Sleepwalking into a new dark age

The report into the extensive attack which took out the British Library has just been published, and it doesn’t make for good reading. It’s another data point that that reinforces my theory that we’re sleepwalking into a new dark ages.

Briefly, the British Library - the ultimate custodian of every printed and published resource in Britain since the 18th century and before - was crippled by an attack that brought down systems and exfiltrated gigabytes of data. It’s still struggling to get all systems back online, and there’s no timeline for when - or even if - the damage will finally be repaired.

The report is partial, because much of the evidence of how the attack took place has been lost in the rubble. But there’s some depressing conclusions.

The attack succeeded in the first place because systems were complex, outdated and unmaintained. Cost pressures led to a tangle of contractors and suppliers, which in turn allowed otherwise-addressable vulnerabilities to creep in, and resulted in a lack of institutional knowledge about how systems operated.

The damage was compounded by some systems being unrecoverable simply because they’re now obsolete - either they’re no longer maintained, or they’re incompatible with available operating systems.

The fact that the report’s been published is positive - it’s hard to imagine a commercial organization washing its laundry in public like this. There’s a chance that lessons will be learned and the future will be different, although past experience suggests that’s a lot easier to promise than deliver.

What strikes me reading the report is that at the same time that the sheer volume of content being created is accelerating, maintaining it for the long-term is getting increasing difficult. A document from 500 years ago can still be read and understood; a file stored on a medium from the last decade is probably lost forever now.