On Paradigms

Thomas S. Kuhn

American Physicist

Creator of the word "Paradigm"

To understand where cyber security needs to go, lets go a bit deeper into the term paradigm.  Paradigm means the sum totality of what everyone knows to be true.

Rene Descartes

We are currently living during the later stages of the scientific industrial paradigm.  So follow along for a moment.  The scientific industrial paradigm was in-part ushered in by Rene Descartes (1596-1650) writing his "Discourse on the Method" in 1637 and introducing our current 3-space X axis, Y axis, Z axis "Cartesian" coordinating system.

Francis Bacon

In the same historical period of time, Francis Bacon (1561-1626) wrote his "Novo Organum" in 1620.  Combined, these 2 works contributed profoundly to bring Europe out of the dark ages and into the age of reason.  Descartes and Bacon provided foundational bases for The Scientific Method which helped drive us to our current scientific industrial paradigm.

The Scientific Method (which we were all taught as scientists and engineers) features reductionist thinking under which problems are broken into smaller (supposedly) more easily solvable pieces.  Without dispute, the Scientific Method and reductionist  problem solving contributed greatly to technological progress since the mid 1600's.

Unfortunately malicious activity in cyberspace by nation states, hactivists, and cyber criminals is demanding that we quickly and profoundly evaluate our current defensive approach to vital information infrastructures.  Incremental improvement in cyber defense substantially lags behind the acceleration and sophistication in offensive technique.

***************
THOUGHT EXPERIMENT:   Pause for a moment and think of the current dominant paradigm (what no one would ever question) concerning the state of cyber security defense.  Name some cyber security defensive systems, processes and practices that are never questioned by cyber defense practitioners.
***************

In my last post I mentioned that Thomas Kuhn (1922-1996) the American born, Harvard educated physicist first introduced the term "Paradigm" into our vocabulary in his 1962 book, "The Structure of Scientific Revolutions".

In that book Kuhn also gave us the Kuhn Cycle. The Kuhn Cycle describes the major phases we experience when long held belief and practice clash with contradictory experience. Kuhn postulated that Normal Science (and engineering I might add) proceeds along using the scientific method and reductionist problem solving.  As enough problems have been reduced to smaller and smaller pieces, certain observations and results begin to appear that causes our model to drift from the norm.  When enough of these divergent observations and results have accumulated we have a model that is termed "in crisis".

With a model in crisis, change in thought and practice becomes acceptable again and we move to a model revolution.  With the revolution maturing comes the leap to paradigm shift and the adoption of a new normal science and engineering.

I believe we are currently experiencing the model crisis phase of the Kuhn Cycle as it relates to cyber security enterprise defense.

In my current role as a senior executive on the AT&T Security Solutions team,  I meet with Chief Security Officers of large corporations.  Although I cannot nor will not reveal the details of those discussions, I will comment that those discussions are congruent with the above thought trail.

In my next post I will introduce a very strong force that is currently disrupting the linear thinking of the scientific industrial paradigm.  I believe you will quickly connect the dots as to the applicability of that new force in driving a new and better cyber security paradigm.