With news of recent cyber attacks, I got to thinking – what if we made the software that runs our energy grid open source?
I was thinking about Linux, and how it’s generally seen as the most reliable and safest operating system because it’s open source. There are something like 15,000 contributors to the Linux kernel, and as such, every line of code has been looked at and essentially QA’d by thousands of eyes. Would it be possible to apply that same principle to some of our most sensitive infrastructure? My first thought was the energy grid, but this concept could be applied to other infrastructure too.
Obviously, there’s huge ramifications to this, but I think it’s an interesting thought experiment. Some issues that came to mind about this:
1. There’s got to be some kind of critical mass number of contributors that would be needed for the open source-ness to be an effective deterrent from hackers. I’m not sure what that number would be, but the more the better. What would that number be?
2. Before any updates are made to the code base, there would have be to a certain number of validations made by the contributor community before a change or update is adopted – what would that approval process look like? I would assume a significant percentage of the community would need to OK a change before it’s pushed to production.
3. There could potentially be political impacts of this (politics is inevitable it seems, unfortunately). If enough contributors wanted to protest changes to some kind of update for whatever reason, they could refuse to validate new changes to the code base. Would this be acceptable as a way to democratize the system, or would that be too much of an issue and break the system?
I’m curious what people smarter than me think about this, or what other aspects might be important to consider that I haven’t thought of. Let me know!