Every week we hear of hacks even more fantastic and horrifying than the last. The latest news that the Russians breached the executive branch of the U.S. government points out that even the best protected systems can be compromised by well-funded and persistent adversaries.
With all the money, effort and cyber security experts dedicated to developing ways to protect our assets from adversaries, we are losing too many battles. What can we do differently? Maybe we need to take a lesson from the history of the Maginot Line.
After World War I, France invested in a costly strategy called the Maginot Line – series of concrete fortifications and weapons installations designed to prevent invasions from the east. It stretched along the border with Switzerland, Germany and Luxembourg, but did not extend to the English Channel along the neutral country of Belgium.
Nearly impervious to any type of attack, military strategists of the time thought the Maginot Line was brilliant.
Brilliantly ineffective, as it turned out. The Germans ended up invading and conquering France in 25 days by going around the line through Belgium.
The Maginot Line failed because it was based on false assumptions. The French assumed they would be invaded from the east. They assumed attempting to breach the line would exhaust the resources of their foe. They hoped Belgium’s neutrality would be respected, and if not they assumed the enemy forces would be too weak for a good fight. Wrong, Wrong and Wrong.
Certainly the cyber security industry is not so myopic that it is building a cyber-Maginot Line. However, Steve Chabinsky suggests that perhaps we are, in fact, operating on some false assumptions.
In the first of two articles in Security Magazine, Steve looks at five of the “The Top 10 Cybersecurity Myths” in order to promote a dialogue about some of the misconceptions on which our strategies are based. The Invincibility Myth, he explains, is created by our reliance on vulnerability mitigation and the illusion it creates that our systems can become indomitable.
Click here to read about The Invincibility Myth, The Patch Myth, The Information Sharing Myth and two others that Steve Chabinsky thinks should be part of our national discussion.