From the Spring 2018 Issue

Architectural Security, the Ardennes, and Alfred the Great

David W. Archer, PhD
Principal Scientist | Niobium Microsystems and Galois, Inc.

Much of cyber defense today relies on the same approach used in kinetic defense over the last few thousand years. We use hard perimeters (firewalls) to repel attacks, sentries (IDSs) to trigger incident response, and carefully guarded entry points (VPNs, websites) to meet functional requirements (wait…security is still a non-functional requirement?). It is both a poor defense, and indicative that we have a poor model of our adversaries.

Admittedly, the standard defense model is easier and less (immediately) costly than the alternative of hardened applications and databases. Nobody seems to notice, though, how that defensive strategy often worked . . .

Leave a Comment