Invisibility of Infrastructure

Invisibility of Infrastructure

Infrastructure, when working, is invisible. You notice electricity when it fails, not when it flows. You notice the network when it’s down, not when it’s up. You notice security when it’s breached, not when it prevents breaches.

This creates a systematic problem: the work that keeps systems running is invisible work, and invisible work is undervalued.

The Prevention Paradox

Security investments that prevent incidents produce… nothing visible. No breach, no headline, no crisis. The investment appears to have produced nothing, because the counterfactual (what would have happened without the investment) is invisible.

Consider:

  • A vulnerability is found and patched before exploitation. No incident. No credit.
  • A student red-team discovers a configuration error. It’s fixed. No one outside the security team notices.
  • An IT upgrade prevents a failure that would have disrupted operations. Operations continue normally. No one thanks IT.

The people who prevented the disaster are invisible. The disaster’s non-occurrence is invisible. The investment that enabled prevention looks like waste.

Institutional Consequences

Organizations systematically underinvest in infrastructure because:

  • Maintenance budgets are cut to fund visible projects
  • Prevention doesn’t show ROI in traditional accounting
  • Leaders get credit for new initiatives, not for continuing operations
  • Crises (which get attention) are prevented by invisible work (which doesn’t)

This creates cycles of neglect followed by crisis followed by investment followed by neglect again.

The Infrastructure Worker’s Experience

People who do infrastructure work — IT, security, facilities, maintenance — often experience:

  • Invisibility when things work
  • Blame when things fail
  • Budget pressure during normal operations
  • Insufficient resources until crisis
  • Pressure to document value that is inherently hard to demonstrate

The work is essential and thankless.

Making Infrastructure Visible

Countering invisibility requires deliberate effort:

  • Metrics: Track prevented incidents, not just incidents
  • Narratives: Tell stories of what would have happened without investment
  • Demonstrations: Periodically show what failure looks like (red-teaming, drills)
  • Leadership attention: Executives who understand infrastructure value and communicate it

See Making Risks Visceral for strategies to make abstract threats concrete.

Implications

  • Infrastructure needs advocates who make the invisible visible
  • Budgets should account for prevention value, not just incident response
  • The people who keep things running deserve recognition
  • Organizational incentives need to reward maintenance, not just creation

Open Questions

  • How do you quantify the value of prevented incidents?
  • Can organizational culture change to value invisible work?
  • Is infrastructure invisibility inevitable, or a solvable problem?
  • How do you prevent visibility efforts from becoming theater?

See Also