While the military is not without shortcomings, I take issue with any attempts to dismiss the military security...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
mindset, as Gartner vice president Jay Heiser did in his recent column for Information Security magazine. It's a realm from which so many good security ideas have emerged, and from which more good ideas are just around the corner.
Military engineers learned quickly that no single defensive mechanism, be it a moat, "great wall" or network of trenches could defeat an advancing enemy. However, by combining multiple solutions -- i.e. a strategy that we've come to know as defense-in-depth -- they could mitigate the impact of an attack and slow an enemy's progress enough that countermeasures could be deployed.
If you are familiar with the concept of a virtual DMZ -- an area that separates a protected network from a hostile one -- you are surely familiar with what the acronym stands for: demilitarized zone. For those without a sense of history, the patch of ground that divides the nation that was once called Korea is a real-life DMZ.
How many security firms were started or staffed with veterans of defense and intelligence agencies? Military officers working in intelligence and infosec fields started firms like WheelGroup Corp. and Riptech Inc., now part of the security practices of Cisco Systems Inc. and Symantec Corp., respectively.
Also, it's worth noting that there would be no commercial infosec industry were it not ARPANET, the precursor to the Internet and an effort sponsored by the U.S. Department of Defense. After ARPANET was threatened by the Morris worm in the late 1980s, the DOD funded what would become the Computer Emergency Response Team Coordination Center (CERT/CC), which has served as the template for countless commercial imitators.
That's not to say mistakes aren't OK in the corporate infosec world, yet organizations large and small often fall victim repeatedly to the same types of attacks and continue to follow bad practices, at least until a ChoicePoint-like scandal exposes their actions. That mindset simply doesn't cut it in the military. It can't afford to make security mistakes when lives are on the line.
Last but not least, it is the defense and intelligence communities that fund think tanks and graduate schools, which ferment the ideas that will evolve into the security solutions of the future. For all these reasons, the military security mindset deserves a salute, not the brush-off.
Michael Tanji is a veteran of the Army and several intelligence agencies, and an associate of the Terrorism Research Center in Arlington, Va.