The preservation of complexity: Why securing the digital world is getting harder, and what to do about it

The systems we rely on for managing communications, information, and automation are becoming increasingly complex. Complexity is a barrier to building new information technology and automation systems quickly and cheaply. Technologists employ a number of strategies to mitigate the cost and schedule risks caused by complexity, including modular design, APIs, orchestration, microservices, and most recently LLMs, but often these strategies have unintended consequences, including increased cyber security risk.

In this presentation, we examine the need for complex systems, the theory of complexity, some examples of strategies used by technologists to mitigate complexity, and how these strategies can affect cyber security. We use real-world examples to illustrate failure modes that were caused by unmitigated complexity. By examining technology through the lens of complexity, we propose a decision-making approach that mitigates complexity while minimising cyber security risk.