Cybersecurity is all about defense. Defending against attackers (threats).
There are a few basic types of attackers:
- The opportunists who will take advantage of an easy win but will stop when they meet trivial resistance
- Sophisticated actors looking for financial gain (think ransomware or extortion for data)
- Determined actors with extensive resources who want to do bad things (nation-states, industrial sabotage)
(As with all things, I'm simplifying a little)
In industrial cybersecurity (my day job, if you didn't know), defenses are all built around the type of threat actor they aim to stop.
The opportunists give up after very little resistance. Things like strong passwords or two-factor authentication or a locked door are usually enough to stop them.
More sophisticated actors need tailored defenses. You can't cover every attack vector, and it's pretty much a constant cat-and-mouse game. But it's necessary for pretty much all companies to implement some basic protections that stop most cyber threats. Again, you can't stop everything, but you can mitigate most damage.
The determined actors like nation-states are difficult. It's taken as a given that an actor with unlimited time and resources will breach your system. The whole idea there is to make it as difficult as possible to get what they want, and perhaps they give up.
This maps onto Bitcoin:
The opportunists are stopped by filters. If their transaction won't be accepted by most nodes, they just don't do it.
More sophisticated spammers try to find new vectors to attack the system. They've found various exploits to abuse.
And ultimately, someone who REALLY wants to put their data on Bitcoin will do so. But, we could make it difficult for them.
The whole reason I bring all of this up is: outside of Bitcoin, we play the cat-and-mouse game with cyber attackers. We have no other choice! The world enabled by the internet would be worthless if attackers could just do whatever they want.
We have the ability to fix some specific bugs which are being actively exploited. Outside of Bitcoin, this is a no-brainer.
We can also make it as difficult as possible to put arbitrary data on Bitcoin. This is how we attempt to stop the most determined threats attacking critical infrastructure.
Of course, Bitcoin is a distributed system and requires consensus. I don't want to change that.
Therefore, I advocate for building consensus towards putting up some basic defenses and fixing exploits that are being abused. That's how we can defend against threats to Bitcoin.