Bitcoin is critical infrastructure.
What do I mean by that? I have a specific definition, stemming from my experience as an industrial cyber security professional.
Critical infrastructure refers to assets, systems, or networks whose disruption would have a profound effect on security, economic stability, public health and safety, or some combination. What this means in practice are those things that we can’t live without in our modern society: electricity generation and grids, oil, gas, and fuel infrastructure, factories, hospitals, transport networks. The list goes on, I hope you get the idea.
The Internet itself is critical infrastructure, as the communication network enabling most of our interconnected lives. Additionally, payment networks are considered critical infrastructure. You probably see where I’m going with this.
I put forward that Bitcoin is critical infrastructure. No government or agency has officially taken that position. Of course, within the Bitcoin community, this definition shouldn’t be surprising. If Bitcoin is the revolutionized monetary system, the replacement to fiat debasement and the antidote to centralized power structures, the freedom money that enables anyone in the world to save and transact freely, then it had better be considered critical.
Now, what is the point in my saying this, especially if it shouldn’t be controversial to anyone in the Bitcoin space?
It has to do with how critical infrastructure is defended.
As mentioned, I’m an industrial cyber security professional, which means that I focus on defending critical infrastructure and other forms of industrial control systems from cyber threats.
Critical infrastructure is treated differently from other types of network systems and assets. Whereas for most systems, confidentiality of data and the integrity of the system are considered most important, for critical infrastructure the focus is on keeping the systems running. Additionally, many of the cyber defenses that work for individuals and normal IT systems simply don’t work in critical environments (for many reasons, not overly relevant here).
With that in mind, critical infrastructure is defended based on the types of threats they are expected to face. ISA/IEC 62443 (they couldn’t have picked an easier number to remember /s) is one of the most widely used frameworks for industrial cyber security. It defines 4 threat levels and recommends controls based on those:
- Protection against casual or accidental threats
- Protection against intentional attacks using simple means
- Protection against sophisticated attacks using advanced tools
- Protection against nation-states or highly-resourced attacks
As you can probably gather, the defenses applied are targeted against more and more intense attacks, with greater motivation and resources each time.
One piece of necessary context is that “accidental” threats are still bad - we’re talking about untargeted malware floating around on the internet, for example. The accidental part mostly refers to basic security best practices not being followed (no passwords on a computer - it happens!).
Now, at this point, I’ll be clear: I considered non-monetary transactions to be a threat against Bitcoin: specifically against its availability. Non-monetary transactions displace block space and force a higher fee rate. In times of frenzy for some new inscription fad, transactions spiked to the point of pricing out whole categories of users from on-chain transactions, made lightning channel openings much more expensive relative to channel size, and hampered the network overall. Additionally, blocks themselves became much more full and the UTXO set increased rapidly, both putting significant pressure on node hardware requirements, risking decentralization. These points have been discussed ad nauseum and aren’t the point of this post, except for me to be clear that I consider these non-monetary transactions to be a type of threat.
I’ve analogized elsewhere that in Bitcoin, policy filters are effectively the defense against casual threats. Mapped to the framework above, the first two categories are essentially tackled by policy filters. Casual, untargeted threats are actually mostly handled by node implementation security features, and those are important in themselves for us to be able to have functioning nodes. Simple targeting Bitcoin itself through abusive transactions are effectively blocked through policy. Default tools and wallets don’t even allow submission of abusive transactions in most cases, because they follow default mempool policy. In the cyber security world, this is enough to deter whole categories of casual attackers, who simply move on to the next potential target. There’s no reason to think that this isn’t the case with Bitcoin also.
More sophisticated attackers are a different situation. They use bespoke tools and know what they’re doing. They’re able to bypass policy filters and use specific exploits to get their transactions on chain. The level to be able to tackle these attacks is at consensus level. I’ll save further discussion about that for another time, but I’ll emphasize another point here: this is what is done in the cyber security world all the time. Vulnerabilities are identified, tracked, and remediations are developed. Individuals and organizations either fix the vulnerability, put up some other defense to compensate, or leave themselves free to get exploited. An important distinction is also whether a vulnerability is being actively exploited. If that’s the case, it’s only a matter of time before they find and exploit you.
In other words: Bitcoin has a choice - fix identified and actively exploited vulnerabilities, or simply accept that this will continue to happen. Forever.
I don’t have any intention to imply that Bitcoin should be managed like a business or any other kind of centralized organization. Bitcoin is unique in that it is the only truly decentralized system in the whole world. All other cryptocurrencies have developers who make changes at their discretion, similarly to companies and individuals who can simply decide to do something and do it. It’s different with Bitcoin. The network has to agree. And that’s good!
It also means that if significant portions of the network do not agree that something is a threat or that a vulnerability is worth fixing, it may or even will not happen. At this point, those who think something needs fixing could either throw up their hands and decide to live with it, or decide to try to persuade network participants of their view.
I’ll finish with another cyber security principle: an attacker with unlimited resources and motivation will always breach your system. This might sound defeatist, but it’s a reminder that no set of defenses is ever perfect. The higher the value of the potential payoff, the more likely an attacker is willing to throw time and resources into exploiting the system to get what they want. In the Bitcoin context, this means that there will always be attackers looking for vulnerabilities, because what is a more valuable payoff than the best form of money the world has ever seen?
Does this mean we should give in to the inevitability that SOMEONE is going to attack Bitcoin SOMEHOW, and just give up? In my view, no. That’s not how things work outside Bitcoin. Critical infrastructure is actively defended. Threats and vulnerabilities are identified and remediated as best they can be. The cat and mouse game goes on, but electricity keeps flowing, gasoline gets to the pumps, factories keep pumping out products, ships bring goods to their destination, trains keep running, and water flows from the taps. We don’t notice when everything is working. We sure do notice when something breaks.
Let’s not let Bitcoin break. Bitcoin is critical infrastructure, and we should be treating it like it is, keep it running, and save the world.
