← @ChristopherA Twitter archive
Christopher Allen
@ChristopherA
#SmartCustody Adversary — Process Fatigue
A few days ago I wrote about Convenience, which was a #SmartCustody adversary that could cause loss of your digital assets because you ignored your security procedures. But, it was for theoretically good reasons. (1/12)
7/8/2020, 12:56:21 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
PROCESS FATIGUE is a close cousin: this is another adversary that encourages you to ignore your security procedures, but here it's just because you are overwhelmed, or have become overly familiar or lazy with your procedures over time. (2/12)
7/8/2020, 12:56:21 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
We all do this. This isn't meant as a perjorative. It's just a question of solving the problem, not ignoring it. (3/12)
7/8/2020, 12:56:21 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
So how do you solve it? The answer is in the name, PROCESS FATIGUE. It's not pure laziness; it's when you have a process for securing your digital assets that overwhelms you. It's too much. (4/12)
7/8/2020, 12:56:21 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
One particular source of PROCESS FATIGUE is that every new procedure, new device, skill required or new tech you add to your processes to mitigate the risk of a different adversary makes PROCESS FATIGUE become more risky. (5/12)
7/8/2020, 12:56:22 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
PROCESS FATIGUE is a pretty dangerous adversary because it can make you randomly and thoughtlessly ignore parts of your procedure. You instead want to do so specifically and thoughtfully. (6/12)
7/8/2020, 12:56:22 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
Another risk with PROCESS FATIGUE is becoming so overwhelmed that you skip the process entirely. For instance, the Glacier Protocol https://glacierprotocol.org process is quite strong, but I know even some of the contributors to it keep saying “I plan on implementing it soon”. (7/12)
7/8/2020, 12:56:22 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
The solution goes back to the core idea that #SmartCustody is all about making choices, about figuring out which adversaries are the most dangerous and which aren't, and focus on the most dangerous first. PROCESS FATIGUE is likely one of them. (8/12)
7/8/2020, 12:56:22 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
That's the heart of our risk-modeling: looking at the various problems that you face and deciding which are the most crucial to solve. In this case, you have to determine is if something is MORE dangerous than the PROCESS FATIGUE it might create or less. (9/12)
7/8/2020, 12:56:22 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
In particular PROCESS FATIGUE is a personal adversary. What is overwhelming to you might not be for me. This is why the #SmartCustody book works hard to offer a baseline of checklists & processes, which you can add to optionally for your needs. But not too many! (10/12)
7/8/2020, 12:56:23 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
#SmartCustody is ultimately an iterative process: something that you might return to over time, to reassess and retrofit your storage procedures. Part of that should be determining if any elements are creating PROCESS FATIGUE, and if they can be removed (or not). (11/12)
7/8/2020, 12:56:23 PM
Favs: 0
Retweets: 0
linkChristopher Allen
@ChristopherA
Have your own stories of Process Fatigue impacting digital assets? Your own solutions? Let us know! And please consider supporting #SmartCustody. We're working on V2, with multi-sigs and other expansions: https://smartcustody.btcpay.blockchaincommons.com/ (12/12)
7/8/2020, 12:56:23 PM
Favs: 0
Retweets: 0
link