How does complexity relate to security?

Complexity is ubiquitous. Growing complexity is a sign of progress: in our universe, on our planet, life on Earth, humanity and technology.

Resilience and reliability are two essential characteristics of any successful complex form of organization. To (at least my) current knowledge, the only way to maximize these features goes through many cycles of trial and error. This is what we call evolution.

Accidental complexity though, which simultaneously might or might not be hidden complexity, is, from an evolutionary perspective, a candidate for elimination. It almost looks like the laws of nature love Ockham's razor principle: a waste of energy leads to extinction. Accidental complexity is in fact found in mutation, where nevertheless random reconfiguration only in very few (but also very remarkable) situations succeeds.

Information systems are full of accidental complexity. Unfortunately, managing the necessary complexity is nothing Humans are very good at. Security, on the other hand, relies on a strong and sound formalism, as well as on high consistency and end-to-end evaluation.

This is why without intense investment into resilient and reliable structures and processes based on formalisms, mathematics, and logical reasoning, complexity will always lead to failure and progress cannot be achieved. It is not said that provable soundness alone satisfies in any situation, but soundness surely is the foundation of every working system.

An interesting aspect not mentioned yet is the historical perspective. Necessary complexity might become unnecessary, permanently or just for an unknown frame of time. Starting from a historical context, we have to handle existing complexity and buy all the problems, flaws, but also historic achievements. Only continuous evolution can sift out and strengthen promising patterns and strategies for an unknown future.

Red Crystal

Show Comments