anderson’s Security Engineering, here are a few thoughts on Chapter 2.
I’ll skip the parts about the superpowers of three-letter agencies and state-level opponents, which Anderson covers in detail. Instead, I’d like to focus on something that appears throughout the book: security assumptions.
Anderson rightly notes that “You can’t protect it against all possible threats and still expect it to do useful work at a reasonable cost.” He then asks:
“So what sort of capabilities will the adversaries have, and what motivation? How certain are you of this assessment, and how might it change over the system’s lifetime?”
It’s the last question that deserves special attention. People are often surprised to learn that a system may need to be designed for 20 or 30 years of lifetime—an eternity in IT terms. Yet even older, seemingly obsolete things can have huge, often overlooked, security implications.
Anderson mentions one such case almost in passing, but it’s worth emphasizing:
“Britain has physical access to about a quarter of the Internet’s backbone, as modern cables tend to go where phone cables used to, and they were often laid between the same end stations as nineteenth-century telegraph cables. So one of the UK’s major intelligence assets turns out to be the legacy of the communications infrastructure it built to control its nineteenth-century empire.”
That’s a striking reminder of how deep infrastructure history runs — here, a 19th-century infrastructure shaping 21st-century intelligence capabilities.
It brings to mind the once-viral story (likely exaggerated but too good to ignore) about the “standard of the horse’s ass.”
The Irish Times article recounts how the American railroad gauge — 4′ 8.5″ between tracks — supposedly traces back to the width of two horses’ backsides, inherited from Roman chariot design. The kicker: space-shuttle boosters, constrained by rail tunnels, had to be designed with that ancient dimension in mind. In other words, a two-thousand-year-old standard shaped modern aerospace engineering.
As security engineers, we rarely get to think in such vast timeframes. Still, it’s useful to stay aware that legacy, inertia, and history can all impose constraints — sometimes subtle, sometimes decisive.
And that makes me wonder:
What would be the equivalent of the “horse’s ass” in security?
My notes on «Security Engineering» are not meant to be complete. I focus on extracting the non-obvious — finding the small gems, highlighting what’s particularly interesting, or capturing the essence of a broader idea. I often add my own observations, drawn from intersections between technology, language, philosophy, and other fields of knowledge.