Classical Newtonian physics taught us the principle of cause and effect. For every observable effect on the physical universe there is a corresponding cause. For every observable cause there is a corresponding effect. Stated another way, for every action there is a reaction.
Sir Isaac Newton lived from 1642 to 1727.
The work in general and special relativity of Albert Einstein (1879 - 1955) challenged much of Newton.
Later the quantum mechanics work of Max Born, Werner Heisenberg and Wolfgang Pauli in the early 1920s challenged the dominant Newton principals even further.
Little argument can be raised that much of what we knew about nature based on Newtonian physics was being radically reorganized by the latter stages of the 20th century.
Cause and effect thinking got a turbo boost in business during the 1980’s rise of total quality management.
As we launch into 2014 cause and effect thinking remains a dominant force in business and (of course) politics.
In cyber security, when we see a large scale compromise (effect), we seek to understand the corresponding cause. Further than Newton, we must now seek to know who caused what, when and how.
Security professionals must then tell their bosses that defenses have been expanded/adjusted so “this won’t happen to us” or “this can’t happen to us again”.
If enterprise cyber defenders can ever be successful in overcoming the attackers offensive advantage, they must employ an even greater force of creativity than their adversaries.
Cyber defenders should restate the Newtonian principal. SOME CAUSES CAN CREATE SOME EFFECTS SOME OF THE TIME.
The time is now for cyber defenders, architects and product developers to think WAY OUT OF THE BOX AT THE MACRO LEVEL. WAY, WAY, WAY OUT OF THE BOX.
No comments:
Post a Comment